build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 11 updates #4425

dependabot · 2025-09-29T21:36:10Z

Bumps the minor-and-patch-actions-weekly group with 11 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.13.0`	`2.13.1`
step-security/publish-unit-test-result-action	`2.20.2`	`2.20.4`
step-security/gh-docker-logs	`2.2.5`	`2.2.6`
step-security/conventional-pr-title-action	`3.2.3`	`3.2.4`
step-security/foundry-toolchain	`1.4.0`	`1.4.1`
step-security/ghaction-import-gpg	`6.3.0`	`6.3.1`
step-security/semver-utils	`4.3.1`	`4.3.2`
step-security/close-milestone	`2.2.0`	`2.2.1`
step-security/release-notes-generator-action	`3.1.8`	`3.1.9`
ncipollo/release-action	`1.18.0`	`1.20.0`
docker/login-action	`3.5.0`	`3.6.0`

Updates step-security/harden-runner from 2.13.0 to 2.13.1

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.1

What's Changed

Graceful handling of HTTP errors: Improved error handling when fetching Harden Runner policies from the StepSecurity Policy Store API, ensuring more reliable execution even in case of temporary network/API issues.

Security updates for npm dependencies: Updated vulnerable npm package dependencies to the latest secure versions.

Faster enterprise agent downloads: The enterprise agent is now downloaded from GitHub Releases instead of packages.stepsecurity.io, improving download speed and reliability.

Full Changelog: step-security/harden-runner@v2.13.0...v2.13.1

Commits

f4a75cf Merge pull request #588 from step-security/rc-26
95503d0 ci: remove code-review workflow
4b250a0 ci: add job to confirm dist is as expected
5b0ab6a update dependencies
d11f2c1 fix bug where status code was not being preserved
b3fc98e improve error handling for policy store sceanrio
92fc5d4 update error message
b61b0a4 policy store improvements
e3d3f2b use GitHub release instead of packages
646ac01 update agent
Additional commits viewable in compare view

Updates step-security/publish-unit-test-result-action from 2.20.2 to 2.20.4

Release notes

Sourced from step-security/publish-unit-test-result-action's releases.

v2.20.4

What's Changed

fix: Subscription validation scenarios handled by @Raj-StepSecurity in step-security/publish-unit-test-result-action#123

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#124

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#125

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#126

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#127

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#128

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#129

Full Changelog: step-security/publish-unit-test-result-action@v2...v2.20.4

Commits

5d195d4 Merge pull request #129 from step-security/Raj-StepSecurity-patch-16
29cc9d2 Update action.yml
ea21df0 Merge pull request #128 from step-security/Raj-StepSecurity-patch-15
4847439 Update action.yml
230f6e8 Merge pull request #127 from step-security/Raj-StepSecurity-patch-14
e4fde32 Update action.yml
738e9dc Merge pull request #126 from step-security/Raj-StepSecurity-patch-13
1c392e5 Update action.yml
c59c519 Merge pull request #125 from step-security/Raj-StepSecurity-patch-12
6f634c8 Update action.yml
Additional commits viewable in compare view

Updates step-security/gh-docker-logs from 2.2.5 to 2.2.6

Release notes

Sourced from step-security/gh-docker-logs's releases.

v2.2.6

What's Changed

fix: Security updates by @github-actions[bot] in step-security/gh-docker-logs#126

fix: Security updates by @github-actions[bot] in step-security/gh-docker-logs#128

fix: fixed validate subscription check code by @amanstep in step-security/gh-docker-logs#129

Full Changelog: step-security/gh-docker-logs@v2...v2.2.6

Commits

2ffe2e0 Merge pull request #129 from step-security/fix/subscription
73b6893 fix: fixed validate subscription check code
3a0e624 Merge pull request #128 from step-security/npm-audit-fix
d233573 fix: apply audit fixes
7d94487 fix: apply audit fixes
31365cf fix: apply audit fixes
f7ed209 Merge pull request #126 from step-security/npm-audit-fix
d8437dc fix: apply audit fixes
e410c2f fix: apply audit fixes
0830413 fix: apply audit fixes
Additional commits viewable in compare view

Updates step-security/conventional-pr-title-action from 3.2.3 to 3.2.4

Release notes

Sourced from step-security/conventional-pr-title-action's releases.

v3.2.4

What's Changed

fix: Security updates by @github-actions[bot] in step-security/conventional-pr-title-action#112

fix: Security updates by @github-actions[bot] in step-security/conventional-pr-title-action#119

feat: Validate Updated Subscription Flow by @Raj-StepSecurity in step-security/conventional-pr-title-action#121

feat: Update action.yml by @Raj-StepSecurity in step-security/conventional-pr-title-action#122

Full Changelog: step-security/conventional-pr-title-action@v3...v3.2.4

Commits

e2a9b8d Merge pull request #122 from step-security/Raj-StepSecurity-patch-7
688663a Update action.yml
122a073 Merge pull request #121 from step-security/Raj-StepSecurity-patch-6
75d1e4e Update index.js
c6735da Merge pull request #119 from step-security/npm-audit-fix
cc9169a fix: apply audit fixes
3dec774 Merge pull request #112 from step-security/npm-audit-fix
2d11c74 fix: apply audit fixes
See full diff in compare view

Updates step-security/foundry-toolchain from 1.4.0 to 1.4.1

Release notes

Sourced from step-security/foundry-toolchain's releases.

v1.4.1

What's Changed

fix: Security updates by @github-actions[bot] in step-security/foundry-toolchain#110

fix: Security updates by @github-actions[bot] in step-security/foundry-toolchain#114

fix: Security updates by @github-actions[bot] in step-security/foundry-toolchain#115

fix: fixed validate subscription code by @amanstep in step-security/foundry-toolchain#117

New Contributors

@amanstep made their first contribution in step-security/foundry-toolchain#117

Full Changelog: step-security/foundry-toolchain@v1...v1.4.1

Commits

0f33b42 Merge pull request #117 from step-security/fix/subscription
534dd0e fix: fixed validate subscription code
fc0b68a Merge pull request #115 from step-security/npm-audit-fix
ce786fb fix: apply audit fixes
7a8af5c fix: apply audit fixes
18e3636 fix: apply audit fixes
e4e72b3 fix: apply audit fixes
82be6fa fix: apply audit fixes
4bd4629 Merge pull request #114 from step-security/npm-audit-fix
ea21368 fix: apply audit fixes
Additional commits viewable in compare view

Updates step-security/ghaction-import-gpg from 6.3.0 to 6.3.1

Release notes

Sourced from step-security/ghaction-import-gpg's releases.

v6.3.1

What's Changed

Update auto_cherry_pick.yml by @Raj-StepSecurity in step-security/ghaction-import-gpg#146

Create guarddog.yml by @Raj-StepSecurity in step-security/ghaction-import-gpg#145

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#151

Bump brace-expansion from 1.1.11 to 1.1.12 by @dependabot[bot] in step-security/ghaction-import-gpg#149

fix: fixed subscription check code by @amanstep in step-security/ghaction-import-gpg#175

New Contributors

@amanstep made their first contribution in step-security/ghaction-import-gpg#175

Full Changelog: step-security/ghaction-import-gpg@v6...v6.3.1

Commits

69c854a Merge pull request #175 from step-security/fix/subscription
347e30a fix: fixed subscription check code
4d3430a Merge pull request #149 from step-security/dependabot/npm_and_yarn/brace-expa...
2798f24 Bump brace-expansion from 1.1.11 to 1.1.12
e702cb5 Merge pull request #151 from step-security/yarn-audit-fix
5800c46 fix: apply audit fixes
a58f931 Merge pull request #145 from step-security/Raj-StepSecurity-patch-2
d638834 Merge branch 'main' into Raj-StepSecurity-patch-2
9948152 Merge pull request #146 from step-security/Raj-StepSecurity-patch-3
b93ede7 Update auto_cherry_pick.yml
Additional commits viewable in compare view

Updates step-security/semver-utils from 4.3.1 to 4.3.2

Release notes

Sourced from step-security/semver-utils's releases.

v4.3.2

What's Changed

fix: Security updates by @github-actions[bot] in step-security/semver-utils#189

chore: dist updated by @github-actions[bot] in step-security/semver-utils#197

feat: Validate Updated Subscription Flow by @Raj-StepSecurity in step-security/semver-utils#196

Full Changelog: step-security/semver-utils@v4...v4.3.2

Commits

4ae9c1f feat: Validate Updated Subscription Flow (#196)
e5db328 chore: dist updated
86044a1 Update main.ts
a48fbb7 Merge pull request #189 from step-security/npm-audit-fix
db54cc4 fix: apply audit fixes
2898593 fix: apply audit fixes
701989e fix: apply audit fixes
See full diff in compare view

Updates step-security/close-milestone from 2.2.0 to 2.2.1

Release notes

Sourced from step-security/close-milestone's releases.

v2.2.1

What's Changed

fix: Security updates by @github-actions[bot] in step-security/close-milestone#83

fix: Security updates by @github-actions[bot] in step-security/close-milestone#91

Create guarddog.yml by @Raj-StepSecurity in step-security/close-milestone#78

chore: dist updated by @github-actions[bot] in step-security/close-milestone#100

feat: Update main.ts by @Raj-StepSecurity in step-security/close-milestone#99

Full Changelog: step-security/close-milestone@v2...v2.2.1

Commits

b097272 feat: Update main.ts (#99)
d0c3c89 Merge pull request #100 from step-security/npm-audit-fix
b013a00 Update main.ts
ab8a244 Merge pull request #78 from step-security/Raj-StepSecurity-patch-3
95c6220 Merge branch 'main' into Raj-StepSecurity-patch-3
8867439 Merge pull request #91 from step-security/npm-audit-fix
2483b18 fix: apply audit fixes
4b2a8ac fix: apply audit fixes
9f35898 fix: apply audit fixes
7c316d3 Merge pull request #83 from step-security/npm-audit-fix
Additional commits viewable in compare view

Updates step-security/release-notes-generator-action from 3.1.8 to 3.1.9

Release notes

Sourced from step-security/release-notes-generator-action's releases.

v3.1.9

What's Changed

feat: Validate Updated Subscription Flow by @Raj-StepSecurity in step-security/release-notes-generator-action#50

feat: Update action.yml With Latest Docker Image by @Raj-StepSecurity in step-security/release-notes-generator-action#51

Full Changelog: step-security/release-notes-generator-action@v3...v3.1.9

Commits

192a937 Merge pull request #51 from step-security/Raj-StepSecurity-patch-6
f3c2d9f feat: Update action.yml With Latest Docker Image
7640f8b Merge pull request #50 from step-security/Raj-StepSecurity-patch-5
ba0e6bd Update entrypoint.sh
See full diff in compare view

Updates ncipollo/release-action from 1.18.0 to 1.20.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.20.0

What's Changed

Fixes #542 Add previous tag option by @ncipollo in ncipollo/release-action#550

Full Changelog: ncipollo/release-action@v1...v1.20.0

v1.19.2

What's Changed

Update immutableCreate's default in the documentation by @bblanchon in ncipollo/release-action#547

Fixes #548 Add support body + generated release notes by @ncipollo in ncipollo/release-action#549

New Contributors

@bblanchon made their first contribution in ncipollo/release-action#547

Full Changelog: ncipollo/release-action@v1...v1.19.2

v1.19.1

Defaults immutableCreate to false if it is omitted.

Full Changelog: ncipollo/release-action@v1.19.0...v1.19.1

v1.19.0

What's Changed

Fixes #540 Add support for immutable releases by @ncipollo in ncipollo/release-action#544

Bump actions/checkout from 4 to 5 by @dependabot[bot] in ncipollo/release-action#541

Bump glob from 11.0.2 to 11.0.3 by @dependabot[bot] in ncipollo/release-action#534

Full Changelog: ncipollo/release-action@v1...v1.19.0

Commits

b7eabc9 preparing release 1.20.0
e87de4c Fixes #542 Add previous tag option (#550)
98d25d4 preparing release 1.19.2
d360126 Fixes #548 Add support body + generated release notes (#549)
571fe81 Update immutableCreate's default in the documentation (#547)
1c89adf preparing release 1.19.1
36bf8dd References #545 Default immutable builds to false
b12185d preparing release 1.19.0
defcf13 Fixes #540 Add support for immutable releases (#544)
05013d5 Standardize on separate call to generate release notes
Additional commits viewable in compare view

Updates docker/login-action from 3.5.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

Commits

5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
97e3143 chore: update generated content
3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
abc9fb3 chore: update generated content
d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
0d7fae8 chore: update generated content
9832253 build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.63.0
09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…irectory with 11 updates Bumps the minor-and-patch-actions-weekly group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.13.1` | | [step-security/publish-unit-test-result-action](https://github.com/step-security/publish-unit-test-result-action) | `2.20.2` | `2.20.4` | | [step-security/gh-docker-logs](https://github.com/step-security/gh-docker-logs) | `2.2.5` | `2.2.6` | | [step-security/conventional-pr-title-action](https://github.com/step-security/conventional-pr-title-action) | `3.2.3` | `3.2.4` | | [step-security/foundry-toolchain](https://github.com/step-security/foundry-toolchain) | `1.4.0` | `1.4.1` | | [step-security/ghaction-import-gpg](https://github.com/step-security/ghaction-import-gpg) | `6.3.0` | `6.3.1` | | [step-security/semver-utils](https://github.com/step-security/semver-utils) | `4.3.1` | `4.3.2` | | [step-security/close-milestone](https://github.com/step-security/close-milestone) | `2.2.0` | `2.2.1` | | [step-security/release-notes-generator-action](https://github.com/step-security/release-notes-generator-action) | `3.1.8` | `3.1.9` | | [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.18.0` | `1.20.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.5.0` | `3.6.0` | Updates `step-security/harden-runner` from 2.13.0 to 2.13.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@ec9f2d5...f4a75cf) Updates `step-security/publish-unit-test-result-action` from 2.20.2 to 2.20.4 - [Release notes](https://github.com/step-security/publish-unit-test-result-action/releases) - [Commits](step-security/publish-unit-test-result-action@43e0c96...5d195d4) Updates `step-security/gh-docker-logs` from 2.2.5 to 2.2.6 - [Release notes](https://github.com/step-security/gh-docker-logs/releases) - [Commits](step-security/gh-docker-logs@fabd93e...2ffe2e0) Updates `step-security/conventional-pr-title-action` from 3.2.3 to 3.2.4 - [Release notes](https://github.com/step-security/conventional-pr-title-action/releases) - [Changelog](https://github.com/step-security/conventional-pr-title-action/blob/main/release.config.js) - [Commits](step-security/conventional-pr-title-action@d47e881...e2a9b8d) Updates `step-security/foundry-toolchain` from 1.4.0 to 1.4.1 - [Release notes](https://github.com/step-security/foundry-toolchain/releases) - [Changelog](https://github.com/step-security/foundry-toolchain/blob/main/RELEASE.md) - [Commits](step-security/foundry-toolchain@ced99da...0f33b42) Updates `step-security/ghaction-import-gpg` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/step-security/ghaction-import-gpg/releases) - [Commits](step-security/ghaction-import-gpg@c86c374...69c854a) Updates `step-security/semver-utils` from 4.3.1 to 4.3.2 - [Release notes](https://github.com/step-security/semver-utils/releases) - [Commits](step-security/semver-utils@b6c7716...4ae9c1f) Updates `step-security/close-milestone` from 2.2.0 to 2.2.1 - [Release notes](https://github.com/step-security/close-milestone/releases) - [Commits](step-security/close-milestone@fcc24c9...b097272) Updates `step-security/release-notes-generator-action` from 3.1.8 to 3.1.9 - [Release notes](https://github.com/step-security/release-notes-generator-action/releases) - [Commits](step-security/release-notes-generator-action@1142226...192a937) Updates `ncipollo/release-action` from 1.18.0 to 1.20.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@bcfe547...b7eabc9) Updates `docker/login-action` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@184bdaa...5e57cd1) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/publish-unit-test-result-action dependency-version: 2.20.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/gh-docker-logs dependency-version: 2.2.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/conventional-pr-title-action dependency-version: 3.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/foundry-toolchain dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/ghaction-import-gpg dependency-version: 6.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/semver-utils dependency-version: 4.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/close-milestone dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: step-security/release-notes-generator-action dependency-version: 3.1.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch-actions-weekly - dependency-name: ncipollo/release-action dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch-actions-weekly - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch-actions-weekly ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github Actions code. labels Sep 29, 2025

dependabot bot requested review from a team as code owners September 29, 2025 21:36

dependabot bot requested a review from rbarker-dev September 29, 2025 21:36

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github Actions code. labels Sep 29, 2025

dependabot bot requested a review from quiet-node September 29, 2025 21:36

dependabot bot force-pushed the dependabot/github_actions/minor-and-patch-actions-weekly-1168d3f3e8 branch from 4be3c62 to ed1b671 Compare October 6, 2025 19:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 11 updates #4425

build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 11 updates #4425

Uh oh!

dependabot bot commented on behalf of github Sep 29, 2025 •

edited

Loading

Uh oh!

Uh oh!

build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 11 updates #4425

Are you sure you want to change the base?

build(deps): bump the minor-and-patch-actions-weekly group across 1 directory with 11 updates #4425

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.13.1

What's Changed

v2.20.4

What's Changed

v2.2.6

What's Changed

v3.2.4

What's Changed

v1.4.1

What's Changed

New Contributors

v6.3.1

What's Changed

New Contributors

v4.3.2

What's Changed

v2.2.1

What's Changed

v3.1.9

What's Changed

v1.20.0

What's Changed

v1.19.2

What's Changed

New Contributors

v1.19.1

v1.19.0

What's Changed

v3.6.0

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Sep 29, 2025 •

edited

Loading