Skip to content

build(deps): bump the github-actions-dependencies group across 1 directory with 11 updates#1419

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-7b5515578b
Open

build(deps): bump the github-actions-dependencies group across 1 directory with 11 updates#1419
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-7b5515578b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-dependencies group with 11 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
actions/setup-go 6.4.0 6.5.0
docker/setup-qemu-action 4.0.0 4.2.0
docker/setup-buildx-action 4.0.0 4.2.0
azure/setup-helm 5.0.0 5.0.1
actions/setup-python 6.2.0 6.3.0
lycheeverse/lychee-action 2.8.0 2.9.0
docker/metadata-action 6.0.0 6.2.0
docker/login-action 4.1.0 4.4.0
docker/build-push-action 7.1.0 7.3.0
github/codeql-action/upload-sarif 4.35.2 4.37.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

Updates docker/setup-qemu-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.2.0

Full Changelog: docker/setup-qemu-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits
  • 96fe6ef Merge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 31f08d3 [dependabot skip] chore: update generated content
  • 4e7017a build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 0eca235 Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkit
  • ea66a41 chore: allow actions-toolkit to bypass yarn age gate
  • 451542b Merge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 532ae00 [dependabot skip] chore: update generated content
  • b6f5af6 build(deps): bump undici from 6.26.0 to 6.27.0
  • cf96b86 Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7
  • f0ba643 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates azure/setup-helm from 5.0.0 to 5.0.1

Release notes

Sourced from azure/setup-helm's releases.

v5.0.1

Fixed

Changed

Changelog

Sourced from azure/setup-helm's changelog.

Change Log

[5.0.1] - 2026-06-23

Fixed

Changed

[5.0.0] - 2026-03-23

Changed

... (truncated)

Commits
  • 9bc31f4 build
  • 95ecf49 Bump version to 5.0.1 and update CHANGELOG with recent changes (#287)
  • 4180b1c Bump the actions group with 2 updates (#285)
  • 6949b7f Bump undici (#284)
  • 51ce767 Bump actions/checkout in /.github/workflows in the actions group (#286)
  • d6da4f4 Bump the actions group with 5 updates (#283)
  • 7e2bc10 Bump actions/checkout in /.github/workflows in the actions group (#280)
  • 64d6be9 Bump the actions group with 2 updates (#279)
  • 69214f9 fix: use chmod 755 instead of 777 for downloaded helm binary and folder (#278)
  • 9dad99f Bump vitest from 4.1.7 to 4.1.8 in the actions group (#277)
  • Additional commits viewable in compare view

Updates actions/setup-python from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-python's releases.

v6.3.0

What's Changed

Enhancement

Dependency update

Documentation

New Contributors

Full Changelog: actions/setup-python@v6.2.0...v6.3.0

Commits

Updates lycheeverse/lychee-action from 2.8.0 to 2.9.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

v2.9.0

Summary

This release updates the default lychee version from v0.23.0 to v0.24.2.

The main reason for this release is compatibility with the new lychee 0.24.x release artifacts. Starting with lychee v0.24.0, the archive layout changed, and the lychee binary may now be packaged inside a subdirectory. lychee-action now detects that layout automatically, so users can upgrade without changing their workflows.

If you use:

uses: lycheeverse/lychee-action@v2

you will get the new version once the floating v2 tag has been updated. If you pin exact versions, update to:

uses: lycheeverse/lychee-action@v2.9.0

What’s new from lychee v0.24.x

Better diagnostics

lychee now reports line and column numbers for detected links. This makes broken link reports easier to act on, especially in larger documentation sites or generated reports.

Text fragment checking

lychee can now check URL text fragments, such as links containing #:~:text=.... This helps catch links that point to a valid page but no longer points to the intended highlighted text.

Sitemap support

lychee can now read sitemap.xml inputs. This is useful for checking published websites or generated documentation sites where the sitemap is the easiest source of URLs to validate.

JUnit output

lychee now supports JUnit output. This makes it easier to integrate link checking results with CI systems and test reporting tools that understand JUnit XML.

Redirect and remap visibility

lychee can now show redirects and remaps more clearly. This helps explain why a URL was checked as a different final URL and makes debugging link-checking behavior easier.

Multiple config files

lychee now supports multiple configuration files and expanded config handling. This is useful for repositories that split documentation, website, or package-specific link-checking settings.

Timeout handling

lychee can now accept timeouts explicitly. This gives users more control over how strict their link checks should be for flaky or slow endpoints.

Fixes and reliability improvements

... (truncated)

Commits

Updates docker/metadata-action from 6.0.0 to 6.2.0

Release notes

Sourced from docker/metadata-action's releases.

v6.2.0

Full Changelog: docker/metadata-action@v6.1.0...v6.2.0

v6.1.0

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits
  • dc80280 Merge pull request #696 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 2b9fe83 [dependabot skip] chore: update generated content
  • 8128ce3 chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 1d1c895 Merge pull request #695 from docker/dependabot/npm_and_yarn/semver-7.8.5
  • 7f0c2dd Merge pull request #694 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 025f8c5 [dependabot skip] chore: update generated content
  • e98d63c chore(deps): Bump semver from 7.8.1 to 7.8.5
  • 37d9379 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
  • a1b8072 Merge pull request #690 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
  • e0e3381 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

…ctory with 11 updates

Bumps the github-actions-dependencies group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.2.0` |
| [azure/setup-helm](https://github.com/azure/setup-helm) | `5.0.0` | `5.0.1` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |
| [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.8.0` | `2.9.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.4.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.3.0` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.2` | `4.37.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

Updates `docker/setup-qemu-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@ce36039...96fe6ef)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f)

Updates `azure/setup-helm` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-helm@dda3372...9bc31f4)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

Updates `lycheeverse/lychee-action` from 2.8.0 to 2.9.0
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@8646ba3...e747777)

Updates `docker/metadata-action` from 6.0.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@030e881...dc80280)

Updates `docker/login-action` from 4.1.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@4907a6d...af1e73f)

Updates `docker/build-push-action` from 7.1.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@bcafcac...53b7df9)

Updates `github/codeql-action/upload-sarif` from 4.35.2 to 4.37.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@95e58e9...99df26d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-dependencies
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: azure/setup-helm
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 13, 2026
Copilot AI review requested due to automatic review settings July 13, 2026 07:54
@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 07:54

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant