Skip to content

build(deps): bump the github-actions group across 1 directory with 5 updates#696

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-4bd0f12120
Open

build(deps): bump the github-actions group across 1 directory with 5 updates#696
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-4bd0f12120

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 5 updates in the / directory:

Package From To
chainguard-dev/actions 1.6.11 1.6.23
codecov/codecov-action 6.0.0 7.0.0
slackapi/slack-github-action 3.0.1 3.0.3
aquasecurity/trivy-action 0.35.0 0.36.0
webiny/action-conventional-commits 1.3.1 1.4.2

Updates chainguard-dev/actions from 1.6.11 to 1.6.23

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.23

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.22...v1.6.23

v1.6.22

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.21...v1.6.22

v1.6.21

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.20...v1.6.21

v1.6.20

What's Changed

... (truncated)

Commits
  • 5f02082 build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22 (#935)
  • adef039 build(deps): bump chainguard-dev/actions in /git-tag (#936)
  • 53b6864 build(deps): bump chainguard-dev/actions from 1.6.21 to 1.6.22 in /gofmt (#937)
  • 20c3211 build(deps): bump chainguard-dev/actions in /goimports (#938)
  • 74ef6c9 build(deps): bump chainguard-dev/actions in /inky-build-pkg (#939)
  • 3fce2ae build(deps): bump chainguard-dev/actions in /melange-build (#940)
  • 20125dd build(deps): bump chainguard-dev/actions in /release-notes (#941)
  • 0a62c96 build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#942)
  • 3b7bbee build(deps): bump chainguard-dev/actions from 1.6.19 to 1.6.21 (#922)
  • fba43ea build(deps): bump actions/setup-go from 6.0.0 to 6.4.0 in /release-notes (#932)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates slackapi/slack-github-action from 3.0.1 to 3.0.3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Changelog

Sourced from slackapi/slack-github-action's changelog.

slack-github-action

3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Commits
  • 45a88b9 chore: release
  • 1c0bcf0 chore: release (#606)
  • 66834e4 feat: add instrumentation to address error rates (#600)
  • 0fe0f90 build(deps): bump @​actions/github from 9.0.0 to 9.1.1 (#605)
  • c5e7059 build(deps): bump @​slack/web-api from 7.15.0 to 7.15.1 (#604)
  • 0325526 build(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.13 (#601)
  • 900cd3e build(deps-dev): bump @​types/node from 24.12.0 to 24.12.2 (#603)
  • 53fdcff build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#602)
  • 26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
  • feba1e2 ci: skip publish step if no release is needed (#599)
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Updates webiny/action-conventional-commits from 1.3.1 to 1.4.2

Commits
  • 7f91b15 fix: allow 'improvement' prefix
  • 096eff5 fix: allow 'improvement' prefix
  • b6cc3cc docs: update latest version
  • 6a05e2b feat: use node24
  • b34f00b Merge remote-tracking branch 'origin/master'
  • 0fecf10 feat: refactor commit message validation to use exception list
  • See full diff in compare view

@dependabot dependabot Bot added the area/dependencies Affects dependencies label Jun 2, 2026
@dependabot
build(deps): bump the github-actions group across 1 directory with 5 …
f0f12ef 
…updates

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.6.11` | `1.6.23` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `7.0.0` |
| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `3.0.1` | `3.0.3` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |
| [webiny/action-conventional-commits](https://github.com/webiny/action-conventional-commits) | `1.3.1` | `1.4.2` |



Updates `chainguard-dev/actions` from 1.6.11 to 1.6.23
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@8bb24c2...5f02082)

Updates `codecov/codecov-action` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6.0.0...v7.0.0)

Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.3
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](slackapi/slack-github-action@af78098...45a88b9)

Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

Updates `webiny/action-conventional-commits` from 1.3.1 to 1.4.2
- [Release notes](https://github.com/webiny/action-conventional-commits/releases)
- [Commits](webiny/action-conventional-commits@v1.3.1...v1.4.2)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: webiny/action-conventional-commits
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-4bd0f12120 branch from 5509b1f to f0f12ef Compare June 15, 2026 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/dependencies Affects dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants