Skip to content

chore: bump the non-major-version-updates group with 4 updates#1911

Merged
jkleinsc merged 1 commit into
mainfrom
dependabot/github_actions/non-major-version-updates-d4c77f0928
May 1, 2026
Merged

chore: bump the non-major-version-updates group with 4 updates#1911
jkleinsc merged 1 commit into
mainfrom
dependabot/github_actions/non-major-version-updates-d4c77f0928

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the non-major-version-updates group with 4 updates: electron/github-app-auth-action, dsanders11/project-actions, actions/setup-node and actions/cache.

Updates electron/github-app-auth-action from 2.0.0 to 2.1.0

Release notes

Sourced from electron/github-app-auth-action's releases.

v2.1.0

2.1.0 (2026-04-24)

Features

  • add permissions input to narrow minted installation tokens (#141) (5f70a37)
Commits
  • 5f70a37 feat: add permissions input to narrow minted installation tokens (#141)
  • 9702378 build(dev-deps): replace fsevents with forked version (#140)
  • a3fad83 chore(deps): bump vite from 7.3.1 to 7.3.2 (#139)
  • ef0ee52 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#138)
  • 73b7939 chore(deps): resolve open Dependabot alerts (#137)
  • 6a9347f ci: fix zizmor audit findings (#133)
  • 31f61d2 ci: replace super-linter with yarn lint and format:check (#134)
  • e79fe7a chore: resolve dependabot security alerts (#136)
  • 008fc22 chore(deps): bump flatted from 3.4.1 to 3.4.2 (#135)
  • 3cd5b8f chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#131)
  • Additional commits viewable in compare view

Updates dsanders11/project-actions from 2.0.0 to 2.0.1

Release notes

Sourced from dsanders11/project-actions's releases.

v2.0.1

2.0.1 (2026-04-17)

Bug Fixes

  • realign with upstream actions/github-script (#120) (4b06452)
Commits
  • 4b06452 fix: realign with upstream actions/github-script (#120)
  • f279c30 chore: fixup main (#119)
  • 29401df docs(github-script): fix warning message (#118)
  • a474e06 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#116)
  • 12a39e6 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#115)
  • bb3c432 chore(deps): bump the actions-minor group with 2 updates (#114)
  • See full diff in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the non-major-version-updates group with 4 updates
88853b9 
Bumps the non-major-version-updates group with 4 updates: [electron/github-app-auth-action](https://github.com/electron/github-app-auth-action), [dsanders11/project-actions](https://github.com/dsanders11/project-actions), [actions/setup-node](https://github.com/actions/setup-node) and [actions/cache](https://github.com/actions/cache).


Updates `electron/github-app-auth-action` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/electron/github-app-auth-action/releases)
- [Commits](electron/github-app-auth-action@e14e477...5f70a37)

Updates `dsanders11/project-actions` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/dsanders11/project-actions/releases)
- [Commits](dsanders11/project-actions@5767984...4b06452)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...27d5ce7)

---
updated-dependencies:
- dependency-name: electron/github-app-auth-action
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-major-version-updates
- dependency-name: dsanders11/project-actions
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-version-updates
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-major-version-updates
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 1, 2026 12:28
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 1, 2026
@jkleinsc jkleinsc merged commit feb3114 into main May 1, 2026
8 checks passed
@jkleinsc jkleinsc deleted the dependabot/github_actions/non-major-version-updates-d4c77f0928 branch May 1, 2026 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ckerr ckerr ckerr approved these changes

@jkleinsc jkleinsc jkleinsc approved these changes

@erickzhao erickzhao erickzhao approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ckerr @jkleinsc @erickzhao