Skip to content

ci: bump the actions-deps group with 2 updates #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci: bump the actions-deps group with 2 updates #24

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 22, 2026
edited
Loading

Bumps the actions-deps group with 2 updates: super-linter/super-linter and actions/upload-artifact.

Updates super-linter/super-linter from 8.3.0 to 8.3.2

Release notes

Sourced from super-linter/super-linter's releases.

v8.3.2

8.3.2 (2025-12-24)

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7313) (7fab96c)
  • docker: bump clj-kondo/clj-kondo in the docker group (#7325) (fa23c54)
  • docker: bump the docker group with 4 updates (#7318) (dc49a6d)
  • java: bump com.puppycrawl.tools:checkstyle (#7312) (ab58437)
  • npm: bump next from 16.0.10 to 16.1.0 in /dependencies (#7316) (a8572e2)
  • npm: bump renovate (#7300) (191338a)
  • npm: bump the npm group across 1 directory with 10 updates (#7322) (24d9e00)
  • npm: bump the npm group across 1 directory with 2 updates (#7296) (0697485)
  • npm: bump the npm group across 1 directory with 2 updates (#7301) (4b2bf76)
  • npm: bump the npm group across 1 directory with 4 updates (#7327) (07e73d6)
  • python: bump ansible-lint (#7326) (47962ea)
  • python: bump snakemake (#7295) (3f92589)
  • python: bump the pip group across 1 directory with 2 updates (#7299) (0ca0315)
  • python: bump the pip group across 1 directory with 6 updates (#7317) (ae7e8d8)

🧰 Maintenance

v8.3.1

8.3.1 (2025-12-15)

🐛 Bugfixes

⬆️ Dependency updates

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.3.2 (2025-12-24)

🐛 Bugfixes

⬆️ Dependency updates

  • bundler: bump rubocop in /dependencies in the rubocop group (#7313) (7fab96c)
  • docker: bump clj-kondo/clj-kondo in the docker group (#7325) (fa23c54)
  • docker: bump the docker group with 4 updates (#7318) (dc49a6d)
  • java: bump com.puppycrawl.tools:checkstyle (#7312) (ab58437)
  • npm: bump next from 16.0.10 to 16.1.0 in /dependencies (#7316) (a8572e2)
  • npm: bump renovate (#7300) (191338a)
  • npm: bump the npm group across 1 directory with 10 updates (#7322) (24d9e00)
  • npm: bump the npm group across 1 directory with 2 updates (#7296) (0697485)
  • npm: bump the npm group across 1 directory with 2 updates (#7301) (4b2bf76)
  • npm: bump the npm group across 1 directory with 4 updates (#7327) (07e73d6)
  • python: bump ansible-lint (#7326) (47962ea)
  • python: bump snakemake (#7295) (3f92589)
  • python: bump the pip group across 1 directory with 2 updates (#7299) (0ca0315)
  • python: bump the pip group across 1 directory with 6 updates (#7317) (ae7e8d8)

🧰 Maintenance

8.3.1 (2025-12-15)

🐛 Bugfixes

⬆️ Dependency updates

... (truncated)

Commits
  • d5b0a2a chore(main): release 8.3.2 (#7297)
  • fa23c54 deps(docker): bump clj-kondo/clj-kondo in the docker group (#7325)
  • 07e73d6 deps(npm): bump the npm group across 1 directory with 4 updates (#7327)
  • 47962ea deps(python): bump ansible-lint (#7326)
  • 7c85bf3 fix: create log groups for enabled languages only (#7329)
  • 7afe608 chore(docs): mention conflicting tools in upgrades (#7324)
  • ce80cf6 fix: centralize file array additions and fix type (#7323)
  • ab58437 deps(java): bump com.puppycrawl.tools:checkstyle (#7312)
  • 24d9e00 deps(npm): bump the npm group across 1 directory with 10 updates (#7322)
  • dc49a6d deps(docker): bump the docker group with 4 updates (#7318)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 6

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

... (truncated)

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci: bump the actions-deps group with 2 updates
248dda8 
Bumps the actions-deps group with 2 updates: [super-linter/super-linter](https://github.com/super-linter/super-linter) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `super-linter/super-linter` from 8.3.0 to 8.3.2
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](super-linter/super-linter@502f4fe...d5b0a2a)

Updates `actions/upload-artifact` from 4 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v6)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 22, 2026

Labels

The following labels could not be found: CI/CD, dependabot. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested review from a team as code owners January 22, 2026 14:37
@github-actions
Copy link

github-actions bot commented Jan 22, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/upload-artifact 6.*.* 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1029 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/super-linter/super-linter/slim d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 🟢 6.4
Details
CheckScoreReason
Code-Review⚠️ 1Found 1/10 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0

Scanned Files

  • .github/workflows/pr-check.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant