Bump the github-actions group with 5 updates#861
Merged
Conversation
Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/download-artifact](https://github.com/actions/download-artifact) | `5.0.0` | `6.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [KyleMayes/install-llvm-action](https://github.com/kylemayes/install-llvm-action) | `2.0.7` | `2.0.8` | | [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) | `0.5.9` | `0.5.10` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.3.3` | `2.4.1` | Updates `actions/download-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@634f93c...018cc2c) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v5) Updates `KyleMayes/install-llvm-action` from 2.0.7 to 2.0.8 - [Release notes](https://github.com/kylemayes/install-llvm-action/releases) - [Changelog](https://github.com/KyleMayes/install-llvm-action/blob/master/CHANGELOG.md) - [Commits](KyleMayes/install-llvm-action@v2.0.7...v2.0.8) Updates `azure/trusted-signing-action` from 0.5.9 to 0.5.10 - [Release notes](https://github.com/azure/trusted-signing-action/releases) - [Commits](https://github.com/azure/trusted-signing-action/compare/v0.5.9...v0.5.10) Updates `softprops/action-gh-release` from 2.3.3 to 2.4.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2.3.3...v2.4.1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: KyleMayes/install-llvm-action dependency-version: 2.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: azure/trusted-signing-action dependency-version: 0.5.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 2.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
dependabot
bot
added
the
github_actions
dependabot
bot
requested review from
bmribler,
brtnfld,
fortnern,
glennsong09,
jhendersonHDF,
mattjala,
schwehr and
vchoi-hdfgroup
as code owners
hdfeos
approved these changes
Nov 4, 2025
lrknox
approved these changes
Nov 4, 2025
dependabot
bot
deleted the
dependabot/github_actions/github-actions-d079b809cf
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the github-actions group with 5 updates:
5.0.06.0.0452.0.72.0.80.5.90.5.102.3.32.4.1Updates
actions/download-artifactfrom 5.0.0 to 6.0.0Release notes
Sourced from actions/download-artifact's releases.
Commits
018cc2cMerge pull request #438 from actions/danwkennedy/prepare-6.0.0815651cRevert "Removegithub.dep.yml"bb3a066Removegithub.dep.ymlfa1ce46Preparev6.0.04a24838Merge pull request #431 from danwkennedy/patch-15e3251cReadme: spell out the first use of GHESabefc31Merge pull request #424 from actions/yacaovsnc/update_readmeac43a60Update README with artifact extraction detailsde96f46Merge pull request #417 from actions/yacaovsnc/update_readme7993cb4Remove migration guide for artifact download changesUpdates
actions/upload-artifactfrom 4 to 5Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
330a01cMerge pull request #734 from actions/danwkennedy/prepare-5.0.003f2824Updategithub.dep.yml905a1ecPreparev5.0.02d9f9cdMerge pull request #725 from patrikpolyak/patch-19687587Merge branch 'main' into patch-12848b2cMerge pull request #727 from danwkennedy/patch-19b51177Spell out the first use of GHEScd231caUpdate GHES guidance to include reference to Node 20 versionde65e23Merge pull request #712 from actions/nebuk89-patch-18747d8cUpdate README.mdUpdates
KyleMayes/install-llvm-actionfrom 2.0.7 to 2.0.8Release notes
Sourced from KyleMayes/install-llvm-action's releases.
Changelog
Sourced from KyleMayes/install-llvm-action's changelog.
Commits
98e68e1Bump versionee035baAdd new llvm versions872abc6Update dependenciesUpdates
azure/trusted-signing-actionfrom 0.5.9 to 0.5.10Release notes
Sourced from azure/trusted-signing-action's releases.
Commits
fc390cfPin actions/cache by Git SHA (#90)850feebdocs: added clause indicating support for windows-2025 (#89)3f3eb15Update README.md (#87)Updates
softprops/action-gh-releasefrom 2.3.3 to 2.4.1Release notes
Sourced from softprops/action-gh-release's releases.
Changelog
Sourced from softprops/action-gh-release's changelog.
Commits
6da8fa9release 2.4.1f38efdefix: gracefully fallback to body when body_path cannot be read (#671)cec1a11fix(util): support brace expansion globs containing commas in parseInputFiles...aec2ec5release 2.4.04db716bfeat: respect working_directory for files globs; add input and tests (#667)14820f2chore(deps): bump the npm group with 2 updates (#668)62c96d0release 2.3.47dc9b8afix(action): handle 422 already_exists race condition (#665)0f0e0b9chore(deps): bump the npm group with 3 updates (#666)97d42c1chore(deps): bump the npm group across 1 directory with 2 updates (#662)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsImportant
Update GitHub Actions to newer versions, including breaking changes for Node support, affecting artifact handling and LLVM installation.
actions/download-artifactupdated from5.0.0to6.0.0in multiple workflows, includingabi-report.yml,cmake-analysis.yml, andrelease-files.yml.actions/upload-artifactupdated from4to5in workflows likecmake-ctest.yml,main-cmake.yml, andtarball.yml.KyleMayes/install-llvm-actionupdated from2.0.7to2.0.8incmake-analysis.ymlandcmake-script.yml.actions/download-artifactandactions/upload-artifactupdates include support for Nodev24.x, treated as a breaking change.softprops/action-gh-releaseupdated from2.3.3to2.4.1inrelease-files.yml, adding support for brace expansion globs and fallback for body path errors.azure/trusted-signing-actionupdated from0.5.9to0.5.10incmake-ctest.yml, with updates for Windows 2025 support.README.mdand other documentation files in the respective repositories of the actions.This description was created by
for 7a749ac. You can customize this summary. It will automatically update as commits are pushed.