Bump the actions group across 1 directory with 5 updates #4262

dependabot · 2025-09-30T00:29:27Z

Bumps the actions group with 5 updates in the / directory:

Package	From	To
azure/setup-helm	`4.3.0`	`4.3.1`
actions/setup-python	`5`	`6`
actions/setup-go	`5`	`6`
docker/login-action	`3.5.0`	`3.6.0`
actions/stale	`9`	`10`

Updates azure/setup-helm from 4.3.0 to 4.3.1

Release notes

Sourced from azure/setup-helm's releases.

v4.3.1

Changed

#167 Pinning Action Dependencies for Security and Reliability

#181 Fix types, and update node version.

#191 chore(tests): Mock arch to make tests pass on arm host

#192 chore: remove unnecessary prebuild script

#203 Update helm version retrieval to use JSON output for latest version

#207 ci(workflows): update helm version to v3.18.4 and add matrix for tests

Added

#197 Add pre-commit hook

Changelog

Sourced from azure/setup-helm's changelog.

Change Log

[4.3.1] - 2025-08-12

Changed

#167 Pinning Action Dependencies for Security and Reliability

#181 Fix types, and update node version.

#191 chore(tests): Mock arch to make tests pass on arm host

#192 chore: remove unnecessary prebuild script

#203 Update helm version retrieval to use JSON output for latest version

#207 ci(workflows): update helm version to v3.18.4 and add matrix for tests

Added

#197 Add pre-commit hook

[4.3.0] - 2025-02-15

#152 feat: log when restoring from cache

#157 Dependencies Update

#137 Add dependabot

[4.2.0] - 2024-04-15

#124 Fix OS detection and download OS-native archive extension

[4.1.0] - 2024-03-01

#130 switches to use Helm published file to read latest version instead of using GitHub releases

[4.0.0] - 2024-02-12

#121 update to node20 as node16 is deprecated

Commits

1a275c3 build
9e7f762 chore(release): v4.3.1 (#208)
c096176 Bump @types/node from 24.1.0 to 24.2.1 in the actions group (#206)
5e72872 ci(workflows): update helm version to v3.18.4 and add matrix for tests (#207)
fb8fa40 Update default helm version to 3.18.3 (#194)
0d09729 chore: remove unnecessary prebuild script (#192)
32bc120 chore(tests): Mock arch to make tests pass on arm host (#191)
51463d6 Bump the actions group with 2 updates (#205)
aff1094 Bump the actions group across 1 directory with 2 updates (#204)
a10a524 Update helm version retrieval to use JSON output for latest version (#203)
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates actions/setup-go from 5 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.5.0

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in actions/setup-go#556

Add manifest validation and improve error handling by @priyagupta108 in actions/setup-go#586

Update template link by @jsoref in actions/setup-go#527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-go#574

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-go#573

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-go#582

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in actions/setup-go#537

New Contributors

@jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

What's Changed

Dependency updates :

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in actions/setup-go#535

Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in actions/setup-go#536

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/setup-go#568

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-go#541

... (truncated)

Commits

4469467 Bump actions/checkout from 4 to 5 (#631)
e093d1e Node 24 upgrade (#624)
1d76b95 Improve toolchain handling (#460)
e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
8e57b58 Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)
7c0b336 Bump typescript from 5.4.2 to 5.8.3 (#538)
6f26dcc Bump undici from 5.28.5 to 5.29.0 (#594)
8d4083a Bump @typescript-eslint/parser from 5.62.0 to 8.32.0 (#590)
fa96338 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591)
4de67c0 Bump @types/jest from 29.5.12 to 29.5.14 (#589)
See full diff in compare view

Updates docker/login-action from 3.5.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

Commits

5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
97e3143 chore: update generated content
3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
abc9fb3 chore: update generated content
d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
0d7fae8 chore: update generated content
9832253 build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.63.0
09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
Additional commits viewable in compare view

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/stale#1279 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Enhancement

Introducing sort-by option by @suyashgaonkar in actions/stale#1254

Dependency Upgrades

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in actions/stale#1186

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/stale#1201

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/stale#1226

Upgrade @action/cache from 4.0.2 to 4.0.3 by @suyashgaonkar in actions/stale#1233

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/stale#1251

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/stale#1277

Documentation changes

Changelog update for recent releases by @suyashgaonkar in actions/stale#1224

Permissions update in Readme by @ghadimir in actions/stale#1248

New Contributors

@suyashgaonkar made their first contribution in actions/stale#1224

@GhadimiR made their first contribution in actions/stale#1248

@gowridurgad made their first contribution in actions/stale#1277

@salmanmkc made their first contribution in actions/stale#1279

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

Documentation update by @Marukome0743 in actions/stale#1116

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/stale#1179

Update undici from 5.28.2 to 5.28.4 by @dependabot in actions/stale#1150

Update actions/checkout from 3 to 4 by @dependabot in actions/stale#1091

Update actions/publish-action from 0.2.2 to 0.3.0 by @dependabot in actions/stale#1147

Update ts-jest from 29.1.1 to 29.2.5 by @dependabot in actions/stale#1175

Update @actions/core from 1.10.1 to 1.11.1 by @dependabot in actions/stale#1191

Update @types/jest from 29.5.11 to 29.5.14 by @dependabot in actions/stale#1193

Update @actions/cache from 3.2.2 to 4.0.0 by @dependabot in actions/stale#1194

New Contributors

@Marukome0743 made their first contribution in actions/stale#1116

@Jcambass made their first contribution in actions/stale#1179

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[9.1.0]

What's Changed

Documentation update by @Marukome0743 in actions/stale#1116

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/stale#1179

Update undici from 5.28.2 to 5.28.4 by @dependabot in actions/stale#1150

Update actions/checkout from 3 to 4 by @dependabot in actions/stale#1091

Update actions/publish-action from 0.2.2 to 0.3.0 by @dependabot in actions/stale#1147

Update ts-jest from 29.1.1 to 29.2.5 by @dependabot in actions/stale#1175

Update @actions/core from 1.10.1 to 1.11.1 by @dependabot in actions/stale#1191

Update @types/jest from 29.5.11 to 29.5.14 by @dependabot in actions/stale#1193

Update @actions/cache from 3.2.2 to 4.0.0 by @dependabot in actions/stale#1194

[9.0.0]

Breaking Changes

Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.

Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

What Else Changed

Performance optimization that removes unnecessary API calls by @dsame in #1033; fixes #792

Logs displaying current GitHub API rate limit by @dsame in #1032; addresses #1029

For more information, please read the action documentation and its section about statefulness

[4.1.1]

In scope of this release we updated actions/core to 1.10.0 for v4 and fixed issues operation count.

[8.0.0]

⚠️ This version contains breaking changes ⚠️

New option labels-to-remove-when-stale enables users to specify list of comma delimited labels that will be removed when the issue or PR becomes stale by @panticmilos actions/stale#770

Skip deleting the branch in the upstream of a forked repo by @dsame actions/stale#913

abort the build on the error by @dsame in actions/stale#935

[7.0.0]

⚠️ Breaking change ⚠️

Allow daysBeforeStale options to be float by @irega in actions/stale#841

Use cache in check-dist.yml by @jongwooo in actions/stale#876

fix print outputs step in existing workflows by @irega in actions/stale#859

Update issue and PR templates, add/delete workflow files by @IvanZosimov in actions/stale#880

Update how stale handles exempt items by @johnsudol in actions/stale#874

... (truncated)

Commits

3a9db7e Upgrade to node 24 (#1279)
8f717f0 Bumps form-data (#1277)
a92fd57 build(deps): bump undici from 5.28.5 to 5.29.0 (#1251)
128b2c8 Introducing sort-by option (#1254)
f78de97 Update README.md (#1248)
816d9db Upgrade @action/cache from 4.0.2 to 4.0.3 (#1233)
ba23c1c upgrade actions/cache from 4.0.0 to 4.0.2 (#1226)
a65e88a build(deps): bump undici from 5.28.4 to 5.28.5 (#1201)
d4df79c Updates to CHANGELOG.MD for recent releases (#1224)
ee7ef89 build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1186)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` | `4.3.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [docker/login-action](https://github.com/docker/login-action) | `3.5.0` | `3.6.0` | | [actions/stale](https://github.com/actions/stale) | `9` | `10` | Updates `azure/setup-helm` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@b9e5190...1a275c3) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) Updates `docker/login-action` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@184bdaa...5e57cd1) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9...v10) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: 4.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

* Updates: runner to v2.318.0 container-hooks to v0.6.1 (actions#3684) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Updates: runner to v2.319.0 (actions#3702) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Updates: runner to v2.319.1 (actions#3708) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Add exponential backoff when generating runner reg tokens (actions#3724) * Updates: runner to v2.320.0 (actions#3763) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Updates: runner to v2.321.0 container-hooks to v0.6.2 (actions#3809) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Fix ARC e2e tests (actions#3836) * Make EphemeralRunnerController MaxConcurrentReconciles configurable (actions#3832) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Make EphemeralRunnerReconciler create runner pods earlier (actions#3831) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.8.0 to 2.12.0 (actions#3837) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Update docs with details for the dashboard visualizations (actions#3696) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Make k8s client rate limiter parameters configurable (actions#3848) Co-authored-by: Taketoshi Fujiwara <t-b-fujiwara@mercari.com> * Bump golang.org/x/crypto from 0.22.0 to 0.31.0 (actions#3844) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Prepare `0.10.0` release (actions#3849) * Fix helm chart bug related to `runnerMaxConcurrentReconciles` (actions#3858) * Prepare `0.10.1` release (actions#3859) * Update dependabot config to group packages (& include actions eco) (actions#3880) * Fix template tests and add go test on gha-validate-chart (actions#3886) * cmd/ghalistener/config: export Validate (actions#3870) Co-authored-by: Han-Wen Nienhuys <hanwenn@gmail.com> * Updated dead link (actions#3830) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * docs: end markdown code block correctly (actions#3736) * Clarify syntax for `githubConfigSecret` (actions#3812) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Bump golang.org/x/net from 0.25.0 to 0.33.0 (actions#3881) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Updates: runner to v2.322.0 (actions#3893) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Sanitize labels ending in hyphen, underscore, and dot (actions#3664) * metrics cardinality for ghalistener (actions#3671) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Rename log from target/actual to build/autoscalingRunnerSet version (actions#3957) * Use Ready from the pod conditions when setting it to the EphemeralRunner (actions#3891) * AutoscalingRunnerSet env: not Rendering correctly (actions#3826) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Drop verbose flag from runner scale set init-dind-externals copy (actions#3805) * Include custom annotations and labels to all resources created by `gha-runner-scale-set` chart (actions#3934) * Remove old githubrunnerscalesetlistener, remove warning and fix config bug (actions#3937) * Wrap errors in controller helper methods and swap logic in cleanups (actions#3960) * Clean up as much as possible in a single pass for the EphemeralRunner reconciler (actions#3941) * Use gha-runner-scale-set-controller.chart instead of .Chart.Version (actions#3729) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Trim volume and container helpers in gha-runner-scale-set (actions#3807) Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> * Small readme updates for readability (actions#3860) * Update all dependencies, conforming to the new controller-runtime API (actions#3949) * feat: allow namespace overrides (actions#3797) Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * chore: Added `OwnerReferences` during resource creation for `EphemeralRunnerSet`, `EphemeralRunner`, and `EphemeralRunnerPod` (actions#3575) * Updates: runner to v2.323.0 (actions#3976) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (actions#3984) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add events role permission to leader_election_role (actions#3988) * Create configurable metrics (actions#3975) * Prepare 0.11.0 release (actions#3992) * Fix busy runners metric (actions#4016) * Bump the gomod group across 1 directory with 7 updates (actions#4008) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Include more context to errors raised by github/actions client (actions#4032) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Pin third party actions (actions#3981) * upgrade(golangci-lint): v2.1.2 (actions#4023) Signed-off-by: karamaru-alpha <mrnk3078@gmail.com> * Revised dashboard (actions#4022) * feat(helm): move dind to sidecar (actions#3842) * Fix code block fences (actions#3140) Co-authored-by: Mosè Giordano <giordano@users.noreply.github.com> * Add missing backtick to metrics.serviceMonitor.namespace line to correct formatting (actions#3790) * Bump go version (actions#4075) * Create backoff mechanism for failed runners and allow re-creation of failed ephemeral runners (actions#4059) * Updates: runner to v2.324.0 container-hooks to v0.7.0 (actions#4086) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Fix docker lint warnings (actions#4074) * Relax version requirements to allow patch version mismatch (actions#4080) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Refactor resource naming removing unnecessary calculations (actions#4076) * Allow use of client id as an app id (actions#4057) * Updates: runner to v2.325.0 (actions#4109) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Add job_workflow_ref label to listener metrics (actions#4054) Signed-off-by: rskmm0chang <rskmm0chang@hatena.ne.jp> * Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (actions#4118) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add startup probe to dind side-car (actions#4117) * Avoid nil point when config.Metrics is nil and expose all metrics if none are configured (actions#4101) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Add response body to error when fetching access token (actions#4005) Co-authored-by: mluffman <mluffman@thoughtmachine.net> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Delete config secret when listener pod gets deleted (actions#4033) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Azure Key Vault integration to resolve secrets (actions#4090) * Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (actions#4120) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Prepare 0.12.0 release (actions#4122) * Bump build-push-action to 6.18.0 (actions#4123) * Remove cache for build-push-action (actions#4124) * Fix indentation of startupProbe attributes in dind sidecar (actions#4126) * Fix dind sidecar template (actions#4128) * Remove duplicate float64 call (actions#4139) * Remove check if runner exists after exit code 0 (actions#4142) * Explicitly requeue during backoff ephemeral runner (actions#4152) * Prepare 0.12.1 release (actions#4153) * Update CodeQL workflow for v3 (global-run-codeql.yaml) (actions#4157) * Bump the actions group across 1 directory with 5 updates (actions#4160) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(runner): add ubuntu 24.04 support (actions#3598) * Fix image pull secrets list arguments in the chart (actions#4164) * Remove workflow actions version comments since upgrades are done via dependabot (actions#4161) * Updates: runner to v2.326.0 (actions#4176) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update example GitHub URLs in values.yaml to include an example for enterprise account-level runners (actions#4181) * Add Missing Languages to CodeQL Advanced Configuration (actions#4179) * Updates: runner to v2.327.0 (actions#4185) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Remove deprecated preserveUnknownFields from CRDs (actions#4135) * Updates: runner to v2.327.1 (actions#4188) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Remove JIT config from ephemeral runner status field (actions#4191) * Fix usage of underscore in Runner Scale Set name (actions#3545) Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> * Bump docker/login-action from 3.4.0 to 3.5.0 in the actions group (actions#4196) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4 to 5 in the actions group (actions#4205) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Updates: runner to v2.328.0 (actions#4209) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Requeue if create pod returns already exists error (actions#4201) * docs: fix repo path typo (actions#4229) * Update CODEOWNERS (actions#4251) * Update CODEOWNERS to include new maintainer (actions#4253) * Remove ephemeral runner when exit code != 0 and is patched with the job (actions#4239) * Add workflow name and target labels (actions#4240) * Bump the actions group across 1 directory with 5 updates (actions#4262) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Introduce new kubernetes-novolume mode (actions#4250) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Ensure ephemeral runner is deleted from the service on exit != 0 (actions#4260) * docs: fix broken Grafana dashboard JSON path (actions#4270) * Potential fix for code scanning alert no. 3: Workflow does not contain permissions (actions#4273) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 1: Workflow does not contain permissions (actions#4274) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: jiaren-wu <190862939+jiaren-wu@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Bump all dependencies (actions#4266) * Bump the gomod group across 1 directory with 4 updates (actions#4277) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Prepare 0.13.0 release (actions#4280) * Revert "gha: customize client-go rate limiter params (#4)" This reverts commit 8728190. Keep several instrumentations * Revert "gha: make MaxConcurrentReconciles for each reconciler configurable (#1)" This reverts commit 057a1e7. * chore(chart): bump version to 0.13.0-rc.1 for testing --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com> Signed-off-by: karamaru-alpha <mrnk3078@gmail.com> Signed-off-by: rskmm0chang <rskmm0chang@hatena.ne.jp> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bassem Dghaidi <568794+Link-@users.noreply.github.com> Co-authored-by: Yusuke Kuoka <ykuoka@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ken Muse <kenmuse@users.noreply.github.com> Co-authored-by: Taketoshi Fujiwara <t-b-fujiwara@mercari.com> Co-authored-by: Rob Herley <robherley@github.com> Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com> Co-authored-by: Han-Wen Nienhuys <hanwen@engflow.com> Co-authored-by: Han-Wen Nienhuys <hanwenn@gmail.com> Co-authored-by: Matteo Bianchi <37507190+mbianchidev@users.noreply.github.com> Co-authored-by: James Ward <james@notjam.es> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Co-authored-by: &es <84567633+and-es@users.noreply.github.com> Co-authored-by: Chris Johnston <christophermichaeljohnston@gmail.com> Co-authored-by: thinkbiggerltd <46003245+thinkbiggerltd@users.noreply.github.com> Co-authored-by: Cees-Jan Kiewiet <ceesjank@gmail.com> Co-authored-by: Mikey Smet <26899585+Mikey032@users.noreply.github.com> Co-authored-by: Patrick Vickery <167798809+pvickery-ParamountCommerce@users.noreply.github.com> Co-authored-by: Salman Chishti <salmanmkc@GitHub.com> Co-authored-by: J. Fernández <7312236+fernandezcuesta@users.noreply.github.com> Co-authored-by: kahirokunn <okinakahiro@gmail.com> Co-authored-by: David Maxwell <davidmaxwell77@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Ryosei Karaki <38310693+karamaru-alpha@users.noreply.github.com> Co-authored-by: Borislav Velkov <velkov.borislav@gmail.com> Co-authored-by: Mosè Giordano <765740+giordano@users.noreply.github.com> Co-authored-by: Mosè Giordano <giordano@users.noreply.github.com> Co-authored-by: scodef <52595068+scodef@users.noreply.github.com> Co-authored-by: Ryo Sakamoto <4330349+rskmm0chang@users.noreply.github.com> Co-authored-by: Tingluo Huang <tingluohuang@github.com> Co-authored-by: Nash Luffman <nashluffman@gmail.com> Co-authored-by: mluffman <mluffman@thoughtmachine.net> Co-authored-by: Wim Fournier <github@fournier.nl> Co-authored-by: Jeev B <jeevb@users.noreply.github.com> Co-authored-by: Mark Huijgen <48476507+mhuijgen@users.noreply.github.com> Co-authored-by: calx <108835591+null-calx@users.noreply.github.com> Co-authored-by: adjn <104127038+adjn@users.noreply.github.com> Co-authored-by: Ho Kim <ho.kim@ulagbulag.io> Co-authored-by: Cory Calahan <corycalahan@github.com> Co-authored-by: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com> Co-authored-by: Alex Hatzenbuhler <hatz@hey.com> Co-authored-by: clechevalli <56869366+clechevalli@users.noreply.github.com> Co-authored-by: zkpepe <shim.growers_6u@icloud.com> Co-authored-by: Dennis Stone <densto88@github.com> Co-authored-by: Berat Postalcioglu <bpstlcgl@gmail.com> Co-authored-by: Jiaren Wu <jiaren-wu@github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: jiaren-wu <190862939+jiaren-wu@users.noreply.github.com> Co-authored-by: Junya Okabe <junya@mercari.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies github_actions Pull requests that update GitHub Actions code labels Sep 30, 2025

dependabot bot requested review from mumoshu, nikola-jokic and toast-gear as code owners September 30, 2025 00:29

dependabot bot added the dependencies label Sep 30, 2025

dependabot bot requested review from a team and rentziass as code owners September 30, 2025 00:29

dependabot bot added the github_actions Pull requests that update GitHub Actions code label Sep 30, 2025

nikola-jokic approved these changes Oct 1, 2025

View reviewed changes

nikola-jokic merged commit 652bd99 into master Oct 1, 2025
12 of 22 checks passed

nikola-jokic deleted the dependabot/github_actions/actions-2d47016577 branch October 1, 2025 15:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 5 updates #4262

Bump the actions group across 1 directory with 5 updates #4262

Uh oh!

dependabot bot commented on behalf of github Sep 30, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the actions group across 1 directory with 5 updates #4262

Bump the actions group across 1 directory with 5 updates #4262

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 30, 2025

v4.3.1

Changed

Added

Change Log

[4.3.1] - 2025-08-12

Changed

Added

[4.3.0] - 2025-02-15

[4.2.0] - 2024-04-15

[4.1.0] - 2024-03-01

[4.0.0] - 2024-02-12

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v5.5.0

What's Changed

Bug fixes:

Dependency updates:

New Contributors

v5.4.0

What's Changed

Dependency updates :

v3.6.0

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

v9.1.0

What's Changed

New Contributors

Changelog

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

What Else Changed

[4.1.1]

[8.0.0]

[7.0.0]

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants