Skip to content

chore(actions)(deps): Bump the github-actions group across 1 directory with 4 updates#151

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-5e5c05b1c9
Open

chore(actions)(deps): Bump the github-actions group across 1 directory with 4 updates#151
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-5e5c05b1c9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 4 updates in the / directory: actions/checkout, codecov/codecov-action, python-semantic-release/python-semantic-release and actions/dependency-review-action.

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates codecov/codecov-action from 6 to 7

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates python-semantic-release/python-semantic-release from 10.5.3 to 10.6.1

Release notes

Sourced from python-semantic-release/python-semantic-release's releases.

v10.6.1 (2026-07-06)

This release is published under the MIT License.

🪲 Bug Fixes

  • changelog: Fix handling of whitespace commit bodies in changelog template filter (PR#1457, d95e46e)

  • cmd-version: Fix non-styled error msg when strict & no new version (PR#1437, 5e8f94c)

  • config: Eliminate .git/ in parent dir warnings for monorepos configured with .. (PR#1444, 7a1f822)

📖 Documentation

  • CHANGELOG: Add v9.21.2 changelog details for website (a4115cf)

  • configuration: Document repo_dir config option (PR#1444, 7a1f822)

⚙️ Build System

  • deps: Expand python-gitlab dependency range to include v8.0.0+ (PR#1451, a4b9a43)

  • deps: Expand tomlkit dependency range to include v0.14.0+ & v0.15.0+ (028d539)

  • deps: Extend click dependency range to include v8.2+ (01707ea)

✅ Resolved Issues

  • #1418: Extrenous "Found .git/ in higher parent directory" warning in monorepo setup

  • #1423: Misformated error message


Detailed Changes: v10.6.0...v10.6.1


Installable artifacts are available from:

v10.6.0 (2026-07-04)

This release is published under the MIT License.

✨ Features

... (truncated)

Changelog

Sourced from python-semantic-release/python-semantic-release's changelog.

v10.6.1 (2026-07-06)

🪲 Bug Fixes

  • changelog: Fix handling of whitespace commit bodies in changelog template filter (PR#1457, d95e46e)

  • cmd-version: Fix non-styled error msg when strict & no new version, closes [#1423](https://github.com/python-semantic-release/python-semantic-release/issues/1423)_ (PR#1437, 5e8f94c)

  • config: Eliminate .git/ in parent dir warnings for monorepos configured with .., closes [#1418](https://github.com/python-semantic-release/python-semantic-release/issues/1418)_ (PR#1444, 7a1f822)

📖 Documentation

  • CHANGELOG: Add v9.21.2 changelog details for website (a4115cf_)

  • configuration: Document repo_dir config option (PR#1444, 7a1f822)

⚙️ Build System

  • deps: Expand python-gitlab dependency range to include v8.0.0+ (PR#1451, a4b9a43)

  • deps: Expand tomlkit dependency range to include v0.14.0+ & v0.15.0+ (028d539_)

  • deps: Extend click dependency range to include v8.2+ (01707ea_)

.. _#1418: python-semantic-release/python-semantic-release#1418 .. _#1423: python-semantic-release/python-semantic-release#1423 .. _01707ea: python-semantic-release/python-semantic-release@01707ea .. _028d539: python-semantic-release/python-semantic-release@028d539 .. _5e8f94c: python-semantic-release/python-semantic-release@5e8f94c .. _7a1f822: python-semantic-release/python-semantic-release@7a1f822 .. _a4115cf: python-semantic-release/python-semantic-release@a4115cf .. _a4b9a43: python-semantic-release/python-semantic-release@a4b9a43 .. _d95e46e: python-semantic-release/python-semantic-release@d95e46e .. _PR#1437: python-semantic-release/python-semantic-release#1437 .. _PR#1444: python-semantic-release/python-semantic-release#1444 .. _PR#1451: python-semantic-release/python-semantic-release#1451 .. _PR#1457: python-semantic-release/python-semantic-release#1457

.. _changelog-v10.6.0:

v10.6.0 (2026-07-04)

... (truncated)

Commits
  • 39dd205 chore: release v10.6.1
  • 7a1f822 fix(config): eliminate .git/ in parent dir warnings for monorepos configure...
  • 5fa2df5 style: fix configuration docs with alphabetical options
  • be11d3f style: adjust formatting for clearer test implementations
  • 5e8f94c fix(cmd-version): fix non-styled error msg when strict & no new version (#1437)
  • 81527c6 style: adjust implementation & tests to suppress warnings & type errors
  • 45f0f27 test: adjust style to match expected pytest environment & type-checker
  • 0ef2d0c build(deps-dev): expand pytest dependency range to include v9.0.0
  • ceb4e97 style(mypy-config): remove specified 3.8 compiler from config - defaults to a...
  • 725e16b ci(validate): adjust lint job to use Python 3.8 instead
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4 to 5

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

... (truncated)

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…y with 4 updates

Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [codecov/codecov-action](https://github.com/codecov/codecov-action), [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `codecov/codecov-action` from 6 to 7
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6...v7)

Updates `python-semantic-release/python-semantic-release` from 10.5.3 to 10.6.1
- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)
- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst)
- [Commits](python-semantic-release/python-semantic-release@v10.5.3...v10.6.1)

Updates `actions/dependency-review-action` from 4 to 5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: python-semantic-release/python-semantic-release
  dependency-version: 10.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: ci/cd, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Comment thread .github/workflows/ci.yml
code: ${{ steps.filter.outputs.code }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
Comment thread .github/workflows/ci.yml
- name: Checkout code
if: needs.changes.outputs.code == 'true'
uses: actions/checkout@v6
uses: actions/checkout@v7
Comment thread .github/workflows/ci.yml
- name: Upload coverage to Codecov
if: needs.changes.outputs.code == 'true'
uses: codecov/codecov-action@v6
uses: codecov/codecov-action@v7
Comment thread .github/workflows/ci.yml
- name: Checkout code
if: needs.changes.outputs.code == 'true'
uses: actions/checkout@v6
uses: actions/checkout@v7
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v7
contents: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@v7
steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@v7
steps:
- name: Dependency Review
uses: actions/dependency-review-action@v4
uses: actions/dependency-review-action@v5
steps:
- name: Checkout code
uses: actions/checkout@v6
uses: actions/checkout@v7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant