Skip to content

Bump the github-actions group with 3 updates#97

Merged
peace-maker merged 1 commit into
masterfrom
dependabot/github_actions/github-actions-1f22f262c3
Jun 18, 2026
Merged

Bump the github-actions group with 3 updates#97
peace-maker merged 1 commit into
masterfrom
dependabot/github_actions/github-actions-1f22f262c3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 3 updates: actions/checkout, actions/setup-java and advanced-security/maven-dependency-submission-action.

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits
  • df4cb1c Update changelog for v6.0.3 (#2446)
  • 1cce339 Fix checkout init for SHA-256 repositories (#2439)
  • 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
  • 0c366fd Update changelog (#2357)
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • 8e8c483 Clarify v6 README (#2328)
  • 033fa0d Add worktree support for persist-credentials includeIf (#2327)
  • c2d88d3 Update all references from v5 and v4 to v6 (#2314)
  • 1af3b93 update readme/changelog for v6 (#2311)
  • Additional commits viewable in compare view

Updates actions/setup-java from 4 to 5

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

New Contributors

Full Changelog: actions/setup-java@v4...v5.0.0

v4.8.0

What's Changed

Full Changelog: actions/setup-java@v4...v4.8.0

v4.7.1

What's Changed

Documentation changes

Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits
  • ad2b381 Bump @​vercel/ncc from 0.38.1 to 0.44.0 (#1018)
  • b24df5b Make the Adoptopenjdk package type look at the Temurin repo first for latest ...
  • 43120bc Implement pagination with link headers for Adoptium based apis (#1014)
  • ad9d6a6 Bump @​types/node from 24.1.0 to 25.9.3 (#950)
  • 039af37 Bump picomatch, @​types/jest, jest, jest-circus and ts-jest (#1016)
  • 1756ab6 Bump eslint-config-prettier from 8.10.0 to 10.1.8 (#881)
  • 662bb59 Bump @​typescript-eslint/eslint-plugin from 8.35.1 to 8.46.2 (#952)
  • 1071fc1 fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parse...
  • 576b821 Merge pull request #674 from gdams/alpine
  • 307d3a2 update readme for ubuntu sudo java_home behavior (#1013)
  • Additional commits viewable in compare view

Updates advanced-security/maven-dependency-submission-action from 4 to 5

Release notes

Sourced from advanced-security/maven-dependency-submission-action's releases.

v5.0.0

Improved multi-module support

This release improves multi-module support by reflecting which pom.xml file brings in a particular dependency. Previously, the dependencies were aggregated into the top-level pom.xml file. If a given package is brought in via multiple modules, that package will be reflected in all of the modules that reference it.

Because of this change in behavior, we've removed two configuration options:

  • snapshot-dependency-file-name: no longer applicable since we submit more than one manifest
  • snapshot-include-file-name: this flag determined whether the manifest object included the file path. It should always be available and there's no reason to omit it, so we've removed the flag.

v4.1.3

The release bumps dependency versions to stay up-to-date.

v4.1.2

What's Changed

New Contributors

Full Changelog: advanced-security/maven-dependency-submission-action@v4...v4.1.2

v4.1.1

No release notes provided.

v4.1.0

  • Adds the ability to change the detector details for the dependency snapshots via the optional input parameters:

    • detector-name
    • detector-url
    • detector-version

    If the detector-name is specified, then all three become mandatory as there are no sensible defaults that can be attributed to the values.

v4.0.3

  • Updating the build process and tooling for Node 20 support in the CLI executables which were introduced when the dependency-submission-toolkit transitioned in to an ESM module

  • Fixes #69 #61

v4.0.2

No release notes provided.

v4.0.1

  • Updating branding for the marketplace
  • Utilizing rollup to build cli executables as the ESM module for the dependency-submission-toolkit broke the 4.0.0 pkg based executable builds.
Commits
  • b275d12 Merge pull request #114 from advanced-security/contrib-5.0
  • bdc082b Bump the tag mentioned in the contrib doc to v5
  • 2c65a53 Merge pull request #110 from advanced-security/juxtin/file-centric-manifests
  • aa342c1 Merge branch 'main' into juxtin/file-centric-manifests
  • f86e5bf README updates for v5.0.0
  • 69b8872 Update wording in error message
  • e11bd00 Remove debug line
  • b737283 Update version to 5.0.0 since this has breaking changes
  • 3059e7f Minor tweaks
  • 06796b8 Do not aggregate manifest files in multi-module projects
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-java](https://github.com/actions/setup-java) and [advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action).


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `actions/setup-java` from 4 to 5
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4...v5)

Updates `advanced-security/maven-dependency-submission-action` from 4 to 5
- [Release notes](https://github.com/advanced-security/maven-dependency-submission-action/releases)
- [Commits](advanced-security/maven-dependency-submission-action@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: advanced-security/maven-dependency-submission-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies github_actions Pull requests that update GitHub Actions code labels Jun 18, 2026
@peace-maker peace-maker merged commit 9494cca into master Jun 18, 2026
1 check failed
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-1f22f262c3 branch June 18, 2026 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant