Skip to content

Bump the gha-deps group across 1 directory with 7 updates #258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 27, 2025
Merged

Bump the gha-deps group across 1 directory with 7 updates #258

merged 1 commit into from
May 27, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 1, 2025
edited
Loading

Bumps the gha-deps group with 7 updates in the / directory:

Package From To
ruby/setup-ruby 1.221.0 1.236.0
docker/build-push-action 6.15.0 6.16.0
astral-sh/setup-uv 5.3.0 6.0.1
actions/setup-node 4.2.0 4.4.0
docker/login-action 3.3.0 3.4.0
crazy-max/ghaction-github-labeler 5.2.0 5.3.0
peter-evans/create-pull-request 7.0.7 7.0.8

Updates ruby/setup-ruby from 1.221.0 to 1.236.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.236.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.235.0...v1.236.0

v1.235.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.234.0...v1.235.0

v1.234.0

Full Changelog: ruby/setup-ruby@v1.233.0...v1.234.0

v1.233.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.232.0...v1.233.0

v1.232.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.231.0...v1.232.0

v1.231.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.230.0...v1.231.0

v1.230.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.229.0...v1.230.0

v1.229.0

What's Changed

... (truncated)

Commits
  • f41e084 Add truffleruby-24.2.1,truffleruby+graalvm-24.2.1
  • afda160 Improve exclude reasons
  • e69d1ea Update README example
  • dffc446 Support windows-11-arm
  • 2e00740 Remove support for ubuntu-20.04
  • 7200295 Update to Rails 7.2 and 8 in tests
  • bc1d550 Update testFixedBundlerVersionForOldRuby to 2.3 since 2.2 is known to be brok...
  • bcde69c Update README.md
  • eedae55 Make it clear not all combinations are supported
  • ca041f9 Add jruby-10.0.0.0
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6.15.0 to 6.16.0

Release notes

Sourced from docker/build-push-action's releases.

v6.16.0

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

Commits
  • 14487ce Merge pull request #1343 from crazy-max/fix-no-default-attest
  • 0ec9126 Merge pull request #1366 from crazy-max/pr-assign-author
  • b749522 pr-assign-author workflow
  • c566248 Merge pull request #1363 from crazy-max/fix-codecov
  • 13275dd ci: fix missing source for codecov
  • 67dc78b Merge pull request #1361 from mschoettle/patch-1
  • 0760504 docs: add validating build configuration example
  • 1c198f4 chore: update generated content
  • 288d9e2 handle no default attestations env var
  • 88844b9 Merge pull request #1353 from crazy-max/summary-secret-keys
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 5.3.0 to 6.0.1

Release notes

Sourced from astral-sh/setup-uv's releases.

v6.0.1 🌈 Fix default cache dependency glob

Changes

The new default in v6 used illegal patterns and therefore didn't match requirements files. This is now fixed.

🐛 Bug fixes

🧰 Maintenance

⬆️ Dependency updates

v6.0.0 🌈 activate-environment and working-directory

Changes

This version contains some breaking changes which have been gathering up for a while. Lets dive into them:

Activate environment

In previous versions using the input python-version automatically activated a venv at the repository root. This led to some unwanted side-effects, was sometimes unexpected and not flexible enough.

The venv activation is now explicitly controlled with the new input activate-environment (false by default):

- name: Install the latest version of uv and activate the environment
  uses: astral-sh/setup-uv@v6
  with:
    activate-environment: true
- run: uv pip install pip

The venv gets created by the uv venv command so the python version is controlled by the python-version input or the files pyproject.toml, uv.toml, .python-version in the working-directory.

Working Directory

The new input working-directory controls where we look for pyproject.toml, uv.toml and .python-version files which are used to determine the version of uv and python to install.

It can also be used to control where the venv gets created.

... (truncated)

Commits

Updates actions/setup-node from 4.2.0 to 4.4.0

Release notes

Sourced from actions/setup-node's releases.

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

v4.3.0

What's Changed

Dependency updates

New Contributors

Full Changelog: actions/setup-node@v4...v4.3.0

Commits

Updates docker/login-action from 3.3.0 to 3.4.0

Release notes

Sourced from docker/login-action's releases.

v3.4.0

Full Changelog: docker/login-action@v3.3.0...v3.4.0

Commits
  • 74a5d14 Merge pull request #856 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 2f4f00e chore: update generated content
  • 67c1845 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 3d4cc89 Merge pull request #844 from graysonpike/master
  • 6cc823a Merge pull request #823 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d94e792 chore: update generated content
  • 033db0d Merge pull request #812 from docker/dependabot/github_actions/codecov/codecov...
  • 09c2ae9 build(deps): bump https-proxy-agent
  • ba56f00 ci: update deprecated input for codecov-action
  • 75bf9a7 Merge pull request #858 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • Additional commits viewable in compare view

Updates crazy-max/ghaction-github-labeler from 5.2.0 to 5.3.0

Release notes

Sourced from crazy-max/ghaction-github-labeler's releases.

v5.3.0

Full Changelog: crazy-max/ghaction-github-labeler@v5.2.0...v5.3.0

Commits
  • 24d110a Merge pull request #229 from crazy-max/dependabot/npm_and_yarn/octokit/plugin...
  • 38fb29f chore: update generated content
  • 0113fc2 chore(deps): bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2
  • 42f774e Merge pull request #228 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 9983992 chore(deps): bump @​octokit/request-error from 5.1.0 to 5.1.1
  • 32d1878 Merge pull request #232 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 3faa845 chore: update generated content
  • 16efe04 Merge pull request #233 from crazy-max/ci-fix-codecov
  • 7f6122b ci: fix test workflow
  • 2ea799d chore(deps): bump @​octokit/request from 8.4.0 to 8.4.1
  • Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.7 to 7.0.8

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.8

What's Changed

Full Changelog: peter-evans/create-pull-request@v7.0.7...v7.0.8

Commits
  • 271a8d0 fix: suppress output for some git operations (#3776)
  • 6f7efd1 test: update cpr-example-command
  • 13c47c5 build(deps-dev): bump prettier from 3.5.1 to 3.5.2 (#3754)
  • 63e5829 build(deps): bump @​octokit/plugin-paginate-rest from 11.4.2 to 11.4.3 (#3753)
  • a92c90f build(deps-dev): bump eslint-import-resolver-typescript (#3752)
  • b23b62d build(deps-dev): bump ts-jest from 29.2.5 to 29.2.6 (#3751)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the A-deps Area: Source and library dependencies. label May 1, 2025
@lopopolo
Copy link
Member

@dependabot recreate

@dependabot
Bump the gha-deps group across 1 directory with 7 updates
df02d5b 
Bumps the gha-deps group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.221.0` | `1.236.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.16.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `5.3.0` | `6.0.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.2.0` | `4.4.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.4.0` |
| [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) | `5.2.0` | `5.3.0` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.7` | `7.0.8` |



Updates `ruby/setup-ruby` from 1.221.0 to 1.236.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@32110d4...f41e084)

Updates `docker/build-push-action` from 6.15.0 to 6.16.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@471d1dc...14487ce)

Updates `astral-sh/setup-uv` from 5.3.0 to 6.0.1
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@1edb525...6b9c606)

Updates `actions/setup-node` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@1d0ff46...49933ea)

Updates `docker/login-action` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@9780b0c...74a5d14)

Updates `crazy-max/ghaction-github-labeler` from 5.2.0 to 5.3.0
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@31674a3...24d110a)

Updates `peter-evans/create-pull-request` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@dd2324f...271a8d0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.236.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-deps
- dependency-name: docker/build-push-action
  dependency-version: 6.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-deps
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-deps
- dependency-name: actions/setup-node
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-deps
- dependency-name: docker/login-action
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-deps
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-deps
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gha-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/gha-deps-0b2d47d626 branch from 4a3c4e8 to df02d5b Compare May 27, 2025 01:08
@lopopolo lopopolo merged commit 304f406 into trunk May 27, 2025
11 of 14 checks passed
@lopopolo lopopolo deleted the dependabot/github_actions/gha-deps-0b2d47d626 branch May 27, 2025 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lopopolo lopopolo

Labels
A-deps Area: Source and library dependencies.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lopopolo