Skip to content

build(deps): bump the github-actions group across 1 directory with 3 updates#191

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-8c1d662c19
Open

build(deps): bump the github-actions group across 1 directory with 3 updates#191
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-8c1d662c19

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Bumps the github-actions group with 3 updates in the / directory: actions/checkout, jdx/mise-action and github/codeql-action.

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates jdx/mise-action from 4.0.1 to 4.1.0

Release notes

Sourced from jdx/mise-action's releases.

v4.1.0: automatic --locked installs

This release adds automatic locked installs when a mise.lock is present, and fixes a long-standing cache-key collision that could poison tool installs when workflows migrate between runner providers.

Added

Automatic --locked install when mise.lock exists (#495) by @​zeitlinger

When a repo contains mise.lock, the action now automatically passes --locked to mise install (on mise versions that support it). This removes the need to manually set install_args: --locked and prevents mise install from silently mutating the lockfile in CI. Explicit install_args and older mise versions are still respected.

Note: workflows with a stale lockfile may now fail earlier and more explicitly instead of silently updating mise.lock mid-run — this surfaces lockfile drift rather than hiding it.

Fixed

  • Cache key collisions across runner providers (#456) — the default cache key now includes the runner image (e.g. macos15, ubuntu24 for GitHub-hosted runners; self-hosted otherwise). Previously, repos migrating between providers like github-hosted, namespace.so, BuildJet, and self-hosted runners with the same OS/arch could restore a peer provider's ~/.local/share/mise/installs/*, causing failures like does not have an executable named '…' or SIGILL crashes from binaries built against a different glibc/CPU featureset. Expect a one-time cache miss after upgrading; thereafter the cache stays scoped per image.
  • mise-shim.exe missing on Windows (#476) by @​risu729 — the action now installs mise-shim.exe alongside mise.exe and repairs restored caches that lack the shim. Fixes #475.

Changed

  • Migrated the bundled action build from ncc (CommonJS) to Rollup (ESM) (#436). No user-facing behavior change.

Full Changelog: jdx/mise-action@v4.0.1...v4.1.0

Changelog

Sourced from jdx/mise-action's changelog.

Changelog

4.1.0 - 2026-06-04

🚀 Features

🐛 Bug Fixes

⚙️ Miscellaneous Tasks

4.0.1 - 2026-03-22

🐛 Bug Fixes

  • run npm install in pre-commit hook before build (#410) by @​jdx in #410

🚜 Refactor

  • extract getCwd() helper to deduplicate working directory resolution (#403) by @​altendky in #403

📚 Documentation

⚙️ Miscellaneous Tasks

... (truncated)

Commits
  • dba1968 chore: release v4.1.0 (#490)
  • f91a09d fix(ci): resolve zizmor findings (#503)
  • a9d72a2 chore(deps): update github/codeql-action action to v4.36.0 (#500)
  • 1f56d95 chore(deps): update dependency @​actions/cache to v6.0.1 (#497)
  • e47eed9 chore: update aube tool version (#501)
  • 69c24ed chore(deps): update dependency aube to v1.15.0 (#498)
  • 76f8407 chore(deps): update zizmorcore/zizmor-action action to v0.5.4 (#488)
  • 4a84c91 chore(deps): update dependency eslint to v10.4.0 (#492)
  • 4d5418b chore(deps): update dependency @​types/node to v24.12.4 (#485)
  • e676099 chore(deps): update dependency typescript-eslint to v8.59.3 (#487)
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.35.5 to 4.36.2

Release notes

Sourced from github/codeql-action's releases.

v4.36.2

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

v4.36.1

No user facing changes.

v4.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926
Commits
  • 8aad20d Merge pull request #3949 from github/update-v4.36.2-dcb947ce1
  • f521b08 Add additional changelog notes
  • 8aeff0f Update changelog for v4.36.2
  • dcb947c Merge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6
  • c251bce Add changelog note
  • 62953c1 Update default bundle to codeql-bundle-v2.25.6
  • 423b570 Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...
  • c35d1b1 Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...
  • cb1a588 Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoff
  • ba47406 Merge pull request #3943 from github/henrymercer/cache-cli-version-info
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 4, 2026
@dependabot dependabot Bot requested a review from theagenticguy as a code owner June 4, 2026 22:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 4, 2026
@dependabot
build(deps): bump the github-actions group across 1 directory with 3 …
6021223 
…updates

Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [jdx/mise-action](https://github.com/jdx/mise-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `jdx/mise-action` from 4.0.1 to 4.1.0
- [Release notes](https://github.com/jdx/mise-action/releases)
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md)
- [Commits](jdx/mise-action@1648a78...dba1968)

Updates `github/codeql-action` from 4.35.5 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](github/codeql-action@v4.35.5...v4.36.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: jdx/mise-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-8c1d662c19 branch from cacdaee to 6021223 Compare June 4, 2026 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theagenticguy theagenticguy Awaiting requested review from theagenticguy theagenticguy is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants