fix(deps): bump the all-github-actions group across 1 directory with 5 updates by dependabot[bot] · Pull Request #139 · NethermindEth/github-workflows

dependabot · 2026-04-07T01:24:40Z

Bumps the all-github-actions group with 5 updates in the / directory:

Package	From	To
docker/login-action	`4.0.0`	`4.1.0`
jfrog/setup-jfrog-cli	`4.5.9`	`5.0.0`
oras-project/setup-oras	`1.2.4`	`2.0.0`
marocchino/sticky-pull-request-comment	`3.0.2`	`3.0.3`
jaxxstorm/action-install-gh-release	`2.1.0`	`3.0.0`

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates jfrog/setup-jfrog-cli from 4.5.9 to 5.0.0

Release notes

Sourced from jfrog/setup-jfrog-cli's releases.

v5.0.0

Breaking Changes 🚨

Update default runtime to node24 by @rsi-mrobinson

What's Changed

Other Changes 📚

Fix macOS ARM64 test by updating CLI version to 2.31.0 by @nitzanman in jfrog/setup-jfrog-cli#320

APP-1824 - Upgrade jfrog-cli to 2.91.0 by @shayshim in jfrog/setup-jfrog-cli#322

chore: Breaking Changes 🚨 - update to node 24 by @mdgreenwald in jfrog/setup-jfrog-cli#328

fix: add contents: write permission to release workflow by @MaorEJFrog in jfrog/setup-jfrog-cli#331

New Contributors

@nitzanman made their first contribution in jfrog/setup-jfrog-cli#320

@shayshim made their first contribution in jfrog/setup-jfrog-cli#322

@mdgreenwald made their first contribution in jfrog/setup-jfrog-cli#328

Full Changelog: jfrog/setup-jfrog-cli@v4.9.1...v5.0.0

v4.10.1

Bug Fix

Revert the node24 runtime change from v4.10.0 back to node20 for v4 line compatibility

Users who need node24 should upgrade to @v5

Included from v4.10.0

Upgrade JFrog CLI default version to 2.91.0

Fix macOS ARM64 test

Full Changelog: jfrog/setup-jfrog-cli@v4.9.1...v4.10.1

v4.9.1

What's Changed

Improvements 🌱

Reduce warnings noise: skip git info without .git dir and avoid CLI version check by @sverdlov93 in jfrog/setup-jfrog-cli#316

Other Changes 📚

Update JFrog CLI default version to 2.88.0 by @dortam888 in jfrog/setup-jfrog-cli#317

New Contributors

@dortam888 made their first contribution in jfrog/setup-jfrog-cli#317

Full Changelog: jfrog/setup-jfrog-cli@v4...v4.9.1

v4.8.1

What's Changed

... (truncated)

Commits

1641575 Promote version to 5.0.0 (#334)
b14f2d4 fix: add contents:write permission to release workflow (#331)
86dacb6 Promote version to 4.10.0 (#329)
0f6e5a3 chore: update to node 24 (#328)
0076938 APP-1824 - Upgrade jfrog-cli to 2.91.0 (#322)
d8e2d25 Fix macOS ARM64 test by updating CLI version to 2.31.0 (#320)
279b1f6 Promote version to 4.9.1 (#319)
6b1d9e6 Update JFrog CLI default version to 2.88.0 (#317)
66f8374 Reduce warnings noise: skip git info without .git dir and avoid CLI version c...
5b06f73 Bump version (#314)
Additional commits viewable in compare view

Updates oras-project/setup-oras from 1.2.4 to 2.0.0

Release notes

Sourced from oras-project/setup-oras's releases.

v2.0.0

Highlights

Support ORAS CLI v1.3.1

Migrate action runtime from node20 to node24 (#153)

Pin undici to >=6.24.1 to address 5 CVEs: GHSA-f269-vfmq-vjvj, GHSA-2mjp-6q6p-2qxm, GHSA-vrm6-8vpv-qv8q, GHSA-v9p9-hfj2-hcw8, GHSA-4992-7rv2-5pvq

Bump @actions/core from ^2.x to ^3.0.0 (ESM-only)

Bump @actions/tool-cache from ^3.x to ^4.0.0 (ESM-only)

Replace @vercel/ncc with esbuild as the build bundler

What's Changed

Add version 1.3.1 with checksums (#150)

feat: migrate action runtime from node20 to node24 (#153)

fix: pin undici to >=6.24.1 to address CVEs (#157)

chore(deps): bump @actions/core to 3.x and @actions/tool-cache to 4.x (#159)

chore(deps): Bump @actions/core from 1.11.1 to 2.0.1 (#130)

chore(deps): Bump typescript from 5.9.2 to 6.0.2 (#151)

chore(deps): Bump actions/checkout from 5 to 6 (#128)

chore(deps): Bump actions/setup-node from 5 to 6 (#123)

chore(deps): Bump @types/node from 24.12.0 to 25.5.2 (multiple PRs)

Full Changelog: oras-project/setup-oras@v1.2.4...v2.0.0

Commits

38de303 chore: release v2.0.0 (#160)
bbd8d79 chore(deps): bump @actions/core to 3.x and @actions/tool-cache to 4.x (#159)
44d83f3 chore(deps): Bump @types/node from 24.12.0 to 25.5.2 (#158)
dd86831 fix: pin undici to >=6.24.1 to address CVEs (#157)
be45691 feat: migrate action runtime from node20 to node24 (#153)
f0fe559 Add version 1.3.1 with checksums from … (#150)
0db6c65 chore(deps): Bump @types/node from 25.0.3 to 25.5.0 (#149)
8a0db1e chore(deps): Bump typescript from 5.9.3 to 6.0.2 (#151)
bd8ffed chore: add TerryHowe to owners and code owners (#152)
c33dd38 chore(deps): Bump @types/node from 25.0.2 to 25.0.3 (#131)
Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 3.0.2 to 3.0.3

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.3

What's Changed

Move validateExclusiveModes before getBody for fail-fast validation by @Copilot in marocchino/sticky-pull-request-comment#1663

Add number_force that overrides pull_request number by @rossjrw in marocchino/sticky-pull-request-comment#1652

build(deps-dev): Bump @biomejs/biome from 2.4.6 to 2.4.7 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1666

build(deps): Bump picomatch from 4.0.3 to 4.0.4 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1673

build(deps-dev): Bump vitest from 4.1.0 to 4.1.2 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1674

build(deps-dev): Bump rollup from 4.59.0 to 4.60.1 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1676

build(deps-dev): Bump @types/node from 25.5.0 to 25.5.2 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1677

build(deps-dev): Bump @biomejs/biome from 2.4.7 to 2.4.10 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1675

build(deps): Bump brace-expansion by @dependabot[bot] in marocchino/sticky-pull-request-comment#1678

build(deps-dev): Bump typescript from 5.9.3 to 6.0.2 by @dependabot[bot] in marocchino/sticky-pull-request-comment#1670

New Contributors

@rossjrw made their first contribution in marocchino/sticky-pull-request-comment#1652

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.2...v3.0.3

Commits

d4d6b09 📦️ Build
3868baa build(deps-dev): Bump typescript from 5.9.3 to 6.0.2 (#1670)
26f73b0 build(deps): Bump brace-expansion (#1678)
f6e304e build(deps-dev): Bump @biomejs/biome from 2.4.7 to 2.4.10 (#1675)
a7709b6 build(deps-dev): Bump @types/node from 25.5.0 to 25.5.2 (#1677)
0746c6f build(deps-dev): Bump rollup from 4.59.0 to 4.60.1 (#1676)
2a4b1c3 build(deps-dev): Bump vitest from 4.1.0 to 4.1.2 (#1674)
1ab42d2 build(deps): Bump picomatch from 4.0.3 to 4.0.4 (#1673)
5a61de7 build(deps-dev): Bump @biomejs/biome from 2.4.6 to 2.4.7 (#1666)
7cb1e16 Add number_force that overrides pull_request number (#1652)
Additional commits viewable in compare view

Updates jaxxstorm/action-install-gh-release from 2.1.0 to 3.0.0

Release notes

Sourced from jaxxstorm/action-install-gh-release's releases.

v3.0.0

What's Changed

fix(deps): update octokit monorepo (major) by @renovate[bot] in jaxxstorm/action-install-gh-release#132

chore(deps): update dependency @types/lodash to v4.17.18 by @renovate[bot] in jaxxstorm/action-install-gh-release#131

fix(deps): update dependency @actions/github to v6.0.1 by @renovate[bot] in jaxxstorm/action-install-gh-release#129

fix(deps): update dependency eslint to v9.29.0 by @renovate[bot] in jaxxstorm/action-install-gh-release#128

docs: add inputs table to README.md by @gmeligio in jaxxstorm/action-install-gh-release#144

build(deps): bump the npm_and_yarn group across 1 directory with 9 updates by @dependabot[bot] in jaxxstorm/action-install-gh-release#152

chore(deps): update dependency lodash to v4.17.23 [security] by @renovate[bot] in jaxxstorm/action-install-gh-release#151

chore(deps): update dependency @vercel/ncc to v0.38.4 by @renovate[bot] in jaxxstorm/action-install-gh-release#150

chore: update dependencies and node version by @jaxxstorm in jaxxstorm/action-install-gh-release#153

Full Changelog: jaxxstorm/action-install-gh-release@v2.1.0...v3.0.0

Commits

25e24d2 Merge pull request #153 from jaxxstorm/dep_upds
75057ca chore: update setup-node
5a4b567 chore: update dependencies and node version
f981338 Merge pull request #150 from jaxxstorm/renovate/vercel-ncc-0.x
882b9e7 Merge pull request #151 from jaxxstorm/renovate/npm-lodash-vulnerability
49c9f0f Merge pull request #152 from jaxxstorm/dependabot/npm_and_yarn/npm_and_yarn-8...
5110481 build(deps): bump the npm_and_yarn group across 1 directory with 9 updates
a47c330 chore(deps): update dependency @vercel/ncc to v0.38.4
f75c8f1 chore(deps): update dependency lodash to v4.17.23 [security]
1f20b27 Merge pull request #144 from gmeligio/action_docs
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…5 updates Bumps the all-github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` | | [jfrog/setup-jfrog-cli](https://github.com/jfrog/setup-jfrog-cli) | `4.5.9` | `5.0.0` | | [oras-project/setup-oras](https://github.com/oras-project/setup-oras) | `1.2.4` | `2.0.0` | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `3.0.2` | `3.0.3` | | [jaxxstorm/action-install-gh-release](https://github.com/jaxxstorm/action-install-gh-release) | `2.1.0` | `3.0.0` | Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `jfrog/setup-jfrog-cli` from 4.5.9 to 5.0.0 - [Release notes](https://github.com/jfrog/setup-jfrog-cli/releases) - [Commits](jfrog/setup-jfrog-cli@v4.5.9...1641575) Updates `oras-project/setup-oras` from 1.2.4 to 2.0.0 - [Release notes](https://github.com/oras-project/setup-oras/releases) - [Commits](oras-project/setup-oras@22ce207...38de303) Updates `marocchino/sticky-pull-request-comment` from 3.0.2 to 3.0.3 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](marocchino/sticky-pull-request-comment@70d2764...d4d6b09) Updates `jaxxstorm/action-install-gh-release` from 2.1.0 to 3.0.0 - [Release notes](https://github.com/jaxxstorm/action-install-gh-release/releases) - [Commits](jaxxstorm/action-install-gh-release@6096f2a...25e24d2) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions - dependency-name: jfrog/setup-jfrog-cli dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: oras-project/setup-oras dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions - dependency-name: jaxxstorm/action-install-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 7, 2026

derrix060 approved these changes Apr 10, 2026

View reviewed changes

derrix060 merged commit 875c617 into main Apr 10, 2026
1 check passed

derrix060 deleted the dependabot/github_actions/all-github-actions-33e471f3f1 branch April 10, 2026 14:14

github-actions Bot mentioned this pull request Apr 10, 2026

chore(main): release 1.12.1 #140

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): bump the all-github-actions group across 1 directory with 5 updates#139

fix(deps): bump the all-github-actions group across 1 directory with 5 updates#139
derrix060 merged 1 commit into
mainfrom
dependabot/github_actions/all-github-actions-33e471f3f1

dependabot Bot commented on behalf of github Apr 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 7, 2026

v4.1.0

v5.0.0

Breaking Changes 🚨

What's Changed

Other Changes 📚

New Contributors

v4.10.1

Bug Fix

Included from v4.10.0

v4.9.1

What's Changed

Improvements 🌱

Other Changes 📚

New Contributors

v4.8.1

What's Changed

v2.0.0

Highlights

What's Changed

v3.0.3

What's Changed

New Contributors

v3.0.0

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant