chore(deps): Bump the github-actions group with 2 updates by dependabot[bot] · Pull Request #3 · jgamblin/MacOS-Config

dependabot · 2026-03-25T20:32:51Z

Bumps the github-actions group with 2 updates: actions/checkout and super-linter/super-linter.

Updates actions/checkout from 4.3.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates super-linter/super-linter from 8.3.1 to 8.5.0

Release notes

Sourced from super-linter/super-linter's releases.

v8.5.0

8.5.0 (2026-02-06)

🚀 Features

update codespell skip patterns for go modules (#7465) (ff76a00)

🐛 Bugfixes

fix disable-telemetry trivy config file (#7473) (2ab2bd0)

mention summary comment in validation error (#7497) (888d5a8), closes #7483

pass file to check as first bash-exec param (#7471) (a18e2f6), closes #7467

⬆️ Dependency updates

bundler: bump rubocop in /dependencies in the rubocop group (#7480) (c0b4a56)

docker: bump the docker group across 1 directory with 3 updates (#7474) (b8cb189)

docker: bump the docker group across 1 directory with 3 updates (#7490) (147e829)

docker: bump the docker group with 2 updates (#7463) (adc2836)

docker: bump the docker group with 3 updates (#7455) (a1b44ab)

java: bump com.google.googlejavaformat:google-java-format (#7489) (8758d94)

java: bump com.puppycrawl.tools:checkstyle (#7475) (929cd66)

java: bump com.puppycrawl.tools:checkstyle (#7498) (c285101)

npm: bump @isaacs/brace-expansion in /dependencies (#7482) (c15b8ac)

npm: bump @modelcontextprotocol/sdk in /dependencies (#7488) (675cbf6)

npm: bump fast-xml-parser and @aws-sdk/xml-builder (#7491) (7012368)

npm: bump the npm group across 1 directory with 2 updates (#7457) (962a22b)

npm: bump the npm group across 1 directory with 2 updates (#7501) (ae44688)

npm: bump the npm group across 1 directory with 5 updates (#7487) (9be025d)

npm: bump the npm group across 1 directory with 6 updates (#7477) (b44fb3f)

python: bump ruff (#7486) (7e9df59)

python: bump snakemake (#7456) (5989994)

python: bump the pip group across 1 directory with 2 updates (#7476) (6b3b830)

python: bump the pip group across 1 directory with 2 updates (#7500) (4452db3)

🧰 Maintenance

dev-docker: bump node in /dev-dependencies (#7484) (40bc6a0)

github-actions: bump docker/login-action in the dev-ci-tools group (#7454) (a2a7292)

update tar (#7462) (c082d16)

v8.4.0

8.4.0 (2026-01-28)

🚀 Features

... (truncated)

Changelog

Sourced from super-linter/super-linter's changelog.

Changelog

8.5.0 (2026-02-06)

🚀 Features

update codespell skip patterns for go modules (#7465) (ff76a00)

🐛 Bugfixes

fix disable-telemetry trivy config file (#7473) (2ab2bd0)

mention summary comment in validation error (#7497) (888d5a8), closes #7483

pass file to check as first bash-exec param (#7471) (a18e2f6), closes #7467

⬆️ Dependency updates

bundler: bump rubocop in /dependencies in the rubocop group (#7480) (c0b4a56)

docker: bump the docker group across 1 directory with 3 updates (#7474) (b8cb189)

docker: bump the docker group across 1 directory with 3 updates (#7490) (147e829)

docker: bump the docker group with 2 updates (#7463) (adc2836)

docker: bump the docker group with 3 updates (#7455) (a1b44ab)

java: bump com.google.googlejavaformat:google-java-format (#7489) (8758d94)

java: bump com.puppycrawl.tools:checkstyle (#7475) (929cd66)

java: bump com.puppycrawl.tools:checkstyle (#7498) (c285101)

npm: bump @isaacs/brace-expansion in /dependencies (#7482) (c15b8ac)

npm: bump @modelcontextprotocol/sdk in /dependencies (#7488) (675cbf6)

npm: bump fast-xml-parser and @aws-sdk/xml-builder (#7491) (7012368)

npm: bump the npm group across 1 directory with 2 updates (#7457) (962a22b)

npm: bump the npm group across 1 directory with 2 updates (#7501) (ae44688)

npm: bump the npm group across 1 directory with 5 updates (#7487) (9be025d)

npm: bump the npm group across 1 directory with 6 updates (#7477) (b44fb3f)

python: bump ruff (#7486) (7e9df59)

python: bump snakemake (#7456) (5989994)

python: bump the pip group across 1 directory with 2 updates (#7476) (6b3b830)

python: bump the pip group across 1 directory with 2 updates (#7500) (4452db3)

🧰 Maintenance

dev-docker: bump node in /dev-dependencies (#7484) (40bc6a0)

github-actions: bump docker/login-action in the dev-ci-tools group (#7454) (a2a7292)

update tar (#7462) (c082d16)

8.4.0 (2026-01-28)

🚀 Features

... (truncated)

Commits

61abc07 chore(main): release 8.5.0 (#7459)
a18e2f6 fix: pass file to check as first bash-exec param (#7471)
c285101 deps(java): bump com.puppycrawl.tools:checkstyle (#7498)
4452db3 deps(python): bump the pip group across 1 directory with 2 updates (#7500)
ae44688 deps(npm): bump the npm group across 1 directory with 2 updates (#7501)
888d5a8 fix: mention summary comment in validation error (#7497)
8758d94 deps(java): bump com.google.googlejavaformat:google-java-format (#7489)
147e829 deps(docker): bump the docker group across 1 directory with 3 updates (#7490)
7012368 deps(npm): bump fast-xml-parser and @aws-sdk/xml-builder (#7491)
9be025d deps(npm): bump the npm group across 1 directory with 5 updates (#7487)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [super-linter/super-linter](https://github.com/super-linter/super-linter). Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) Updates `super-linter/super-linter` from 8.3.1 to 8.5.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](super-linter/super-linter@47984f4...61abc07) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: super-linter/super-linter dependency-version: 8.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 25, 2026

jgamblin approved these changes Mar 28, 2026

View reviewed changes

jgamblin merged commit df51104 into master Mar 28, 2026
20 checks passed

dependabot bot deleted the dependabot/github_actions/github-actions-c8670757ac branch March 28, 2026 00:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the github-actions group with 2 updates#3

chore(deps): Bump the github-actions group with 2 updates#3
jgamblin merged 1 commit intomasterfrom
dependabot/github_actions/github-actions-c8670757ac

dependabot bot commented on behalf of github Mar 25, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 25, 2026

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v8.5.0

8.5.0 (2026-02-06)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

v8.4.0

8.4.0 (2026-01-28)

🚀 Features

Changelog

8.5.0 (2026-02-06)

🚀 Features

🐛 Bugfixes

⬆️ Dependency updates

🧰 Maintenance

8.4.0 (2026-01-28)

🚀 Features

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant