Skip to content

build(deps): Bump the github-actions-dependencies group across 3 directories with 5 updates#351

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-dependencies-75347bcc46
Open

build(deps): Bump the github-actions-dependencies group across 3 directories with 5 updates#351
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-dependencies-75347bcc46

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026

Bumps the github-actions-dependencies group with 4 updates in the / directory: actions/create-github-app-token, hoverkraft-tech/ci-github-container, hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml and release-drafter/release-drafter.
Bumps the github-actions-dependencies group with 1 update in the /actions/deploy/jampack directory: actions/cache.
Bumps the github-actions-dependencies group with 1 update in the /actions/release/create directory: release-drafter/release-drafter.

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
  • Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

  • deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
  • deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
  • deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
  • deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

  • fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

  • deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
  • deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
  • deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
  • deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits
  • f8d387b build(release): 3.0.0 [skip ci]
  • d2129bd style: remove extra blank line in release workflow
  • 77b94ef build: refresh generated artifacts
  • 3ab4c66 chore: move undici to devDependencies
  • 739cf66 docs: update README action versions
  • db40289 build(deps): bump actions versions in test.yml
  • 496a7ac test: migrate from AVA to Node.js native test runner (#346)
  • 3870dc3 Rename end-to-end proxy job in test workflow
  • 4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
  • dce0ab0 fix: remove custom proxy handling (#143)
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-container from 0.30.6 to 0.31.0

Release notes

Sourced from hoverkraft-tech/ci-github-container's releases.

0.31.0

Release Summary

This release adds several user-facing enhancements in Docker workflows, including ARM64 standard runner support for private repositories, structured OCI registry inputs for distinct pull, push, and cache targets, custom BuildKit configuration support, and upgraded Buildx/BuildKit tooling. It also introduces a new preserve-tags-filter option for prune-pull-requests-images-tags.

Internal changes include documentation refreshes across actions and workflows, plus multiple GitHub Actions and npm dependency updates in Docker, Helm, and generate-docs components.

Breaking change(s)

There is no breaking change.

What's Changed

... (truncated)

Commits
  • df8b445 chore(deps): bump the github-actions-dependencies group across 2 directories ...
  • 051794f docs: update actions and workflows documentation
  • 6ea859b feat(docker): upgrade buildkit and buildx
  • 3a12532 docs: update actions and workflows documentation
  • 8c15e31 test: add test case for buildkitd-config-inline
  • 8906424 feat(docker-build-image): support buildKit configuration
  • 1666ec5 chore(deps): bump flatted in /actions/helm/generate-docs
  • dd70256 docs: update actions and workflows documentation
  • 701f90f chore(deps): bump the github-actions-dependencies group across 3 directories ...
  • 484f247 docs: update actions and workflows documentation
  • Additional commits viewable in compare view

Updates hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml from 0.30.6 to 0.31.0

Release notes

Sourced from hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml's releases.

0.31.0

Release Summary

This release adds several user-facing enhancements in Docker workflows, including ARM64 standard runner support for private repositories, structured OCI registry inputs for distinct pull, push, and cache targets, custom BuildKit configuration support, and upgraded Buildx/BuildKit tooling. It also introduces a new preserve-tags-filter option for prune-pull-requests-images-tags.

Internal changes include documentation refreshes across actions and workflows, plus multiple GitHub Actions and npm dependency updates in Docker, Helm, and generate-docs components.

Breaking change(s)

There is no breaking change.

What's Changed

... (truncated)

Commits
  • df8b445 chore(deps): bump the github-actions-dependencies group across 2 directories ...
  • 051794f docs: update actions and workflows documentation
  • 6ea859b feat(docker): upgrade buildkit and buildx
  • 3a12532 docs: update actions and workflows documentation
  • 8c15e31 test: add test case for buildkitd-config-inline
  • 8906424 feat(docker-build-image): support buildKit configuration
  • 1666ec5 chore(deps): bump flatted in /actions/helm/generate-docs
  • dd70256 docs: update actions and workflows documentation
  • 701f90f chore(deps): bump the github-actions-dependencies group across 3 directories ...
  • 484f247 docs: update actions and workflows documentation
  • Additional commits viewable in compare view

Updates release-drafter/release-drafter from 6.4.0 to 7.1.1

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.1.1

What's Changed

Bug Fixes

  • fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564) @​cchanche

Full Changelog: release-drafter/release-drafter@v7.1.0...v7.1.1

v7.1.0

What's Changed

New

Bug Fixes

  • fix: support pull_request_target event in autolabeler (#1560) @​jmeridth
  • fix: empty template when prs all are excluded by labels (#1429) @​Bledai
  • fix: fall back to org .github repo when config not found in current repo (#1554) @​jetersen

Maintenance

Documentation

Full Changelog: release-drafter/release-drafter@v7.0.0...v7.1.0

v7.0.0

What's Changed

Breaking

Bug Fixes

Maintenance

... (truncated)

Commits
  • 139054a chore: release v7.1.1
  • 114efa7 fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564)
  • b23b6d2 test: add semantic prefix replacer example
  • 44a942e chore: release v7.1.0
  • f1f40a0 docs: update README with pull_request_target example (#1561)
  • ebb69bb fix: support pull_request_target event in autolabeler (#1560)
  • bddbd54 ci: make sure PRs have a type label (#1557)
  • 4a66170 fix: empty template when prs all are excluded by labels (#1429)
  • 7431882 feat: filter releases by semver range (#1445)
  • 5a8b0d3 ci: restore CodeQL category lost when matrix was removed
  • Additional commits viewable in compare view

Updates actions/cache from 5.0.3 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

Updates release-drafter/release-drafter from 6.4.0 to 7.1.1

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.1.1

What's Changed

Bug Fixes

  • fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564) @​cchanche

Full Changelog: release-drafter/release-drafter@v7.1.0...v7.1.1

v7.1.0

What's Changed

New

Bug Fixes

  • fix: support pull_request_target event in autolabeler (#1560) @​jmeridth
  • fix: empty template when prs all are excluded by labels (#1429) @​Bledai
  • fix: fall back to org .github repo when config not found in current repo (#1554) @​jetersen

Maintenance

Documentation

Full Changelog: release-drafter/release-drafter@v7.0.0...v7.1.0

v7.0.0

What's Changed

Breaking

Bug Fixes

Maintenance

... (truncated)

Commits
  • 139054a chore: release v7.1.1
  • 114efa7 fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564)
  • b23b6d2 test: add semantic prefix replacer example
  • 44a942e chore: release v7.1.0
  • f1f40a0 docs: update README with pull_request_target example (#1561)
  • ebb69bb fix: support pull_request_target event in autolabeler (#1560)
  • bddbd54 ci: make sure PRs have a type label (#1557)
  • 4a66170 fix: empty template when prs all are excluded by labels (#1429)
  • 7431882 feat: filter releases by semver range (#1445)
  • 5a8b0d3 ci: restore CodeQL category lost when matrix was removed
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the github-actions-dependencies group across 3 dire…
e129607 
…ctories with 5 updates

Bumps the github-actions-dependencies group with 4 updates in the / directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token), [hoverkraft-tech/ci-github-container](https://github.com/hoverkraft-tech/ci-github-container), [hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml](https://github.com/hoverkraft-tech/ci-github-container) and [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter).
Bumps the github-actions-dependencies group with 1 update in the /actions/deploy/jampack directory: [actions/cache](https://github.com/actions/cache).
Bumps the github-actions-dependencies group with 1 update in the /actions/release/create directory: [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter).


Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@29824e6...f8d387b)

Updates `hoverkraft-tech/ci-github-container` from 0.30.6 to 0.31.0
- [Release notes](https://github.com/hoverkraft-tech/ci-github-container/releases)
- [Commits](hoverkraft-tech/ci-github-container@a0bab91...df8b445)

Updates `hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml` from 0.30.6 to 0.31.0
- [Release notes](https://github.com/hoverkraft-tech/ci-github-container/releases)
- [Commits](hoverkraft-tech/ci-github-container@a0bab91...df8b445)

Updates `release-drafter/release-drafter` from 6.4.0 to 7.1.1
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@6a93d82...139054a)

Updates `actions/cache` from 5.0.3 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@cdf6c1f...6682284)

Updates `release-drafter/release-drafter` from 6.4.0 to 7.1.1
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@6a93d82...139054a)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-container
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml
  dependency-version: 0.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: release-drafter/release-drafter
  dependency-version: 7.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-dependencies
- dependency-name: actions/cache
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: release-drafter/release-drafter
  dependency-version: 7.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 20, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 20, 2026

Hi, thank you for creating your PR, we will check it out very soon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants