Update GitHub Actions Dependencies (major)#409
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ospk8s-renovate[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @ospk8s-renovate[bot]. Thanks for your PR. I'm waiting for a openstack-k8s-operators member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
47f7158 to
4fc061f
Compare
This PR contains the following updates:
v2→v7v4→v7v3→v7v3→v4Release Notes
actions/checkout (actions/checkout)
v7.0.0Compare Source
v7Compare Source
v6.0.3Compare Source
v6.0.2Compare Source
v6.0.1Compare Source
v6.0.0Compare Source
v6Compare Source
v5.0.1Compare Source
v5.0.0Compare Source
v5Compare Source
v4.3.1Compare Source
v4.3.0Compare Source
v4.2.2Compare Source
url-helper.tsnow leverages well-known environment variables by @jww3 in #1941isGhesby @jww3 in #1946v4.2.1Compare Source
v4.2.0Compare Source
v4.1.7Compare Source
v4.1.6Compare Source
v4.1.5Compare Source
user.emailto be41898282+github-actions[bot]@​users.noreply.github.comby @cory-miller in #1707v4.1.4Compare Source
extensions.worktreeConfigwhen disablingsparse-checkoutby @jww3 in #1692v4.1.3Compare Source
sparse-checkoutby @jww3 in #1656actions/checkoutversion inupdate-main-version.ymlby @jww3 in #1650v4.1.2Compare Source
sparse-checkoutoption is not present @dscho in #1598v4.1.1Compare Source
v4.1.0Compare Source
v4.0.0Compare Source
v4Compare Source
v3.6.0Compare Source
v3.5.3Compare Source
v3.5.2Compare Source
v3.5.1Compare Source
v3.5.0Compare Source
v3.4.0Compare Source
v3.3.0Compare Source
v3.2.0Compare Source
v3.1.0Compare Source
saveStateandgetStategithub-server-urlinputv3.0.2Compare Source
set-safe-directoryv3.0.1Compare Source
safe.directoryv3.0.0Compare Source
v3Compare Source
github/codeql-action (github/codeql-action)
v4.36.2Compare Source
v4.36.1Compare Source
No user facing changes.
v4.36.0Compare Source
v4.35.5Compare Source
analysis-kindsinput, onlycode-scanningwill be enabled. Theanalysis-kindsinput is experimental, for GitHub-internal use only, and may change without notice at any time. #3892v4.35.4Compare Source
v4.35.3Compare Source
GETrequests instead ofHEADfor better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853v4.35.2Compare Source
CODEQL_ACTION_CLEANUP_TRAP_CACHESenvironment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing thetrap-caching: falseinput to theinitAction. #3795v4.35.1Compare Source
v4.35.0Compare Source
v4.34.1Compare Source
v4.34.0Compare Source
none. We expect this rollout to be complete by the end of April 2026. #3584v4.33.0Compare Source
Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562
To opt out of this change:
github-codeql-file-coverage-on-prsand the type "True/false", then set this property totruein the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set theCODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as
github-codeql-disable-overlaythat was previously only available on GitHub.com. #3559Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563
Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564
A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570
v4.32.6Compare Source
v4.32.5Compare Source
github-codeql-disable-overlaycustom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the namegithub-codeql-disable-overlayand the type "True/false" in the organization's settings. Then in the repository's settings, set this property totrueto disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507start-proxyaction to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512v4.32.4Compare Source
v4.32.3Compare Source
v4.32.2Compare Source
v4.32.1Compare Source
v4.32.0Compare Source
v4.31.11Compare Source
v4.31.10Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.10 - 12 Jan 2026
See the full CHANGELOG.md for more information.
v4.31.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.9 - 16 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.8 - 11 Dec 2025
See the full CHANGELOG.md for more information.
v4.31.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.7 - 05 Dec 2025
See the full CHANGELOG.md for more information.
v4.31.6Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.6 - 01 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.5Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.5 - 24 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.4Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.3Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.2Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.2 - 30 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.1Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.1 - 30 Oct 2025
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.See the full CHANGELOG.md for more information.
v4.31.0Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.0 - 24 Oct 2025
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222See the full CHANGELOG.md for more information.
v4.30.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
v4.30.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.30.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.7 - 06 Oct 2025
See the full CHANGELOG.md for more information.
v4Compare Source
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.