Skip to content

Bump the actions group across 1 directory with 5 updates#490

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-342a7e0a0a
Open

Bump the actions group across 1 directory with 5 updates#490
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-342a7e0a0a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 17, 2026
edited
Loading

Bumps the actions group with 5 updates in the / directory:

Package From To
actions/checkout 4.2.2 6.0.2
actions/setup-node 4.4.0 6.3.0
pnpm/action-setup 4 5
changesets/action 1.5.3 1.7.0
Shopify/snapit 0.0.14 0.1.0

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates actions/setup-node from 4.4.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Bug fixes:

New Contributors

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.2.0

v6.1.0

What's Changed

Enhancement:

Dependency updates:

... (truncated)

Commits

Updates pnpm/action-setup from 4 to 5

Release notes

Sourced from pnpm/action-setup's releases.

v5.0.0

Updated the action to use Node.js 24.

v4.4.0

Updated the action to use Node.js 24.

v4.3.0

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v4.2.0...v4.3.0

v4.2.0

When there's a .npmrc file at the root of the repository, pnpm will be fetched from the registry that is specified in that .npmrc file #179

v4.1.0

Add support for package.yaml #156.

Commits

Updates changesets/action from 1.5.3 to 1.7.0

Release notes

Sourced from changesets/action's releases.

v1.7.0

Minor Changes

  • #564 935fe87 Thanks @​Andarist! - Automatically use the GitHub-provided token to allow most users to avoid explicit GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration.

Patch Changes

  • #545 54220dd Thanks @​ryanbas21! - The .npmrc generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when NPM_TOKEN is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.

  • #563 6af4a7e Thanks @​Andarist! - Don't error on already committed symlinks and executables that stay untouched

v1.6.0

Minor Changes

Changelog

Sourced from changesets/action's changelog.

@​changesets/action

1.7.0

Minor Changes

  • #564 935fe87 Thanks @​Andarist! - Automatically use the GitHub-provided token to allow most users to avoid explicit GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration.

Patch Changes

  • #545 54220dd Thanks @​ryanbas21! - The .npmrc generation now intelligently handles both traditional NPM token authentication and trusted publishing scenarios by only appending the auth token when NPM_TOKEN is defined. This prevents 'undefined' from being written to the registry configuration when using OIDC tokens from GitHub Actions trusted publishing.

  • #563 6af4a7e Thanks @​Andarist! - Don't error on already committed symlinks and executables that stay untouched

1.6.0

Minor Changes

1.5.3

Patch Changes

  • #477 9d933dc Thanks @​Andarist! - Updated @actions/* and @octokit/* dependencies.

  • #479 cf373e4 Thanks @​Andarist! - Switched to esbuild for bundling the dist file. This led to 45% file size reduction.

  • #488 022692b Thanks @​s0! - Fix PRs sometimes not getting reopened with commitMode: github-api

    There was a race-condition that means sometimes existing PRs would not be found, and new PRs would be opened. This has now been fixed by fetching existing PRs before making any changes.

  • #486 7ed1955 Thanks @​s0! - Fixed situations in which cwd was specified as a relative path and used with (default) commitMode: git-cli

  • #461 e9c36b6 Thanks @​nayounsang! - Avoid hitting a deprecation warning when encountering errors from @octokit/request-error

1.5.2

Patch Changes

  • #473 3c24abe Thanks @​s0! - Make git add work consistently with subdirectories

    Ensure that when running the action from a subdirectory of a repository, only the files from that directory are added, regardless of commitMode.

1.5.1

Patch Changes

... (truncated)

Commits
  • 6a0a831 v1.7.0
  • a7c5002 Version Packages (#565)
  • 935fe87 Automatically use the GitHub-provided token to allow most users to avoid expl...
  • 6af4a7e Don't error on symlinks and executables when they don't have to be touched an...
  • 746b247 Tweak logging related to NPM_TOKEN/OIDC auth (#566)
  • 54220dd Conditionally append NPM_TOKEN to .npmrc (#545)
  • 5e0dfa5 Version Packages (#559)
  • 342005d Upgrade from Node.js 20 to Node.js 24 LTS (#558)
  • See full diff in compare view

Updates Shopify/snapit from 0.0.14 to 0.1.0

Release notes

Sourced from Shopify/snapit's releases.

v0.1.0

  • Breaking: Require OIDC authentication (NPM Trusted Publishers). NPM_TOKEN is no longer supported.
  • OIDC requires npm CLI version 11.5.2 or later

v0.0.15

  • Add release_branch to configure the default release branch. Default is changeset-release/main.
Commits
  • efd7ad2 Support OIDC authentication for NPM publishing (#52)
  • e319ccb Bump stefanzweifel/git-auto-commit-action from 6.0.1 to 7.0.0 (#44)
  • f536e4a Fix typo
  • 9f048f6 Update GitHub Action Inputs to be more cohesive (#32)
  • 3eeca65 Bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 (#33)
  • fb962c3 Bump micromatch from 4.0.5 to 4.0.8 (#36)
  • b8e9964 Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 (#37)
  • dd9215c Bump @​octokit/request from 8.2.0 to 8.4.1 (#39)
  • e8d421a Bump actions/checkout from 4.2.2 to 5.0.0 (#40)
  • 4b2cce3 Bump actions/setup-node from 3.9.1 to 6.0.0 (#43)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump the actions group across 1 directory with 5 updates
b9e5216 
Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.3.0` |
| [pnpm/action-setup](https://github.com/pnpm/action-setup) | `4` | `5` |
| [changesets/action](https://github.com/changesets/action) | `1.5.3` | `1.7.0` |
| [Shopify/snapit](https://github.com/shopify/snapit) | `0.0.14` | `0.1.0` |



Updates `actions/checkout` from 4.2.2 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...de0fac2)

Updates `actions/setup-node` from 4.4.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...53b8394)

Updates `pnpm/action-setup` from 4 to 5
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v4...v5)

Updates `changesets/action` from 1.5.3 to 1.7.0
- [Release notes](https://github.com/changesets/action/releases)
- [Changelog](https://github.com/changesets/action/blob/main/CHANGELOG.md)
- [Commits](changesets/action@e0145ed...6a0a831)

Updates `Shopify/snapit` from 0.0.14 to 0.1.0
- [Release notes](https://github.com/shopify/snapit/releases)
- [Commits](Shopify/snapit@v0.0.14...v0.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: pnpm/action-setup
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: changesets/action
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: Shopify/snapit
  dependency-version: 0.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants