chore(deps): update github-actions (maint-27) #9958

renovate-bot · 2025-06-17T09:06:09Z

This PR contains the following updates:

Package	Type	Update	Change
EnricoMi/publish-unit-test-result-action	action	minor	`v2.19.0` -> `v2.20.0`
actions/cache	action	patch	`v4.2.3` -> `v4.2.4`
actions/checkout	action	minor	`v4.2.2` -> `v4.3.0`
actions/create-github-app-token	action	minor	`v2.0.6` -> `v2.1.1`
actions/github-script	action	minor	`v7.0.1` -> `v7.1.0`
docker/login-action	action	minor	`v3.4.0` -> `v3.5.0`
google/osv-scanner-action	action	minor	`v2.0.2` -> `v2.2.2`
saadmk11/github-actions-version-updater	action	minor	`v0.8.1` -> `v0.9.0`
softprops/action-gh-release	action	minor	`v2.2.2` -> `v2.3.3`

Release Notes

EnricoMi/publish-unit-test-result-action (EnricoMi/publish-unit-test-result-action)

`v2.20.0`

Compare Source

Adds the following improvements:

Add action typing #653
Isolate PIP cache used by composite actions #668
Fix for empty <system-out> and <system-err> #667
Deprecate github_token_actor option, auto-detect actor #661
Use and recommend !cancelled() instead of always() #659
Add deprecationMessage to action.yml for deprecated inputs (#654)
Resolve regex library warnings #660

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.19.0...v2.20.0

actions/cache (actions/cache)

`v4.2.4`

Compare Source

What's Changed

Update README.md by @nebuk89 in #1620
Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in #1634
Prepare release 4.2.4 by @Link- in #1636

New Contributors

@nebuk89 made their first contribution in #1620

Full Changelog: actions/cache@v4...v4.2.4

actions/checkout (actions/checkout)

actions/create-github-app-token (actions/create-github-app-token)

`v2.1.1`

Compare Source

Bug Fixes

revert "use node24 as runner" (#278) (5204204), closes actions/create-github-app-token#267

`v2.1.0`

Compare Source

Features

use node24 as runner (#267) (a1cbe0f)

actions/github-script (actions/github-script)

`v7.1.0`

Compare Source

docker/login-action (docker/login-action)

`v3.5.0`

Compare Source

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in #874 #876
Bump @aws-sdk/client-ecr to 3.859.0 in #860 #878
Bump @aws-sdk/client-ecr-public to 3.859.0 in #860 #878
Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in #870
Bump form-data from 2.5.1 to 2.5.5 in #875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

google/osv-scanner-action (google/osv-scanner-action)

`v2.2.2`

Compare Source

This updates OSV-Scanner to v2.2.2.

What's Changed

docs: Update Automatic install instructions by @another-rex in #94
Update to v2.2.2 by @cuixq in #95

Full Changelog: google/osv-scanner-action@v2.2.1...v2.2.2

`v2.2.1`

Compare Source

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:

Feature #2146 Allow manual OSV-Scalibr plugin selection.
Feature #2144 Add OSV-Scalibr version to osv-scanner --version output.
Feature #2021 Add experimental support for running OSV-Scalibr detectors.
Feature #2079 Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
Feature #2032 Add summary section at the top of outputs and a 'Fixed Version' column.
Feature #2076 Support Ubuntu severity type.

Fixes:

Bug #2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
Bug #2084 Show absolute paths when scanning containers.
Bug #2126 Log and preserve package count before continuing on db error.
Bug #2095 Pass through plugin capabilities correctly.
Bug #2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
Bug #2072 Add missing "text" property in description fields.
Bug #2068 Change links in output to go to the specific vulnerability page instead of the list page.
Bug #2064 Fix SARIF v3 output to include results.
Bug #2151 Filter by ecosystem before querying.

API Changes:

API Change #2096 Allow log handler to be overridden.

[!WARNING]
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.

`v2.1.0`

Compare Source

What's Changed

chore(deps): update github/codeql-action action to v3.29.0 by @renovate-bot in #76
Update to v2.1.0 by @michaelkedar in #81

Full Changelog: google/osv-scanner-action@v2.0.3...v2.1.0

`v2.0.3`

Compare Source

Update to use osv-scanner v2.0.3

Notable changes:

There's now a flag --allow-no-lockfiles you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.
We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)

saadmk11/github-actions-version-updater (saadmk11/github-actions-version-updater)

`v0.9.0`

Compare Source

#92: [pre-commit.ci] pre-commit autoupdate
#100: Update README.md - update checkout versions
#106: Fix the actions enclosed in quotes are not updated
#115: Base on 3.12-slim-bullseye
#116: Update changelog-ci version

softprops/action-gh-release (softprops/action-gh-release)

`v2.3.3`

Compare Source

`v2.3.2`

Compare Source

fix: revert fs readableWebStream change

`v2.3.1`

Compare Source

What's Changed

Bug fixes 🐛

fix: fix file closing issue by @WailGree in #629

New Contributors

@WailGree made their first contribution in #629

Full Changelog: softprops/action-gh-release@v2.3.0...v2.3.1

`v2.3.0`

Compare Source

Migrate from jest to vitest
Replace mime with mime-types
Bump to use node 24
Dependency updates

Full Changelog: softprops/action-gh-release@v2.2.2...v2.3.0

Configuration

📅 Schedule: Branch creation - "after 2am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

CLAassistant · 2025-06-17T09:06:19Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

github-actions · 2025-06-17T09:07:15Z

CT Test Results

1 files 11 suites 4m 35s ⏱️
94 tests 92 ✅ 2 💤 0 ❌
110 runs 108 ✅ 2 💤 0 ❌

Results for commit e5191a0.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

kikofernandez · 2025-06-18T11:15:05Z

.github/workflows/osv-scanner-scheduled.yml

+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # ratchet:google/osv-scanner-action/.github/workflows/[email protected].3"
    with:


version should be google/osv-scanner-action@40a8940

This is the same issue as reported in
#9960 (review)

forking-renovate bot added the team:VM Assigned to OTP team VM label Jun 17, 2025

forking-renovate bot assigned garazdawi and kikofernandez Jun 17, 2025

garazdawi removed their assignment Jun 17, 2025

kikofernandez reviewed Jun 18, 2025

View reviewed changes

renovate-bot force-pushed the renovate/maint-27-github-actions branch 2 times, most recently from 5efe424 to 211959c Compare July 15, 2025 11:42

renovate-bot force-pushed the renovate/maint-27-github-actions branch from 211959c to af7a8cc Compare July 28, 2025 14:04

renovate-bot force-pushed the renovate/maint-27-github-actions branch 7 times, most recently from 5dac2d6 to e343f79 Compare August 11, 2025 11:37

renovate-bot force-pushed the renovate/maint-27-github-actions branch from e343f79 to af2a48f Compare August 11, 2025 17:23

renovate-bot force-pushed the renovate/maint-27-github-actions branch from af2a48f to dd08154 Compare August 27, 2025 04:49

renovate-bot force-pushed the renovate/maint-27-github-actions branch from dd08154 to 5928724 Compare September 4, 2025 17:27

chore(deps): update github-actions

e5191a0

renovate-bot force-pushed the renovate/maint-27-github-actions branch from 5928724 to e5191a0 Compare September 7, 2025 05:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update github-actions (maint-27) #9958

chore(deps): update github-actions (maint-27) #9958

Uh oh!

renovate-bot commented Jun 17, 2025 •

edited

Loading

Uh oh!

CLAassistant commented Jun 17, 2025

Uh oh!

github-actions bot commented Jun 17, 2025 •

edited

Loading

Uh oh!

kikofernandez Jun 18, 2025

Uh oh!

Uh oh!

		uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # ratchet:google/osv-scanner-action/.github/workflows/[email protected].3"
		with:

chore(deps): update github-actions (maint-27) #9958

Are you sure you want to change the base?

chore(deps): update github-actions (maint-27) #9958

Uh oh!

Conversation

renovate-bot commented Jun 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

New Contributors

What's Changed

New Contributors

Bug Fixes

Features

What's Changed

What's Changed

Features:

Fixes:

API Changes:

What's Changed

What's Changed

Bug fixes 🐛

New Contributors

Configuration

Uh oh!

CLAassistant commented Jun 17, 2025

Uh oh!

github-actions bot commented Jun 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

CT Test Results

Artifacts

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

renovate-bot commented Jun 17, 2025 •

edited

Loading

github-actions bot commented Jun 17, 2025 •

edited

Loading