Skip to content

ci: bump the github-actions group across 1 directory with 4 updates#1133

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-604af50da5
Open

ci: bump the github-actions group across 1 directory with 4 updates#1133
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-604af50da5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps the github-actions group with 4 updates in the / directory: actions/checkout, aws-actions/aws-secretsmanager-get-secrets, softprops/action-gh-release and slackapi/slack-github-action.

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates aws-actions/aws-secretsmanager-get-secrets from 2 to 3

Release notes

Sourced from aws-actions/aws-secretsmanager-get-secrets's releases.

v3

This tracks the latest v3.x.x version

v2.0.10

What's Changed

New Contributors

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.10

v2.0.9

What's Changed

New Contributors

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.9

v2.0.8

What's Changed

New Contributors

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.8

v2.0.7

What's Changed

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.7

v2.0.6

What's Changed

... (truncated)

Commits

Updates softprops/action-gh-release from 2 to 3

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

  • fix issue with multiple runs concatenating release bodies #145

0.1.12

  • fix bug leading to empty strings substituted for inputs users don't provide breaking api calls #144

0.1.11

  • better error message on release create failed #143

0.1.10

  • fixed error message formatting for file uploads

0.1.9

  • add support for linking release to GitHub discussion #136

0.1.8

  • address recent warnings in assert upload api as well as introduce asset upload overrides, allowing for multiple runs for the same release with the same named asserts #134
  • fix backwards compatibility with GITHUB_TOKEN resolution. GITHUB_TOKEN is now resolved first from an env variable and then from an input #133
  • trim white space in provided tag_name #130

0.1.7

  • allow creating draft releases without a tag #95
  • Set default token for simpler setup #83
  • fix regression with action yml #126

0.1.6

This is a release catch up have a hiatus. Future releases will happen more frequently

  • Add 'fail_on_unmatched_files' input, useful for catching cases where your files input does not actually match what you expect #55
  • Add repository input, useful for creating a release in an external repository #61
  • Add release id to outputs, useful for referring to release in workflow steps following the step that uses this action #60
  • Add upload_url as action output, useful for managing uploads separately #75
  • Support custom target_commitish value, useful to customize the default #76
  • fix body_path input first then fall back on body input. This was the originally documented precedence but was implemented in the opposite order! #85
  • Retain original release info if the keys are not set, useful for filling in blanks for a release you've already started separately #109
  • Limit number of times github api request to create a release is retried, useful for avoiding eating up your rate limit and action minutes due to either an invalid token or other circumstance causing the api call to fail #111

0.1.5

  • Added support for specifying tag name #39

0.1.4

... (truncated)

Commits

Updates slackapi/slack-github-action from 2.1.1 to 3.0.3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Slack GitHub Action v3.0.1

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token

🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
</tr></table>

... (truncated)

Changelog

Sourced from slackapi/slack-github-action's changelog.

3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Commits
  • 45a88b9 chore: release
  • 1c0bcf0 chore: release (#606)
  • 66834e4 feat: add instrumentation to address error rates (#600)
  • 0fe0f90 build(deps): bump @​actions/github from 9.0.0 to 9.1.1 (#605)
  • c5e7059 build(deps): bump @​slack/web-api from 7.15.0 to 7.15.1 (#604)
  • 0325526 build(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.13 (#601)
  • 900cd3e build(deps-dev): bump @​types/node from 24.12.0 to 24.12.2 (#603)
  • 53fdcff build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#602)
  • 26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
  • feba1e2 ci: skip publish step if no release is needed (#599)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci: bump the github-actions group across 1 directory with 4 updates
839ef86 
Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [aws-actions/aws-secretsmanager-get-secrets](https://github.com/aws-actions/aws-secretsmanager-get-secrets), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action).


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `aws-actions/aws-secretsmanager-get-secrets` from 2 to 3
- [Release notes](https://github.com/aws-actions/aws-secretsmanager-get-secrets/releases)
- [Commits](aws-actions/aws-secretsmanager-get-secrets@v2...v3)

Updates `softprops/action-gh-release` from 2 to 3
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v2...v3)

Updates `slackapi/slack-github-action` from 2.1.1 to 3.0.3
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](slackapi/slack-github-action@v2.1.1...v3.0.3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aws-actions/aws-secretsmanager-get-secrets
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 6, 2026
@dependabot dependabot Bot requested a review from a team May 6, 2026 17:49
@github-actions github-actions Bot added the size/xs PR size: XS label May 6, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 43.1% 9015 / 20912
🔵 Statements 42.39% 9573 / 22582
🔵 Functions 39.91% 1553 / 3891
🔵 Branches 39.98% 5808 / 14527
Generated in workflow #2546 for commit 839ef86 by the Vitest Coverage Report Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code size/xs PR size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants