Skip to content

ci(deps): bump the github-actions group across 1 directory with 4 updates#602

Merged
soydachi merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-0a3942bc17
Jun 24, 2026
Merged

ci(deps): bump the github-actions group across 1 directory with 4 updates#602
soydachi merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-0a3942bc17

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 4 updates in the / directory: actions/checkout, actions/cache, SonarSource/sonarqube-scan-action and actions/setup-python.

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/cache from 5.0.5 to 6.0.0

Release notes

Sourced from actions/cache's releases.

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits

Updates SonarSource/sonarqube-scan-action from 8.1.0 to 8.2.0

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

Commits
  • 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
  • 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
  • c9d327c SQSCANGHA-84 Remove outdated wget/curl references
  • b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
  • 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
  • 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
  • See full diff in compare view

Updates actions/setup-python from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-python's releases.

v6.3.0

What's Changed

Enhancement

Dependency update

Documentation

New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 24, 2026 20:16
soydachi added a commit that referenced this pull request Jun 24, 2026
v6.0.0 is an ESM-only refactor of v5 (actions/cache#1760: "Update packages,
migrate to ESM") — the cache backend, key schema, and save/restore behavior
are unchanged, so it stays key+path compatible with the gate_cache storage
contract (D-104-03/D-104-09). Widen _is_supported_cache_version + the
SHA-pin annotation fallback to accept v4/v5/v6, mirroring the v4->v5
acceptance (spec-163).

Unblocks dependabot #602 (actions/cache 5.0.5 -> 6.0.0, grouped with
actions/checkout 7.0.0, sonarqube-scan-action 8.2.0, setup-python 6.3.0).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Ai-Eng-Gate: passed
Dependabot github-actions group bump (4 updates):
- actions/checkout 6.0.3 -> 7.0.0
- actions/cache 5.0.5 -> 6.0.0
- SonarSource/sonarqube-scan-action 8.1.0 -> 8.2.0
- actions/setup-python 6.2.0 -> 6.3.0

Widen the gate-cache contract test (test_ci_cache_key_schema) to accept
actions/cache v6: v6.0.0 is an ESM-only refactor of v5 (actions/cache#1760)
with the cache backend, key schema, and save/restore behavior unchanged, so
it stays key+path compatible with the gate_cache storage contract
(D-104-03 / D-104-09). Mirrors the v4->v5 acceptance (spec-163).

Collapsed the bot bump + the contract-widening commit into one trailered
commit so Verify Gate Trailers passes (the dependabot commit carried no
Ai-Eng-Gate trailer).

Co-Authored-By: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Ai-Eng-Gate: passed
@soydachi soydachi force-pushed the dependabot/github_actions/github-actions-0a3942bc17 branch from bcb4b0b to 89705e7 Compare June 24, 2026 20:39
@sonarqubecloud

Copy link
Copy Markdown

@soydachi soydachi merged commit b633b53 into main Jun 24, 2026
69 of 71 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog to Done in ai-engineering Jun 24, 2026
@soydachi soydachi deleted the dependabot/github_actions/github-actions-0a3942bc17 branch June 24, 2026 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

1 participant