chore(deps): bump the actions group across 1 directory with 9 updates

Bumps the actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `7` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `5` |
| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2` | `4` |



Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

Updates `actions/checkout` from 4 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v7)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)

Updates `actions/github-script` from 7 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v9)

Updates `actions/upload-pages-artifact` from 3 to 5
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/v3...v5)

Updates `actions/deploy-pages` from 4 to 5
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](https://github.com/actions/deploy-pages/compare/v4...v5)

Updates `actions/download-artifact` from 4 to 8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v8)

Updates `softprops/action-gh-release` from 2 to 3
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)

Updates `actions/attest-build-provenance` from 2 to 4
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-pages-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/deploy-pages
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/attest-build-provenance
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2026-07-09 15:00:16 +00:00 committed by GitHub
parent fbc11045bd
commit bf75b80a51
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 17 additions and 17 deletions

View file

@ -16,7 +16,7 @@ jobs:
container:
image: golang:1.26.5
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'

View file

@ -22,7 +22,7 @@ jobs:
container:
image: node:24
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'
@ -41,7 +41,7 @@ jobs:
cp -r pages/dist/* _site/
cp pages/logo.svg _site/logo.svg
- uses: actions/upload-pages-artifact@v3
- uses: actions/upload-pages-artifact@v5
with:
path: _site
@ -56,4 +56,4 @@ jobs:
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
uses: actions/deploy-pages@v5

View file

@ -45,7 +45,7 @@ jobs:
# pull_request_target this checks out the trusted base branch; the
# composite action performs its own full checkout (fetch-depth: 0) later.
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v7
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'

View file

@ -28,7 +28,7 @@ jobs:
- goos: windows
goarch: arm64
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'
@ -50,7 +50,7 @@ jobs:
go build -ldflags "${LD_FLAGS}" -o "${BIN_NAME}" ./cmd/opencodereview
echo "bin_name=${BIN_NAME}" >> $GITHUB_ENV
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@v7
with:
name: binary-${{ matrix.goos }}-${{ matrix.goarch }}
path: ${{ env.bin_name }}
@ -68,7 +68,7 @@ jobs:
- name: Install git
run: apt-get update && apt-get install -y git
- uses: actions/checkout@v4
- uses: actions/checkout@v7
with:
fetch-depth: 0
@ -133,7 +133,7 @@ jobs:
echo "RELEASE_NOTES_EOF"
} >> "$GITHUB_OUTPUT"
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
pattern: binary-*
merge-multiple: true
@ -142,7 +142,7 @@ jobs:
run: sha256sum opencodereview-* | sort > sha256sum.txt
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v3
with:
body: ${{ steps.notes.outputs.body }}
files: |
@ -150,7 +150,7 @@ jobs:
sha256sum.txt
- name: Attest release artifacts
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v4
with:
subject-path: |
opencodereview-*
@ -164,7 +164,7 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v7
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'
@ -172,7 +172,7 @@ jobs:
- name: Install jq
run: apt-get update && apt-get install -y jq
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v8
with:
pattern: binary-*
merge-multiple: true

View file

@ -160,7 +160,7 @@ runs:
- name: Setup Node.js
if: steps.check_deps.outputs.node_installed != 'true'
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version: ${{ inputs.node_version }}
@ -180,7 +180,7 @@ runs:
echo "PR head sha: $HEAD_SHA"
- name: Checkout base
uses: actions/checkout@v4
uses: actions/checkout@v7
with:
# Checkout the trusted base, not the PR head. OCR reviews the
# base-to-head diff from git objects; the head commit's blobs are
@ -254,7 +254,7 @@ runs:
- name: Upload review artifacts
if: ${{ always() && inputs.upload_artifacts == 'true' }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: ocr-review-result-${{ github.run_id }}-${{ github.run_attempt }}
path: |
@ -272,7 +272,7 @@ runs:
- name: Post review comments
if: env.OCR_EXIT_CODE == '0'
id: post
uses: actions/github-script@v7
uses: actions/github-script@v9
env:
OCR_INCREMENTAL_OVERLAP_THRESHOLD: ${{ inputs.incremental_overlap_threshold }}
with: