Bump the actions group in /.github/workflows with 6 updates #551

dependabot · 2025-12-01T20:37:16Z

Bumps the actions group in /.github/workflows with 6 updates:

Package	From	To
step-security/harden-runner	`2.13.1`	`2.13.2`
actions/checkout	`5.0.0`	`6.0.0`
actions/setup-python	`6.0.0`	`6.1.0`
actions/dependency-review-action	`4.8.0`	`4.8.2`
coverallsapp/github-action	`2.3.6`	`2.3.7`
actions/upload-artifact	`4.6.2`	`5.0.0`

Updates step-security/harden-runner from 2.13.1 to 2.13.2

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.2

What's Changed

Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.

Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

Commits

95d9a5d Merge pull request #606 from step-security/rc-28
87e429d Update limitations.md
ef891c3 feat: add support for custom vm image
1fa8c8a update agent
92c522a Merge pull request #593 from step-security/ak-readme-updates
4719ad5 README updates
4fde639 Merge pull request #591 from eromosele-stepsecurity/Upd
f682f2f Update README.md
See full diff in compare view

Updates actions/checkout from 5.0.0 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

V5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

... (truncated)

Commits

1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
See full diff in compare view

Updates actions/setup-python from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-python's releases.

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

Commits

83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
2e3e4b1 Add support for pip-install input (#1201)
4267e28 Bump urllib3 from 1.26.19 to 2.5.0 in /tests/data and document breaking c...
See full diff in compare view

Updates actions/dependency-review-action from 4.8.0 to 4.8.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.2

Minor fixes:

Fix PURL parsing for scoped packages (#1008 from @danielhardej)

Fix for large summaries (#1007 from @gitulisca)

README includes a working example for allow-dependencies-licenses (#1009 from @danielhardej)

Dependency Review Action v4.8.1

What's Changed

(bug) Fix spamming link test in deprecation warning (again) by @ahpook in actions/dependency-review-action#1000

Bump version for 4.8.1 release by @ahpook in actions/dependency-review-action#1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

Commits

3c4e3dc Merge pull request #1016 from actions/dra-release
02930b2 Update CONTRIBUTING to reflect new guidelines
49ffd9f Update CONTRIBUTING to reflect the need to build
70cb25e 4.8.2 release
ebabd31 Merge pull request #1008 from danielhardej/danielhardej-patch-20251023
19f9360 Update package-lock.json
5fd2f98 Bump @types/jest to version 29.5.14
28647f4 Fix PURL parsing by removing encodeURI
f620fd1 Merge pull request #1013 from actions/dangoor/token-fix
9b42b7e Remove bad token reference
Additional commits viewable in compare view

Updates coverallsapp/github-action from 2.3.6 to 2.3.7

Release notes

Sourced from coverallsapp/github-action's releases.

v2.3.7

What's Changed

README.md: Use current actions/setup-node and LTS version of Node.js by @cclauss in coverallsapp/github-action#247

Update workflow to update and verify release branch by @afinetooth in coverallsapp/github-action#249

Bug Fixes

Fixed fail-on-error behavior when download fails (#253), PR #254

New Contributors

@cclauss made their first contribution in coverallsapp/github-action#247

@Copilot made their first contribution in coverallsapp/github-action#254

Full Changelog: coverallsapp/github-action@v2...v2.3.7

Commits

5cbfd81 Fix fail-on-error to handle all installation and execution failures (#254)
e988b39 Update workflow to sync and verify release branch (#249)
e7f4f97 README.md: Use current actions/setup-node and LTS version of Node.js (#247)
See full diff in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
03f2824 Update github.dep.yml
905a1ec Prepare v5.0.0
2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
9687587 Merge branch 'main' into patch-1
2848b2c Merge pull request #727 from danwkennedy/patch-1
9b51177 Spell out the first use of GHES
cd231ca Update GHES guidance to include reference to Node 20 version
de65e23 Merge pull request #712 from actions/nebuk89-patch-1
8747d8c Update README.md
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @Zeitsperre.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group in /.github/workflows with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.13.2` | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.0.0` | `6.1.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.0` | `4.8.2` | | [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `2.3.6` | `2.3.7` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | Updates `step-security/harden-runner` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@f4a75cf...95d9a5d) Updates `actions/checkout` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...1af3b93) Updates `actions/setup-python` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@e797f83...83679a8) Updates `actions/dependency-review-action` from 4.8.0 to 4.8.2 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@56339e5...3c4e3dc) Updates `coverallsapp/github-action` from 2.3.6 to 2.3.7 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](coverallsapp/github-action@648a8eb...5cbfd81) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: coverallsapp/github-action dependency-version: 2.3.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-12-01T20:37:37Z

Note

It appears that this Pull Request modifies the main.yml workflow.

On inspection, the RAVEN_TESTDATA_BRANCH environment variable is set to the most recent tag (v2025.6.12).

No further action is required.

Zeitsperre

@dependabot merge

dependabot · 2025-12-01T20:48:33Z

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 1, 2025

github-actions bot added the CI label Dec 1, 2025

Zeitsperre approved these changes Dec 1, 2025

View reviewed changes

dependabot bot merged commit a867ef8 into main Dec 1, 2025
22 checks passed

dependabot bot deleted the dependabot/github_actions/dot-github/workflows/actions-b3f0955ff7 branch December 1, 2025 20:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the actions group in /.github/workflows with 6 updates #551

Bump the actions group in /.github/workflows with 6 updates #551

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 1, 2025

Uh oh!

Zeitsperre left a comment

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the actions group in /.github/workflows with 6 updates #551

Bump the actions group in /.github/workflows with 6 updates #551

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.13.2

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

v4.8.2

Dependency Review Action v4.8.1

What's Changed

v2.3.7

What's Changed

Bug Fixes

New Contributors

v5.0.0

What's Changed

New Contributors

Uh oh!

github-actions bot commented Dec 1, 2025

Uh oh!

Zeitsperre left a comment

Choose a reason for hiding this comment

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading