Bump the actions group across 1 directory with 7 updates by dependabot[bot] · Pull Request #269 · Azure/setup-helm

dependabot · 2026-04-27T09:38:38Z

Bumps the actions group with 7 updates in the / directory:

Package	From	To
@actions/core	`3.0.0`	`3.0.1`
semver	`7.7.3`	`7.7.4`
@types/node	`25.0.9`	`25.6.0`
esbuild	`0.27.4`	`0.28.0`
prettier	`3.8.0`	`3.8.3`
typescript	`5.9.3`	`6.0.3`
vitest	`4.1.0`	`4.1.5`

Updates @actions/core from 3.0.0 to 3.0.1

Changelog

Sourced from @actions/core's changelog.

3.0.1

Bump undici from 6.23.0 to 6.24.1 #2348

Commits

See full diff in compare view

Updates semver from 7.7.3 to 7.7.4

Release notes

Sourced from semver's releases.

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@mldangelo)

Documentation

1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@mldangelo)

Dependencies

120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

44d7130 #824 bump @npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@dependabot[bot])

7073576 #820 reorder parameters in invalid-versions.js test (#820) (@reggi)

5816d4c #829 bump @npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@dependabot[bot], @npm-cli-bot)

Changelog

Sourced from semver's changelog.

7.7.4 (2026-01-16)

Bug Fixes

a29faa5 #835 cli: pass options to semver.valid() for loose version validation (#835) (@mldangelo)

Documentation

1d28d5e #836 fix typos and update -n CLI option documentation (#836) (@mldangelo)

Dependencies

120968b #840 @npmcli/template-oss@4.29.0 (#840)

Chores

44d7130 #824 bump @npmcli/eslint-config from 5.1.0 to 6.0.0 (#824) (@dependabot[bot])

7073576 #820 reorder parameters in invalid-versions.js test (#820) (@reggi)

5816d4c #829 bump @npmcli/template-oss from 4.28.0 to 4.28.1 (#829) (@dependabot[bot], @npm-cli-bot)

Commits

5993c2e chore: release 7.7.4 (#839)
120968b deps: @npmcli/template-oss@4.29.0 (#840)
a29faa5 fix(cli): pass options to semver.valid() for loose version validation (#835)
1d28d5e docs: fix typos and update -n CLI option documentation (#836)
5816d4c chore: bump @npmcli/template-oss from 4.28.0 to 4.28.1 (#829)
ab9e28a chore: bump @npmcli/template-oss from 4.27.1 to 4.28.0 (#827)
44d7130 chore: bump @npmcli/eslint-config from 5.1.0 to 6.0.0 (#824)
7073576 chore: reorder parameters in invalid-versions.js test (#820)
16a35f5 chore: bump @npmcli/template-oss from 4.26.0 to 4.27.1 (#823)
3a3459d chore: bump @npmcli/template-oss from 4.25.1 to 4.26.0 (#818)
See full diff in compare view

Updates @types/node from 25.0.9 to 25.6.0

Commits

See full diff in compare view

Updates esbuild from 0.27.4 to 0.28.0

Release notes

Sourced from esbuild's releases.

v0.28.0
Add support for with { type: 'text' } imports (#4435)

The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:
import string from './example.txt' with { type: 'text' }
console.log(string)
Add integrity checks to fallback download path (#4343)

Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

Update the Go compiler from 1.25.7 to 1.26.1

This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

It now uses the new garbage collector that comes with Go 1.26.

The Go compiler is now more aggressive with allocating memory on the stack.

The executable format that the Go linker uses has undergone several changes.

The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

You can read the Go 1.26 release notes for more information.
v0.27.7
Fix lowering of define semantics for TypeScript parameter properties (#4421)

The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:
// Original code
class Foo {
  constructor(public x = 1) {}
  y = 2
}
// Old output (with --loader=ts --target=es2021)
class Foo {
constructor(x = 1) {
this.x = x;
__publicField(this, "y", 2);
}
x;
}
// New output (with --loader=ts --target=es2021)
class Foo {

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.28.0
Add support for with { type: 'text' } imports (#4435)

The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing text loader. Here's an example:
import string from './example.txt' with { type: 'text' }
console.log(string)
Add integrity checks to fallback download path (#4343)

Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the npm command, and then with a HTTP request to registry.npmjs.org as a last resort).

This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level esbuild package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.

Update the Go compiler from 1.25.7 to 1.26.1

This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:

It now uses the new garbage collector that comes with Go 1.26.

The Go compiler is now more aggressive with allocating memory on the stack.

The executable format that the Go linker uses has undergone several changes.

The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.

You can read the Go 1.26 release notes for more information.
0.27.7
Fix lowering of define semantics for TypeScript parameter properties (#4421)

The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:
// Original code
class Foo {
  constructor(public x = 1) {}
  y = 2
}
// Old output (with --loader=ts --target=es2021)
class Foo {
constructor(x = 1) {
this.x = x;
__publicField(this, "y", 2);
}
x;
}

... (truncated)

Commits

6a794df publish 0.28.0 to npm
64ee0ea fix #4435: support with { type: text } imports
ef65aee fix sort order in snapshots_packagejson.txt
1a26a8e try to fix test-old-ts, also shuffle CI tasks
556ce6c use '' instead of null to omit build hashes
8e675a8 ci: allow missing binary hashes for tests
7067763 Reapply "update go 1.25.7 => 1.26.1"
39473a9 fix #4343: integrity check for binary download
2025c9f publish 0.27.7 to npm
c6b586e fix typo in Makefile for @esbuild/win32-x64
Additional commits viewable in compare view

Updates prettier from 3.8.0 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @kovsu)

🔗 Changelog

3.8.2

Support Angular v21.2

🔗 Changelog

3.8.1

Include available printers in plugin type declarations (#18706 by @porada)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by `@fisker`)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@switch (foo) {
@case (1) {}
@default never;
}

arrow function and instanceof expressions.

</tr></table>

... (truncated)

Commits

d7108a7 Release 3.8.3
177f908 Prevent trailing comma in SCSS if() function (#18471)
1cd4066 Release @prettier/plugin-oxc@0.1.4
a8700e2 Update oxc-parser to v0.125.0
752157c Fix tests
053fd41 Bump Prettier dependency to 3.8.2
904c636 Clean changelog_unreleased
dc1f7fc Update dependents count
b31557c Release 3.8.2
96bbaed Support Angular v21.2 (#18722)
Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

npm

TypeScript 6.0

For release notes, check out the release announcement blog post.

fixed issues query for TypeScript 6.0.0 (Beta).

fixed issues query for TypeScript 6.0.1 (RC).

fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

npm

Commits

050880c Bump version to 6.0.3 and LKG
eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
607a22a Bump version to 6.0.2 and LKG
9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
e175b69 Bump version to 6.0.1-rc and LKG
af4caac Update LKG
8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
Additional commits viewable in compare view

Updates vitest from 4.1.0 to 4.1.5

Release notes

Sourced from vitest's releases.

v4.1.5

   🚀 Experimental Features

coverage: Istanbul to support instrumenter option - by @BartWaardenburg and @AriPerkkio in vitest-dev/vitest#10119 (0e0ff)

   🐞 Bug Fixes

--project negation excludes browser instances - by @felamaslen in vitest-dev/vitest#10131 (9423d)

Project color label on html reporter - by @hi-ogawa in vitest-dev/vitest#10142 (596f7)

Fix vi.defineHelper called as object method - by @hi-ogawa in vitest-dev/vitest#10163 (122c2)

Alias agent reporter to minimal - by @sheremet-va in vitest-dev/vitest#10157 (663b9)

Respect diff config options in soft assertions - by @Copilot, sheremet-va and @sheremet-va in vitest-dev/vitest#8696 (9787d)

Respect diff config options in soft assertions " - by @sheremet-va in vitest-dev/vitest#8696 (7dc6d)

ast-collect: Recognize _vi_import prefix in static test discovery - by @Yejneshwar in vitest-dev/vitest#10129 (32546)

coverage: Descriptive error message when reports directory is removed during test run - by @DaveT1991 and @AriPerkkio in vitest-dev/vitest#10117 (14133)

snapshot: Increase default snapshot max output length - by @hi-ogawa and Codex in vitest-dev/vitest#10150 (21e66)

ui: Fix jsx/tsx syntax highlight - by @hi-ogawa in vitest-dev/vitest#10152 (f1b1f)

web-worker: Support MessagePort objects referenced inside postMessage data - by @whitphx and Claude Opus 4.6 (1M context) in vitest-dev/vitest#9927 and vitest-dev/vitest#10124 (7ad7d)

api: Make test-specification options writable - by @sheremet-va in vitest-dev/vitest#10154 (6abd5)

    View changes on GitHub

v4.1.4

   🚀 Experimental Features

coverage:

Default to text reporter skipFull if agent detected - by @hi-ogawa in vitest-dev/vitest#10018 (53757)

experimental:

Expose assertion as a public field - by @sheremet-va in vitest-dev/vitest#10095 (a120e)

Support aria snapshot - by @hi-ogawa, Claude Opus 4.6 (1M context), @AriPerkkio, Codex and @sheremet-va in vitest-dev/vitest#9668 (d4fbb)

reporter:

Add filterMeta option to json reporter - by @nami8824 and @sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

Use "black" foreground for labeled terminal message to ensure contrast - by @hi-ogawa in vitest-dev/vitest#10076 (203f0)

Make expect(..., message) consistent as error message prefix - by @hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)

Do not hoist imports whose names match class properties . - by @SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)

browser: Spread user server options into browser Vite server in project - by @GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

Add experimental.preParse flag - by @sheremet-va in vitest-dev/vitest#10070 (78273)

Support browser.locators.exact option - by @sheremet-va in vitest-dev/vitest#10013 (48799)

Add TestAttachment.bodyEncoding - by @hi-ogawa in vitest-dev/vitest#9969 (89ca0)

Support custom snapshot matcher - by @hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

... (truncated)

Commits

e399846 chore: release v4.1.5
7dc6d54 Revert "fix: respect diff config options in soft assertions (#8696)"
9787ded fix: respect diff config options in soft assertions (#8696)
325463a fix(ast-collect): recognize _vi_import prefix in static test discovery (#10...
0e0ff41 feat(coverage): istanbul to support instrumenter option (#10119)
663b99f fix: alias agent reporter to minimal (#10157)
122c25b fix: fix vi.defineHelper called as object method (#10163)
6abd557 feat(api): make test-specification options writable (#10154)
596f739 fix: project color label on html reporter (#10142)
9423dc0 fix: --project negation excludes browser instances (#10131)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` | | [semver](https://github.com/npm/node-semver) | `7.7.3` | `7.7.4` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.9` | `25.6.0` | | [esbuild](https://github.com/evanw/esbuild) | `0.27.4` | `0.28.0` | | [prettier](https://github.com/prettier/prettier) | `3.8.0` | `3.8.3` | | [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.0` | `4.1.5` | Updates `@actions/core` from 3.0.0 to 3.0.1 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) Updates `semver` from 7.7.3 to 7.7.4 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.7.3...v7.7.4) Updates `@types/node` from 25.0.9 to 25.6.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `esbuild` from 0.27.4 to 0.28.0 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.4...v0.28.0) Updates `prettier` from 3.8.0 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.0...3.8.3) Updates `typescript` from 5.9.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) Updates `vitest` from 4.1.0 to 4.1.5 - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.5/packages/vitest) --- updated-dependencies: - dependency-name: "@actions/core" dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: semver dependency-version: 7.7.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: actions - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: actions - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: actions - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: actions - dependency-name: vitest dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 27, 2026

dependabot Bot requested a review from a team as a code owner April 27, 2026 09:38

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 7 updates#269

Bump the actions group across 1 directory with 7 updates#269
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/actions-f9ba728fd4

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026

3.0.1

v7.7.4

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

Chores

7.7.4 (2026-01-16)

Bug Fixes

Documentation

Dependencies

Chores

v0.28.0

v0.27.7

0.28.0

0.27.7

3.8.3

3.8.2

3.8.1

3.8.3

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

3.8.2

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

TypeScript 6.0.3

TypeScript 6.0

TypeScript 6.0 Beta

v4.1.5

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.4

🚀 Experimental Features

🐞 Bug Fixes

View changes on GitHub

v4.1.3

🚀 Experimental Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

SCSS: Prevent trailing comma in `if()` function (#18471 by `@kovsu`)

Angular: Support Angular v21.2 (#18722, #19034 by `@fisker`)