Bump the github-actions group across 1 directory with 5 updates by dependabot[bot] · Pull Request #206 · dell/common-github-actions

dependabot · 2026-03-28T03:54:18Z

Bumps the github-actions group with 5 updates in the / directory:

Package	From	To
actions/create-github-app-token	`2.2.1`	`3.0.0`
dependabot/fetch-metadata	`2.5.0`	`3.0.0`
fgrosse/go-coverage-report	`1.2.0`	`1.3.0`
crazy-max/ghaction-import-gpg	`6`	`7`
actions/download-artifact	`8.0.0`	`8.0.1`

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

feat!: node 24 support (#275) (2e564a0)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

deps: bump @actions/core from 1.11.1 to 3.0.0 (#337) (b044133)

deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)

deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)

deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)

deps: bump @octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)

deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)

deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

f8d387b build(release): 3.0.0 [skip ci]
d2129bd style: remove extra blank line in release workflow
77b94ef build: refresh generated artifacts
3ab4c66 chore: move undici to devDependencies
739cf66 docs: update README action versions
db40289 build(deps): bump actions versions in test.yml
496a7ac test: migrate from AVA to Node.js native test runner (#346)
3870dc3 Rename end-to-end proxy job in test workflow
4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
dce0ab0 fix: remove custom proxy handling (#143)
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.5.0 to 3.0.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

Bump minimatch from 3.1.2 to 3.1.5 by @dependabot[bot] in dependabot/fetch-metadata#667

Bump hono from 4.12.5 to 4.12.7 by @dependabot[bot] in dependabot/fetch-metadata#668

Bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @dependabot[bot] in dependabot/fetch-metadata#669

Bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in dependabot/fetch-metadata#670

build(deps-dev): bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in dependabot/fetch-metadata#674

New Contributors

@ppkarwasz made their first contribution in dependabot/fetch-metadata#632

@truggeri made their first contribution in dependabot/fetch-metadata#649

@sue445 made their first contribution in dependabot/fetch-metadata#656

@sturman made their first contribution in dependabot/fetch-metadata#671

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

Commits

ffa630c v3.0.0 (#686)
ec8fff2 Merge pull request #674 from dependabot/dependabot/npm_and_yarn/picomatch-2.3.2
caf48bd build(deps-dev): bump picomatch from 2.3.1 to 2.3.2
13d8274 Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 (#678)
b603099 Upgrade @actions/core from ^1.11.1 to ^3.0.0 (#677)
c5dc5b1 Enable noImplicitAny in tsconfig.json (#684)
a183f3c Add typecheck step to CI (#685)
5e17564 Remove skipLibCheck from tsconfig.json (#683)
bb56eeb Switch tsconfig module resolution to bundler (#682)
3632e3d Remove vestigial outDir from tsconfig.json (#681)
Additional commits viewable in compare view

Updates fgrosse/go-coverage-report from 1.2.0 to 1.3.0

Release notes

Sourced from fgrosse/go-coverage-report's releases.

v1.3.0

Changelog

e12be79b245a19a6336fd404c85ee077c4806aa7 Add "EVENT_NAME" to Environment Variables (#58)

cbeb2ab2e32591d690337146ba02a911cc566f3f Add .envrc to .gitignore

7ce711ced2d25d1fc704be9db6a3e4876c308181 Add RELEASING.md with release process documentation

45c4605513a7da34acc945357da98b4025975536 Add exclude parameter to allow excluding some files from the report (#59)

238549031ae3082c51e8e7527b38027d92bc3b15 Add graceful fallback for missing baseline coverage (#71)

764680f6cbd0b3b85511abe1e3a8ab3789bc8d32 Add structured outputs to the GitHub Action (#74)

3dda317b2b30882e21656aea68a284ed628e6452 Allow triggering Unit tests action manually

eb278fd345172149ffd82967c0e1a92547b9d621 Bump default version to v1.3.0 in action.yml and README

ae3204f4125161ae4a75780bdb57dec472bfd49c Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#66)

c3951d5d738d8cfe2b24d515f5b7d326c43341e0 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#49)

e70aa7d8ec6944f8e9577427ceddffce03641b87 Count statments after block deduplication (#72)

c30d794375892a2a971ef52261e8a3c46164e615 Release v1.3.0

3756919a8520d1ba621e5fdbb86b6acda5e2f3a9 Update .gitignore

19e74112621884a2f5f854789994e303f9d52dd9 Update CHANGELOG for #72

319492983e62c45dcf8dd412cc99085ad4935a7a Update Go and golangci-lint versions in CI (#50)

a6ab3144486abf1db1573421a3c884bd4d5392fa Update goreleaser config to version 2

Changelog

Sourced from fgrosse/go-coverage-report's changelog.

[v1.3.0] - 2026-03-11

Add event-name and target-branch inputs to support workflows triggered by events other than pushfgrosse/go-coverage-report#58

fgrosse/go-coverage-report#72

fgrosse/go-coverage-report#71

Add --excludefgrosse/go-coverage-report#59

Add structured outputs (total_coverage, coverage_delta, coverage_trend, total_statements, covered_statements, missed_statementsfgrosse/go-coverage-report#64

Commits

cbeb2ab Add .envrc to .gitignore
a6ab314 Update goreleaser config to version 2
7ce711c Add RELEASING.md with release process documentation
eb278fd Bump default version to v1.3.0 in action.yml and README
c30d794 Release v1.3.0
764680f Add structured outputs to the GitHub Action (#74)
e12be79 Add "EVENT_NAME" to Environment Variables (#58)
45c4605 Add exclude parameter to allow excluding some files from the report (#59)
2385490 Add graceful fallback for missing baseline coverage (#71)
3756919 Update .gitignore
Additional commits viewable in compare view

Updates crazy-max/ghaction-import-gpg from 6 to 7

Release notes

Sourced from crazy-max/ghaction-import-gpg's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in crazy-max/ghaction-import-gpg#241

Switch to ESM and update config/test wiring by @crazy-max in crazy-max/ghaction-import-gpg#239

Bump @actions/core from 1.11.1 to 3.0.0 in crazy-max/ghaction-import-gpg#232

Bump @actions/exec from 1.1.1 to 3.0.0 in crazy-max/ghaction-import-gpg#242

Bump brace-expansion from 1.1.11 to 1.1.12 in crazy-max/ghaction-import-gpg#221

Bump minimatch from 3.1.2 to 3.1.5 in crazy-max/ghaction-import-gpg#240

Bump openpgp from 6.1.0 to 6.3.0 in crazy-max/ghaction-import-gpg#233

Full Changelog: crazy-max/ghaction-import-gpg@v6.3.0...v7.0.0

v6.3.0

Bump openpgp from 5.11.2 to 6.1.0 in crazy-max/ghaction-import-gpg#215

Bump cross-spawn from 7.0.3 to 7.0.6 in crazy-max/ghaction-import-gpg#212

Full Changelog: crazy-max/ghaction-import-gpg@v6.2.0...v6.3.0

v6.2.0

Bump @actions/core from 1.10.1 to 1.11.1 in crazy-max/ghaction-import-gpg#209

Bump braces from 3.0.2 to 3.0.3 in crazy-max/ghaction-import-gpg#203

Bump ip from 2.0.0 to 2.0.1 in crazy-max/ghaction-import-gpg#196

Bump micromatch from 4.0.4 to 4.0.8 in crazy-max/ghaction-import-gpg#207

Bump openpgp from 5.11.0 to 5.11.2 in crazy-max/ghaction-import-gpg#205

Bump tar from 6.1.14 to 6.2.1 in crazy-max/ghaction-import-gpg#198

Full Changelog: crazy-max/ghaction-import-gpg@v6.1.0...v6.2.0

v6.1.0

Bump @actions/core from 1.10.0 to 1.10.1 in crazy-max/ghaction-import-gpg#186

Bump @babel/traverse from 7.17.3 to 7.23.2 in crazy-max/ghaction-import-gpg#191

Bump debug from 4.1.1 to 4.3.4 in crazy-max/ghaction-import-gpg#190

Bump openpgp from 5.10.1 to 5.11.0 in crazy-max/ghaction-import-gpg#192

Full Changelog: crazy-max/ghaction-import-gpg@v6.0.0...v6.1.0

Commits

2dc316d Merge pull request #242 from crazy-max/dependabot/npm_and_yarn/actions/exec-3...
5812792 chore: update generated content
ceb906e build(deps): bump @actions/exec from 1.1.1 to 3.0.0
a9dffd9 Merge pull request #241 from crazy-max/node24
36d49fc node 24 as default runtime
50c4e4f Merge pull request #233 from crazy-max/dependabot/npm_and_yarn/openpgp-6.3.0
c78fe49 chore: update generated content
8dbbb1e Merge pull request #221 from crazy-max/dependabot/npm_and_yarn/brace-expansio...
fc715b0 build(deps): bump openpgp from 6.1.0 to 6.3.0
9946916 build(deps): bump brace-expansion from 1.1.11 to 1.1.12
Additional commits viewable in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.0.0` | | [fgrosse/go-coverage-report](https://github.com/fgrosse/go-coverage-report) | `1.2.0` | `1.3.0` | | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6` | `7` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@v2.2.1...v3.0.0) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@v2.5.0...v3.0.0) Updates `fgrosse/go-coverage-report` from 1.2.0 to 1.3.0 - [Release notes](https://github.com/fgrosse/go-coverage-report/releases) - [Changelog](https://github.com/fgrosse/go-coverage-report/blob/main/CHANGELOG.md) - [Commits](fgrosse/go-coverage-report@v1.2.0...v1.3.0) Updates `crazy-max/ghaction-import-gpg` from 6 to 7 - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](crazy-max/ghaction-import-gpg@v6...v7) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v8.0.0...v8.0.1) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: fgrosse/go-coverage-report dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crazy-max/ghaction-import-gpg dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 5 updates#206

Bump the github-actions group across 1 directory with 5 updates#206
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-c9d96adb1b

dependabot bot commented on behalf of github Mar 28, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

BREAKING CHANGES

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

v3.0.0

What's Changed

New Contributors

v1.3.0

Changelog

[v1.3.0] - 2026-03-11

v7.0.0

v6.3.0

v6.2.0

v6.1.0

v8.0.1

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 28, 2026 •

edited

Loading