chore(ci)(deps): bump the gh-actions group across 1 directory with 5 updates by dependabot[bot] · Pull Request #803 · MustardSeedNetworks/niac-go

dependabot · 2026-06-08T16:58:08Z

Bumps the gh-actions group with 5 updates in the / directory:

Package	From	To
actions/checkout	`6.0.2`	`6.0.3`
codecov/codecov-action	`6.0.1`	`7.0.0`
securego/gosec	`2.26.1`	`2.27.1`
github/codeql-action	`4.36.0`	`4.36.2`
actions/setup-go	`5.5.0`	`6.4.0`

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
See full diff in compare view

Updates codecov/codecov-action from 6.0.1 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

ci: remove Enforce License Compliance workflow by @thomasrockhu-codecov in codecov/codecov-action#1950

chore(release): 7.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

ci: remove Enforce License Compliance workflow by @thomasrockhu-codecov in codecov/codecov-action#1950

chore(release): 7.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

fb8b358 chore(release): 7.0.0 (#1957)
ca0a928 ci: remove Enforce License Compliance workflow (#1950)
See full diff in compare view

Updates securego/gosec from 2.26.1 to 2.27.1

Release notes

Sourced from securego/gosec's releases.

v2.27.1

Changelog

9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 Downgrade google lib to avoid min Go version bump (#1687)

v2.27.0

Changelog

0a5c6504c46569257663726ac54c7cfdad42e846 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropick-sdk-go (#1686)

b48e668764ca9fd826a7b84c9e9194af3227fade Update all dependencies (#1685)

bd17b2589eb634e511b352f14fc30cb40863eefe Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility with anthropic-sdk (#1683)

c6f8c3d9a75d897612c7beb55007ac5f29b2e3a2 Update all dependencies (#1682)

5676cbccda635b33fab15bb85e32b2e741c9372f Update vulnerabilities alerts for indirect dependencies

ce167d4a37bc5fe3f49bb9be3209f9759b69ff6f Pin dependencies (#1681)

74b726dfcebf218a1984a51b44fe962aecef5921 Skip pining for my repos

a68f8825bfa51b46cc517a5cd8baf4848e03a8d1 Update renovate configuration

2f8791bad7bf8f6a11f0b29e41aec54ddb9fcb0b Fix typo

ad3778a7be907bf4e5cf5ed5c63333a377f3fb3b Update branch config in renovate config

b1583fe2f3ffb41074cb11996e58ca554c6c04e7 Migrate config renovate.json (#1678)

139e33d474374c8e26a0e480f077526e131f43bb Update renovate to refresh the branch creation

f3c03ebb7f077f9b9ddfc64f710e0a2d2e92ded4 Update the renovate branch prefix

85814f2e3964a6d38aeb6e6002ac9268c16fcab5 Update renovate config to pin the actions dependencies by digests (#1676)

55f051973281b15900b2b8b30aaf467a7b9127ea Migrate the html remport to react v19. (#1675)

6ad4476d269895a4a9b77883b3e3503f7e5e4103 Manually update version to fix renovate (#1674)

8f88312a5f80dbf04d2248d75c372d165e54e589 feat: integrate Atlas Cloud provider (#1672)

6351b0c6fcc7d75acb230a9be7f9047aada322ae Refactor error position parsing to support path with colon. (#1673)

de65614d10a6b84029e3e1215567b8ce7e490f23 Add two options to require rule ID and justificaiton for inline annotations (#1671)

e354c572d957eb8bf63481cc9ba2704b58a6ae35 Fix false positive in G118 when cancel is stored in a slice/map (#1670)

4161f0b4333859990584c9fb3fd377a892eaf477 chore(go): update supported Go versions to 1.25.10 and 1.26.3 (#1669)

b4f29347566880540afec8205b633d2859377cec Harden the github workflows and action (#1665)

b7aca268861108d4446959fa92d2fe808eb7aa6f Fix justification delimiter in annotation format doc (#1661)

945bce72d26a794e25a122d87527d063bf887903 Update all dependencies (#1664)

5f4eec95fa28ce5dc6cf555de8c242cb57545f01 Update action to use gosec version v2.26.1 (#1660)

Commits

9e6a984 Downgrade google lib to avoid min Go version bump (#1687)
0a5c650 Downgrade the jsonschema dep to v0.13.0 due to incompatibility with anthropic...
b48e668 Update all dependencies (#1685)
bd17b25 Downgrade the github.com/invopop/jsonschema v0.13.0 to solve incopatibility w...
c6f8c3d Update all dependencies (#1682)
5676cbc Update vulnerabilities alerts for indirect dependencies
ce167d4 Pin dependencies (#1681)
74b726d Skip pining for my repos
a68f882 Update renovate configuration
2f8791b Fix typo
Additional commits viewable in compare view

Updates github/codeql-action from 4.36.0 to 4.36.2

Release notes

Sourced from github/codeql-action's releases.

v4.36.2

Cache CodeQL CLI version information across Actions steps. #3943

Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937

Update default CodeQL bundle version to 2.25.6. #3948

v4.36.1

No user facing changes.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.2 - 04 Jun 2026

Cache CodeQL CLI version information across Actions steps. #3943

Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937

Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894

Add support for SHA-256 Git object IDs. #3893

Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899

For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791

If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892

Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

... (truncated)

Commits

8aad20d Merge pull request #3949 from github/update-v4.36.2-dcb947ce1
f521b08 Add additional changelog notes
8aeff0f Update changelog for v4.36.2
dcb947c Merge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6
c251bce Add changelog note
62953c1 Update default bundle to codeql-bundle-v2.25.6
423b570 Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...
c35d1b1 Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...
cb1a588 Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoff
ba47406 Merge pull request #3943 from github/henrymercer/cache-cli-version-info
Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

... (truncated)

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

…updates Bumps the gh-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.1` | `7.0.0` | | [securego/gosec](https://github.com/securego/gosec) | `2.26.1` | `2.27.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.4.0` | Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) Updates `codecov/codecov-action` from 6.0.1 to 7.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@e79a696...fb8b358) Updates `securego/gosec` from 2.26.1 to 2.27.1 - [Release notes](https://github.com/securego/gosec/releases) - [Commits](securego/gosec@4a3bd8a...9e6a984) Updates `github/codeql-action` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@7211b7c...8aad20d) Updates `actions/setup-go` from 5.5.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5.5.0...4a36011) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: codecov/codecov-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions - dependency-name: securego/gosec dependency-version: 2.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026

dependabot Bot requested a review from krisarmstrong as a code owner June 8, 2026 16:58

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026

github-actions Bot added the area: ci label Jun 8, 2026

dependabot Bot force-pushed the dependabot/github_actions/gh-actions-0b17785dff branch from c03cece to 5665324 Compare June 8, 2026 21:29

krisarmstrong enabled auto-merge (squash) June 8, 2026 21:29

dependabot Bot force-pushed the dependabot/github_actions/gh-actions-0b17785dff branch from 5665324 to 80abb58 Compare June 11, 2026 03:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(ci)(deps): bump the gh-actions group across 1 directory with 5 updates#803

chore(ci)(deps): bump the gh-actions group across 1 directory with 5 updates#803
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/gh-actions-0b17785dff

dependabot Bot commented on behalf of github Jun 8, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.3

What's Changed

New Contributors

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v7.0.0

What's Changed

v6.0.2

What's Changed

v5.5.2

What's Changed

v5.5.1

What's Changed

v5.5.0

What's Changed

v5.4.3

What's Changed

v5.4.2

v2.27.1

Changelog

v2.27.0

Changelog

v4.36.2

v4.36.1

CodeQL Action Changelog

[UNRELEASED]

4.36.2 - 04 Jun 2026

4.36.1 - 02 Jun 2026

4.36.0 - 22 May 2026

4.35.5 - 15 May 2026

4.35.4 - 07 May 2026

4.35.3 - 01 May 2026

4.35.2 - 15 Apr 2026

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.1.0

What's Changed

Enhancements

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 8, 2026 •

edited

Loading