chore(deps): bump the all-actions group across 1 directory with 10 updates by dependabot[bot] · Pull Request #583 · hashgraph/hedera-cryptography

dependabot · 2026-04-27T11:27:39Z

Bumps the all-actions group with 10 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.14.0`	`2.19.0`
actions/checkout	`6.0.1`	`6.0.2`
actions/setup-go	`6.1.0`	`6.4.0`
actions/setup-java	`5.1.0`	`5.2.0`
gradle/actions	`5.0.0`	`6.1.0`
step-security/publish-unit-test-result-action	`2.21.1`	`2.23.0`
step-security/action-semantic-pull-request	`6.1.1`	`6.1.2`
step-security/ghaction-import-gpg	`6.3.1`	`7.0.0`
actions/setup-node	`6.1.0`	`6.4.0`
actions/upload-artifact	`6.0.0`	`7.0.1`

Updates step-security/harden-runner from 2.14.0 to 2.19.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.

System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

v2.18.0

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

v2.16.1

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: step-security/harden-runner@v2.16.0...v2.16.1

v2.16.0

What's Changed

Updated action.yml to use node24

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-46g3-37rh-v698 for details.

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-g699-3x6g-wm3g for details.

Full Changelog: step-security/harden-runner@v2.15.1...v2.16.0

v2.15.1

What's Changed

Fixes step-security/harden-runner#642 bug due to which post step was failing on Windows ARM runners

Updates npm packages

... (truncated)

Commits

8d3c67d Release v2.19.0 (#661)
6c3c2f2 Feature/deploy on self hosted vm (#658)
f808768 Feature/policy store (#656)
fe10465 v2.16.1 (#654)
fa2e9d6 Release v2.16.0 (#646)
58077d3 Release v2.15.1 (#641)
a90bcbc Update readme (#637)
f0a59d8 Release v2.15.0 (#639)
5ef0c07 Merge pull request #635 from step-security/rc-34
eb43c7b update agent
Additional commits viewable in compare view

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
See full diff in compare view

Updates actions/setup-go from 6.1.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

Updates actions/setup-java from 5.1.0 to 5.2.0

Release notes

Sourced from actions/setup-java's releases.

v5.2.0

What's Changed

Enhancement

Retry on HTTP 522 Connection timed out by @findepi in actions/setup-java#964

Documentation Changes

Update gradle caching by @priya-kinthali in actions/setup-java#972

Update checkout to v6 by @mahabaleshwars in actions/setup-java#973

Dependency Updates

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-java#968

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-java#961

New Contributors

@findepi made their first contribution in actions/setup-java#964

Full Changelog: actions/setup-java@v5...v5.2.0

Commits

be666c2 Chore: Version Update and Checkout Update to v6 (#973)
f7a6fef Bump actions/checkout from 5 to 6 (#961)
d81c4e4 Upgrade @actions/cache to v5 (#968)
1b1bbe1 readme update (#972)
5d7b214 Retry on HTTP 522 Connection timed out (#964)
See full diff in compare view

Updates gradle/actions from 5.0.0 to 6.1.0

Release notes

Sourced from gradle/actions's releases.

v6.1.0

New: Basic Cache Provider

A new MIT-licensed Basic Caching provider is now available as an alternative to the proprietary Enhanced Caching provided by gradle-actions-caching. Choose Basic Caching by setting cache-provider: basic on setup-gradle or dependency-submission actions.

Built on @actions/cache -- fully open source

Caches ~/.gradle/caches and ~/.gradle/wrapper directories

Cache key derived from build files (*.gradle*, gradle-wrapper.properties, etc.)

Clean cache on build file changes (no restore keys, preventing stale entry accumulation)

Limitations vs Enhanced Caching: No cache cleanup, no deduplication of cached content, cached content is fixed unless build files change.

Revamped Licensing & Distribution Documentation

New DISTRIBUTION.md documents the licensing of each component (particularly Basic Caching vs Enhanced Caching)

Simplified licensing notices in README, docs, and runtime log output

Clear usage tiers: Enhanced Caching is free for public repos and in Free Preview for private repos

What's Changed

Use a unique cache entry for wrapper-validation test by @bigdaz in gradle/actions#921

Update Dependencies by @bigdaz in gradle/actions#922

Update dependencies and resolve npm vulnerabilities by @bigdaz in gradle/actions#933

Add open-source 'basic' cache provider and revamp licensing documentation by @bigdaz in gradle/actions#930

Restructure caching documentation for basic and enhanced providers by @bigdaz in gradle/actions#934

Full Changelog: gradle/actions@v6.0.1...v6.1.0

v6.0.1

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

The license changes in v6 introduced a gradle-actions-caching license notice that is printed in logs and in each job summary.

With this release, the license notice will be muted if build-scan terms have been accepted, or if a Develocity access key is provided.

What's Changed

Bump actions used in docs by @Goooler in gradle/actions#792

Add typing information for use by typesafegithub by @bigdaz in gradle/actions#910

Mute license warning when terms are accepted by @bigdaz in gradle/actions#911

Mention explicit license acceptance in notice by @bigdaz in gradle/actions#912

Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.1 to 2.21.2 in /sources/test/init-scripts in the gradle group across 1 directory by @dependabot[bot] in gradle/actions#907

Full Changelog: gradle/actions@v6.0.0...v6.0.1

v6.0.0

[!IMPORTANT]

... (truncated)

Commits

50e97c2 Link to docs for caching providers
f2e6298 Restructure caching documentation for basic and enhanced providers (#934)
b294b1e Really fix integ-test-full
83d3189 Revise license details for gradle-actions-caching
1d5db06 Update license link for gradle-actions-caching component
1c80961 Fix license link for Enhanced Caching component
9e99920 Fix integ-test-full workflow
bb8aaaf Fix workflow permissions
f5dfb43 [bot] Update dist directory
ff9ae24 Add open-source 'basic' cache provider and revamp licensing documentation (#930)
Additional commits viewable in compare view

Updates step-security/publish-unit-test-result-action from 2.21.1 to 2.23.0

Release notes

Sourced from step-security/publish-unit-test-result-action's releases.

v2.23.0

What's Changed

chore: Remove guarddog.yml by @anurag-stepsecurity in step-security/publish-unit-test-result-action#168

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/publish-unit-test-result-action#167

build(deps): bump python from 3.13.9-alpine3.22 to 3.14.1-alpine3.22 by @dependabot[bot] in step-security/publish-unit-test-result-action#160

ci: optimizing workflow tests by @Raj-StepSecurity in step-security/publish-unit-test-result-action#142

Bump actions/checkout from 4 to 6 by @dependabot[bot] in step-security/publish-unit-test-result-action#5

chore(deps): bump requests from 2.32.4 to 2.33.0 in /misc/action/package-downloads by @dependabot[bot] in step-security/publish-unit-test-result-action#169

chore(deps): bump requests from 2.32.4 to 2.33.0 in /misc/action/find-workflows by @dependabot[bot] in step-security/publish-unit-test-result-action#170

feat: added banner and update subscription check to make maintained actions free for public repos by @anurag-stepsecurity in step-security/publish-unit-test-result-action#173

fix: Resolve security vulnerabilities by @anurag-stepsecurity in step-security/publish-unit-test-result-action#166

fix: Resolve security vulnerabilities by @anurag-stepsecurity in step-security/publish-unit-test-result-action#177

chore: Remove image tag and sha by @anurag-stepsecurity in step-security/publish-unit-test-result-action#179

chore: Update image tag to v2.23.0 by @anurag-stepsecurity in step-security/publish-unit-test-result-action#180

New Contributors

@anurag-stepsecurity made their first contribution in step-security/publish-unit-test-result-action#168

Full Changelog: step-security/publish-unit-test-result-action@v2...v2.23.0

v2.22.0

What's Changed

fix: added false alert vulns to osv-scanner by @Raj-StepSecurity in step-security/publish-unit-test-result-action#155

ci: Update check-upgrades.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#156

ci: workflow permissions updated by @Raj-StepSecurity in step-security/publish-unit-test-result-action#157

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/publish-unit-test-result-action#161

ci: removing ubuntu slim as post harden runner fails and as a result ci-cd does not follow all steps by @Raj-StepSecurity in step-security/publish-unit-test-result-action#164

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#163

feat: Update action.yml by @Raj-StepSecurity in step-security/publish-unit-test-result-action#165

Full Changelog: step-security/publish-unit-test-result-action@v2...v2.22.0

Commits

681100d Merge pull request #180 from step-security/anurag-stepsecurity-patch-1
76407c0 chore: Update image tag to v2.23.0
f89dc9e Merge pull request #179 from step-security/anurag-stepsecurity-patch-1
36cc645 chore: Remove image tag and sha
482a1c9 Merge pull request #177 from step-security/fix-vulns
f5e4ca9 fix: Resolve security vulnerabilities
ff81920 Merge pull request #166 from step-security/fix-vulns
5de1103 fix: Resolve security vulnerabilities
a1d6c2e Merge pull request #173 from step-security/feat/update-subscription-check
39a5377 fix: resolve Windows cp1252 UnicodeEncodeError and refresh stale test fixtures
Additional commits viewable in compare view

Updates step-security/action-semantic-pull-request from 6.1.1 to 6.1.2

Release notes

Sourced from step-security/action-semantic-pull-request's releases.

v6.1.2

What's Changed

build(deps): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in step-security/action-semantic-pull-request#147

ci: update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#149

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#150

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#151

fix: build(deps): bump axios from 1.12.2 to 1.13.5 by @dependabot[bot] in step-security/action-semantic-pull-request#152

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#153

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#154

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#155

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#156

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#157

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#158

ci: made node version input to default at 24 by @amanstep in step-security/action-semantic-pull-request#133

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#159

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/action-semantic-pull-request#160

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#161

ci: update actions_release.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#162

Full Changelog: step-security/action-semantic-pull-request@v6...v6.1.2

Commits

75d2dd5 Merge pull request #162 from step-security/Raj-StepSecurity-patch-11
dce66ee Update actions_release.yml
80eb62b Merge pull request #161 from step-security/yarn-audit-fix
ac0700f fix: apply audit fixes
92d4228 fix: apply audit fixes
91fa82f fix: apply audit fixes
fed9df2 Merge pull request #160 from step-security/feat/update-subscription-check
9d0ba60 code linted
21be1b8 feat: added banner and update subscription check to make maintained actions f...
57d5042 Merge pull request #159 from step-security/yarn-audit-fix
Additional commits viewable in compare view

Updates step-security/ghaction-import-gpg from 6.3.1 to 7.0.0

Release notes

Sourced from step-security/ghaction-import-gpg's releases.

v7.0.0

What's Changed

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#177

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#191

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#193

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#195

fix: upgraded packages to fix vulnerabilities by @Raj-StepSecurity in step-security/ghaction-import-gpg#196

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#197

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#198

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#199

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#200

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#201

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#202

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#203

fix: Security updates by @github-actions[bot] in step-security/ghaction-import-gpg#204

ci: Update auto_cherry_pick.yml by @Raj-StepSecurity in step-security/ghaction-import-gpg#207

conflicted commits cherry-picked by @Raj-StepSecurity in step-security/ghaction-import-gpg#209

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/ghaction-import-gpg#206

ci: Create claude_review.yml by @Raj-StepSecurity in step-security/ghaction-import-gpg#211

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/ghaction-import-gpg#210

Full Changelog: step-security/ghaction-import-gpg@v6...v7.0.0

Commits

c0b4a33 Merge pull request #210 from step-security/feat/update-subscription-check
c2fcf60 package updated
9100cd3 Update package.json
04550bc Update action.yml
a665b29 Merge branch 'main' into feat/update-subscription-check
7cf51b3 Merge pull request #211 from step-security/Raj-StepSecurity-patch-5
b14d3b0 code linted
cca0382 ci: Create claude_review.yml
cf10c6e feat: added banner and update subscription check to make maintained actions f...
8bc4cd6 Merge pull request #206 from step-security/auto-cherry-pick
Additional commits viewable in compare view

Updates actions/setup-node from 6.1.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

Upgrade @actions dependencies by @Copilot in actions/setup-node#1525

Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533

New Contributors

@Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

Support parsing devEngines field by @susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Fix npm audit issues by @gowridurgad in actions/setup-node#1491

Replace uuid with crypto.randomUUID() by @trivikr in actions/setup-node#1378

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-node#1498

Bug fixes:

Remove hardcoded bearer for mirror-url @marco-ippolito in actions/setup-node#1467

Scope test lockfiles by package manager and update cache tests by @gowridurgad in actions/setup-node#1495

New Contributors

@susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

... (truncated)

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
Description has been truncated

…dates Bumps the all-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.0` | `2.19.0` | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.1.0` | `6.4.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.1.0` | `5.2.0` | | [gradle/actions](https://github.com/gradle/actions) | `5.0.0` | `6.1.0` | | [step-security/publish-unit-test-result-action](https://github.com/step-security/publish-unit-test-result-action) | `2.21.1` | `2.23.0` | | [step-security/action-semantic-pull-request](https://github.com/step-security/action-semantic-pull-request) | `6.1.1` | `6.1.2` | | [step-security/ghaction-import-gpg](https://github.com/step-security/ghaction-import-gpg) | `6.3.1` | `7.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | Updates `step-security/harden-runner` from 2.14.0 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@20cf305...8d3c67d) Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) Updates `actions/setup-go` from 6.1.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4dc6199...4a36011) Updates `actions/setup-java` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@f2beeb2...be666c2) Updates `gradle/actions` from 5.0.0 to 6.1.0 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@4d9f0ba...50e97c2) Updates `step-security/publish-unit-test-result-action` from 2.21.1 to 2.23.0 - [Release notes](https://github.com/step-security/publish-unit-test-result-action/releases) - [Commits](step-security/publish-unit-test-result-action@914f0f6...681100d) Updates `step-security/action-semantic-pull-request` from 6.1.1 to 6.1.2 - [Release notes](https://github.com/step-security/action-semantic-pull-request/releases) - [Commits](step-security/action-semantic-pull-request@bc0cf74...75d2dd5) Updates `step-security/ghaction-import-gpg` from 6.3.1 to 7.0.0 - [Release notes](https://github.com/step-security/ghaction-import-gpg/releases) - [Commits](step-security/ghaction-import-gpg@69c854a...c0b4a33) Updates `actions/setup-node` from 6.1.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@395ad32...48b55a0) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-java dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: gradle/actions dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: step-security/publish-unit-test-result-action dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: step-security/action-semantic-pull-request dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: step-security/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-27T11:34:04Z

Test Results

13 files ±0 13 suites ±0 20m 1s ⏱️ ±0s
86 tests ±0 86 ✅ ±0 0 💤 ±0 0 ❌ ±0
113 runs ±0 113 ✅ ±0 0 💤 ±0 0 ❌ ±0

Results for commit 37ae4c8. ± Comparison against base commit aa009fb.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 27, 2026

dependabot Bot requested review from a team as code owners April 27, 2026 11:27

dependabot Bot requested review from andrewb1269 and nathanklick April 27, 2026 11:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all-actions group across 1 directory with 10 updates#583

chore(deps): bump the all-actions group across 1 directory with 10 updates#583
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/all-actions-e8b9ef1ef5

dependabot Bot commented on behalf of github Apr 27, 2026

Uh oh!

github-actions Bot commented Apr 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026

v2.19.0

What's Changed

New Runner Support

Automated Incident Response for Supply Chain Attacks

Bug Fixes

v2.18.0

What's Changed

v2.17.0

What's Changed

Policy Store Support

v2.16.1

What's Changed

v2.16.0

What's Changed

v2.15.1

What's Changed

v6.0.2

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v5.2.0

What's Changed

Enhancement

Documentation Changes

Dependency Updates

New Contributors

v6.1.0

New: Basic Cache Provider

Revamped Licensing & Distribution Documentation

What's Changed

v6.0.1

Summary

What's Changed

v6.0.0

v2.23.0

What's Changed

New Contributors

v2.22.0

What's Changed

v6.1.2

What's Changed

v7.0.0

What's Changed

v6.4.0

What's Changed

Dependency updates:

New Contributors

v6.3.0

What's Changed

Enhancements:

Dependency updates:

Bug fixes:

New Contributors

v6.2.0