chore(deps): bump the dependencies group with 11 updates #1

dependabot · 2025-09-23T07:35:51Z

Bumps the dependencies group with 11 updates:

Package	From	To
actions/checkout	`4`	`5`
github/codeql-action	`3.28.1`	`3.30.3`
actions/setup-java	`4.6.0`	`5.0.0`
actions/upload-artifact	`4.6.0`	`4.6.2`
checkmarx/kics-github-action	`2.1.3`	`2.1.13`
amannn/action-semantic-pull-request	`5.5.3`	`6.1.1`
marocchino/sticky-pull-request-comment	`2.9.1`	`2.9.4`
actions/setup-node	`4.1.0`	`5.0.0`
actions/upload-pages-artifact	`3`	`4`
aquasecurity/trivy-action	`0.29.0`	`0.33.1`
trufflesecurity/trufflehog	`3.88.2`	`3.90.8`

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates github/codeql-action from 3.28.1 to 3.30.3

Release notes

Sourced from github/codeql-action's releases.

v3.30.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

Fixed a bug which could cause language autodetection to fail. #3084

Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

See the full CHANGELOG.md for more information.

v3.30.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

Update default CodeQL bundle version to 2.23.0. #3077

See the full CHANGELOG.md for more information.

v3.30.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

See the full CHANGELOG.md for more information.

v3.29.11

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100

We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107

You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

Fixed a bug which could cause language autodetection to fail. #3084

Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999

... (truncated)

Commits

192325c Merge pull request #3104 from github/update-v3.30.3-b660efdcf
e68956d Update changelog for v3.30.3
b660efd Merge pull request #3103 from github/mbg/fix/category-check
e49458b Fix runInterpretResultsFor using the wrong AnalysisConfig for category fix
f374a62 Merge pull request #3098 from github/kaspersv/increase-overlay-base-size-limit
5efa438 Merge pull request #3101 from github/mbg/public-repo-notice-in-pr-template
8a84a62 Overlay: Increase size limit for cached overlay base database
eb50a88 Merge pull request #3097 from github/redsun82/only-dump-sarif
4c53461 Tweak sarif dump log
dae3742 Dump soon to be uploaded SARIF on request
Additional commits viewable in compare view

Updates actions/setup-java from 4.6.0 to 5.0.0

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-java#888

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Upgrade Publish Immutable Action by @HarithaVattikuti in actions/setup-java#798

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot[bot] in actions/setup-java#730

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-java#833

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-java#887

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-java#896

Bug Fixes

Prevent default installation of JetBrains pre-releases by @priyagupta108 in actions/setup-java#859

Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by @gowridurgad in actions/setup-java#848

New Contributors

@gowridurgad made their first contribution in actions/setup-java#848

@salmanmkc made their first contribution in actions/setup-java#888

Full Changelog: actions/setup-java@v4...v5.0.0

v4.7.1

What's Changed

Documentation changes

Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by @aparnajyothi-y in actions/setup-java#704

Remove duplicated GraalVM section in documentation by @Marcono1234 in actions/setup-java#716

Dependency updates:

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/setup-java#766

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-java#744

Upgrade ts-jest from 29.1.2 to 29.2.5 by @dependabot in actions/setup-java#743

Upgrade @action/cache to 4.0.3 by @aparnajyothi-y in actions/setup-java#773

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

Configure Dependabot settings by @HarithaVattikuti in actions/setup-java#722

README Update: Added a permissions section by @benwells in actions/setup-java#723

Upgrade cache from version 3.2.4 to 4.0.0 by @aparnajyothi-y in actions/setup-java#724

Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @dependabot in actions/setup-java#728

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-java#727

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot in actions/setup-java#729

... (truncated)

Commits

dded088 Bump actions/checkout from 4 to 5 (#896)
0913e9a Upgrade to node 24 (#888)
e9343db Bumps form-data (#887)
ae2b61d Bump undici from 5.28.5 to 5.29.0 (#833)
c190c18 Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (#730)
67aec00 Fix: prevent default installation of JetBrains pre-releases (#859)
ebb356c Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failu...
f4f1212 Update publish-immutable-actions.yml (#798)
c5195ef actions/cache upgrade to 4.0.3 (#773)
dd38875 Bump ts-jest from 29.1.2 to 29.2.5 (#743)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.0 to 4.6.2

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.2

What's Changed

Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @salmanmkc in actions/upload-artifact#685

New Contributors

@salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Commits

ea165f8 Merge pull request #685 from salmanmkc/salmanmkc/3-new-upload-artifacts-release
0839620 Prepare for new release of actions/upload-artifact with new toolkit cache ver...
4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
See full diff in compare view

Updates checkmarx/kics-github-action from 2.1.3 to 2.1.13

Release notes

Sourced from checkmarx/kics-github-action's releases.

v2.1.13

What's Changed

bump kics version to 2-1-13 by @cx-monica-casanova in Checkmarx/kics-github-action#139

Full Changelog: Checkmarx/kics-github-action@v2.1.12...v2.1.13

v2.1.12

What's Changed

bumps kics version to 2.1.12 by @cx-monica-casanova in Checkmarx/kics-github-action#136

Full Changelog: Checkmarx/kics-github-action@v2.1.11...v2.1.12

v2.1.11

What's Changed

bump kics version to 2.1.11 by @cx-monica-casanova in Checkmarx/kics-github-action#133

Full Changelog: Checkmarx/kics-github-action@v2.1.10...v2.1.11

v2.1.10

What's Changed

Update kics to version 2.1.10 by @cx-bruno-silva in Checkmarx/kics-github-action#132

New Contributors

@cx-bruno-silva made their first contribution in Checkmarx/kics-github-action#132

Full Changelog: Checkmarx/kics-github-action@v2.1.9...v2.1.10

v2.1.9

What's Changed

UpdateKicsVersionTo219 by @cx-monica-casanova in Checkmarx/kics-github-action#131

Full Changelog: Checkmarx/kics-github-action@v2.1.8...v2.1.9

v2.1.8

What's Changed

update kics version to 218 by @cx-monica-casanova in Checkmarx/kics-github-action#129

Full Changelog: Checkmarx/kics-github-action@v2.1.7...v2.1.8

v2.1.7

What's Changed

Update kics version by @cx-monica-casanova in Checkmarx/kics-github-action#127

Full Changelog: Checkmarx/kics-github-action@v2.1.6...v2.1.7

... (truncated)

Commits

7145454 bump kics version to 2-1-13 (#139)
cd1f377 bumps kics version to 2.1.12 (#136)
3545b74 bump kics version to 2.1.11 (#133)
c06a133 Update kics to version 2.1.10 (#132)
1141bda UpdateKicsVersionTo219 (#131)
c456d04 Merge pull request #129 from Checkmarx/UpdateKICSVersionTo218
d83c04e update kics version to 218
5373b38 Merge pull request #127 from Checkmarx/updateKicsVersionTo217
061d0d8 update kics dockerfile version
80b24bb Update kics version
Additional commits viewable in compare view

Updates amannn/action-semantic-pull-request from 5.5.3 to 6.1.1

Release notes

Sourced from amannn/action-semantic-pull-request's releases.

v6.1.1

6.1.1 (2025-08-22)

Bug Fixes

Parse headerPatternCorrespondence properly (#295) (800da4c)

v6.1.0

6.1.0 (2025-08-19)

Features

Support providing regexps for types (#292) (a30288b)

Bug Fixes

Remove trailing whitespace from "unknown release type" error message (#291) (afa4edb)

v6.0.1

6.0.1 (2025-08-13)

Bug Fixes

Actually execute action (#289) (58e4ab4)

v6.0.0

6.0.0 (2025-08-13)

⚠ BREAKING CHANGES

Upgrade action to use Node.js 24 and ESM (#287)

Features

Upgrade action to use Node.js 24 and ESM (#287) (bc0c9a7)

Changelog

Sourced from amannn/action-semantic-pull-request's changelog.

Changelog

6.1.1 (2025-08-22)

Bug Fixes

Parse headerPatternCorrespondence properly (#295) (800da4c)

6.1.0 (2025-08-19)

Features

Support providing regexps for types (#292) (a30288b)

Bug Fixes

Remove trailing whitespace from "unknown release type" error message (#291) (afa4edb)

6.0.1 (2025-08-13)

Bug Fixes

Actually execute action (#289) (58e4ab4)

6.0.0 (2025-08-13)

⚠ BREAKING CHANGES

Upgrade action to use Node.js 24 and ESM (#287)

Features

Upgrade action to use Node.js 24 and ESM (#287) (bc0c9a7)

5.5.3 (2024-06-28)

Bug Fixes

Bump braces dependency (#269. by @EelcoLos) (2d952a1)

5.5.2 (2024-04-24)

Bug Fixes

Bump tar from 6.1.11 to 6.2.1 (#262 by @EelcoLos) (9a90d5a)

5.5.1 (2024-04-24)

... (truncated)

Commits

48f2562 chore: Release 6.1.1 [skip ci]
800da4c fix: Parse headerPatternCorrespondence properly (#295)
677b895 test: Fix broken test
24e6f01 ci: Fix permissions for tagger
7f33ba7 chore: Release 6.1.0 [skip ci]
afa4edb fix: Remove trailing whitespace from "unknown release type" error message (#291)
a30288b feat: Support providing regexps for types (#292)
a46a7c8 build: Move Vitest to devDependencies (#290)
fdd4d3d chore: Release 6.0.1 [skip ci]
58e4ab4 fix: Actually execute action (#289)
Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.1 to 2.9.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

build(deps-dev): Bump @biomejs/biome from 2.0.0 to 2.0.2 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1554

build(deps-dev): Bump @types/node from 24.0.3 to 24.0.11 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1561

build(deps-dev): Bump @biomejs/biome from 2.0.4 to 2.1.1 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1562

build(deps-dev): Bump @types/node from 24.0.11 to 24.0.12 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1563

build(deps-dev): Bump @types/node from 24.0.12 to 24.0.13 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1564

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

v2.9.3

What's Changed

Update deps (including security issues)

Test with vitest instead of jest

Use biome

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.2...v2.9.3

v2.9.2

What's Changed

Update @octokit/graphql-schema & use biome by @marocchino in marocchino/sticky-pull-request-comment#1517

build(deps): Bump undici from 5.28.4 to 5.28.5 by @dependabot in marocchino/sticky-pull-request-comment#1476

build(deps-dev): Bump @types/node from 22.10.7 to 22.14.0 by @dependabot in marocchino/sticky-pull-request-comment#1515

build(deps): Bump @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot in marocchino/sticky-pull-request-comment#1490

build(deps): Bump @octokit/request from 8.1.4 to 8.4.1 by @dependabot in marocchino/sticky-pull-request-comment#1494

build(deps): Bump @octokit/plugin-paginate-rest from 9.1.2 to 9.2.2 by @dependabot in marocchino/sticky-pull-request-comment#1493

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.1...v2.9.2

Commits

7737449 📦️ Build
8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
3ac8a74 build(deps-dev): Bump @types/node from 24.0.12 to 24.0.13
e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
99f9378 build(deps-dev): Bump @types/node from 24.0.11 to 24.0.12
2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
482d7fd build(deps-dev): Bump @biomejs/biome from 2.0.4 to 2.1.1
c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
76f8462 build(deps-dev): Bump @types/node from 24.0.3 to 24.0.11
246151a ⬆️ Update biome
Additional commits viewable in compare view

Updates actions/setup-node from 4.1.0 to 5.0.0

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in actions/setup-node#1227

Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345

New Contributors

@priya-kinthali made their first contribution in actions/setup-node#1348

@salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Make eslint-compact matcher compatible with Stylelint by @FloEdelmann in actions/setup-node#98

Add support for indented eslint output by @fregante in actions/setup-node#1245

Enhancement:

Support private mirrors by @marco-ippolito in actions/setup-node#1240

Dependency update:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-node#1262

New Contributors

@FloEdelmann made their first contribution in actions/setup-node#98

@fregante made their first contribution in actions/setup-node#1245

@marco-ippolito made their first contribution in actions/setup-node#1240

Full Changelog: actions/setup-node@v4...v4.4.0

... (truncated)

Commits

a0853c2 Bump actions/checkout from 4 to 5 (#1345)
b7234cc Upgrade action to use node24 (#1325)
d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
5e2628c Bumps form-data (#1332)
65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
08f58d1 Bump @octokit/request-error and @actions/github (#1227)
49933ea Bump @action/cache from 4.0.2 to 4.0.3 (#1262)
e3ce749 feat: support private mirrors (#1240)
40337cb Add support for indented eslint output (#1245)
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation

Pin actions/upload-artifact to SHA by @heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

Group tar's output to prevent it from messing up action logs @SilverRainZ (#94)

Update README.md @uiolee (#88)

Bump the non-breaking-changes group with 1 update @dependabot (#92)

Update Dependabot config to group non-breaking changes @JamesMGreene (#91)

Bump actions/checkout from 3 to 4 @dependabot (#76)

See details of all code changes since previous release.

Commits

7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
4cc19c7 Pin actions/upload-artifact to SHA
2d163be Merge pull request #107 from KittyChiu/main
c704843 fix: linted README
9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
e59cdfe Update README.md
a2d6704 doc: updated usage section in readme
984864e Merge pull request #105 from actions/Jcambass-patch-1
45dc788 Add workflow file for publishing releases to immutable action package
efaad07 Merge pull request #102 from actions/hidden-files
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.29.0 to 0.33.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.33.1

What's Changed

Update setup-trivy action to version v0.2.4 by @martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@0.33.0...0.33.1

v0.33.0

What's Changed

Update dependencies in README by @ibakshay in

Bumps the dependencies group with 11 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.1` | `3.30.3` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.6.0` | `5.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.2` | | [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.3` | `2.1.13` | | [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5.5.3` | `6.1.1` | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `2.9.1` | `2.9.4` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.1.0` | `5.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `4` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.29.0` | `0.33.1` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.88.2` | `3.90.8` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v5) Updates `github/codeql-action` from 3.28.1 to 3.30.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b6a472f...192325c) Updates `actions/setup-java` from 4.6.0 to 5.0.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@7a6d8a8...dded088) Updates `actions/upload-artifact` from 4.6.0 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@65c4c4a...ea165f8) Updates `checkmarx/kics-github-action` from 2.1.3 to 2.1.13 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@9446974...7145454) Updates `amannn/action-semantic-pull-request` from 5.5.3 to 6.1.1 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](amannn/action-semantic-pull-request@0723387...48f2562) Updates `marocchino/sticky-pull-request-comment` from 2.9.1 to 2.9.4 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](marocchino/sticky-pull-request-comment@52423e0...7737449) Updates `actions/setup-node` from 4.1.0 to 5.0.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@39370e3...a0853c2) Updates `actions/upload-pages-artifact` from 3 to 4 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@v3...v4) Updates `aquasecurity/trivy-action` from 0.29.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@18f2510...b6643a2) Updates `trufflesecurity/trufflehog` from 3.88.2 to 3.90.8 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](trufflesecurity/trufflehog@a94d152...466da5b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: 3.30.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: checkmarx/kics-github-action dependency-version: 2.1.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: amannn/action-semantic-pull-request dependency-version: 6.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 2.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: actions/setup-node dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: trufflesecurity/trufflehog dependency-version: 3.90.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-09-23T07:35:52Z

Labels

The following labels could not be found: dependabot, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the dependencies group with 11 updates #1

chore(deps): bump the dependencies group with 11 updates #1

Uh oh!

dependabot bot commented on behalf of github Sep 23, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Sep 23, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the dependencies group with 11 updates #1

Are you sure you want to change the base?

chore(deps): bump the dependencies group with 11 updates #1

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v3.30.3

CodeQL Action Changelog

3.30.3 - 10 Sep 2025

v3.30.2

CodeQL Action Changelog

3.30.2 - 09 Sep 2025

v3.30.1

CodeQL Action Changelog

3.30.1 - 05 Sep 2025

v3.30.0

CodeQL Action Changelog

3.30.0 - 01 Sep 2025

v3.29.11

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

3.30.3 - 10 Sep 2025

3.30.2 - 09 Sep 2025

3.30.1 - 05 Sep 2025

3.30.0 - 01 Sep 2025

3.29.11 - 21 Aug 2025

3.29.10 - 18 Aug 2025

3.29.9 - 12 Aug 2025

3.29.8 - 08 Aug 2025

3.29.7 - 07 Aug 2025

3.29.6 - 07 Aug 2025

v5.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Bug Fixes

New Contributors

v4.7.1

What's Changed

Documentation changes

Dependency updates:

v4.7.0

What's Changed

v4.6.2

What's Changed

New Contributors

v4.6.1

What's Changed

v2.1.13

What's Changed

v2.1.12

What's Changed

v2.1.11

What's Changed

v2.1.10

What's Changed

New Contributors

v2.1.9

What's Changed

v2.1.8

What's Changed

v2.1.7

What's Changed

v6.1.1

6.1.1 (2025-08-22)

Bug Fixes

v6.1.0

dependabot bot commented on behalf of github Sep 23, 2025 •

edited

Loading