Bump the all-github-actions group with 7 updates by dependabot[bot] · Pull Request #2319 · aws/aws-lambda-dotnet

dependabot · 2026-04-02T00:39:31Z

Bumps the all-github-actions group with 7 updates:

Package	From	To
aws-actions/configure-aws-credentials	`5.1.1`	`6.0.0`
docker/setup-qemu-action	`3`	`4`
docker/setup-buildx-action	`3`	`4`
docker/build-push-action	`6`	`7`
tj-actions/changed-files	`47.0.1`	`47.0.5`
aws-actions/aws-secretsmanager-get-secrets	`2.0.10`	`3.0.0`
github/codeql-action	`4.31.9`	`4.35.1`

Updates aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 Note this requires GitHub action runner version v2.327.1 or later (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

release 5.1.1 (56d6a58)

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

... (truncated)

Commits

8df5847 chore(deps): bump fast-xml-parser and @aws-sdk/xml-builder (#1640)
d22a0f8 chore(deps-dev): bump @types/node from 25.0.10 to 25.2.0 (#1635)
f7b8181 chore(main): release 6.0.0 (#1641)
c367a6a chore: integ tests manual option (#1639)
7ceaf96 fix: correct outputs for role chaining (#1633)
a7a2c11 feat!: update action to use node24 (#1632)
6e3375d chore: remove release-please release automation (#1631)
98abed7 chore: add workflow_dispatch trigger to release workflow (#1630)
bf3adbb chore: Update dist
db43b8b chore: re-run linter
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Display binfmt version by @crazy-max in docker/setup-qemu-action#202

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-qemu-action#205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Handle no default attestations env var by @crazy-max in docker/build-push-action#1343

... (truncated)

Commits

d08e5c3 Merge pull request #1479 from docker/dependabot/npm_and_yarn/docker/actions-t...
cbd2dff chore: update generated content
f76f51f chore(deps): Bump @docker/actions-toolkit from 0.78.0 to 0.79.0
7d03e66 Merge pull request #1473 from crazy-max/rm-deprecated-envs
98f853d chore: update generated content
cadccf6 remove deprecated envs
03fe877 Merge pull request #1478 from docker/dependabot/github_actions/docker/setup-b...
827e366 chore(deps): Bump docker/setup-buildx-action from 3 to 4
e25db87 Merge pull request #1474 from crazy-max/rm-export-build-tool
1ac2573 Merge pull request #1470 from crazy-max/node24
Additional commits viewable in compare view

Updates tj-actions/changed-files from 47.0.1 to 47.0.5

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.5

What's Changed

Upgraded to v47.0.4 by @github-actions[bot] in tj-actions/changed-files#2802

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2803

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2805

chore(deps-dev): bump @types/node from 25.2.2 to 25.3.2 by @dependabot[bot] in tj-actions/changed-files#2811

chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in tj-actions/changed-files#2810

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in tj-actions/changed-files#2809

chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by @dependabot[bot] in tj-actions/changed-files#2799

chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by @dependabot[bot] in tj-actions/changed-files#2806

chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by @dependabot[bot] in tj-actions/changed-files#2775

chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in tj-actions/changed-files#2774

chore(deps): bump lodash and @types/lodash by @dependabot[bot] in tj-actions/changed-files#2807

chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by @dependabot[bot] in tj-actions/changed-files#2764

chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in tj-actions/changed-files#2815

chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3 by @dependabot[bot] in tj-actions/changed-files#2814

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

v47.0.4

What's Changed

update: release-tagger action to version 6.0.6 by @jackton1 in tj-actions/changed-files#2801

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 by @dependabot[bot] in tj-actions/changed-files#2790

update: release-tagger action to version 6.0.0 by @jackton1 in tj-actions/changed-files#2800

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

chore(deps-dev): bump eslint-plugin-jest from 29.2.1 to 29.11.0 by @dependabot[bot] in tj-actions/changed-files#2751

chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in tj-actions/changed-files#2741

chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in tj-actions/changed-files#2743

chore(deps): bump @actions/core from 2.0.0 to 2.0.2 by @dependabot[bot] in tj-actions/changed-files#2757

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2768

chore: update dist by @jackton1 in tj-actions/changed-files#2769

chore: update matrix-example.yml by @jackton1 in tj-actions/changed-files#2752

feat: add support for excluding symlinks and fix bug with commit not found by @jackton1 in tj-actions/changed-files#2770

chore(deps): bump github/codeql-action from 4.31.7 to 4.31.10 by @dependabot[bot] in tj-actions/changed-files#2761

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2771

chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 by @dependabot[bot] in tj-actions/changed-files#2756

chore(deps-dev): bump @types/lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in tj-actions/changed-files#2759

fix: Update test.yml by @jackton1 in tj-actions/changed-files#2781

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.5 - (2026-03-03)

🔄 Update

Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (35dace0) - (github-actions[bot])

Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

deps-dev: Bump @types/node from 25.3.2 to 25.3.3 (#2814) (22103cc) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.4 to 4.32.5 (#2815) (6c02e90) - (dependabot[bot])

deps-dev: Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764) (05f9457) - (dependabot[bot])

deps: Bump lodash and @types/lodash (#2807) (52ed872) - (dependabot[bot])

deps: Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774) (1cc5746) - (dependabot[bot])

deps-dev: Bump prettier from 3.7.4 to 3.8.1 (#2775) (de2962f) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.2 to 4.32.4 (#2806) (37e96cc) - (dependabot[bot])

deps-dev: Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799) (2180b0f) - (dependabot[bot])

deps: Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809) (cf021c1) - (dependabot[bot])

deps: Bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810) (b54ac6f) - (dependabot[bot])

deps-dev: Bump @types/node from 25.2.2 to 25.3.2 (#2811) (0f2a510) - (dependabot[bot])

⬆️ Upgrades

Upgraded to v47.0.4 (#2802)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (b7ac303) - (github-actions[bot])

47.0.4 - (2026-02-17)

🔄 Update

Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

... (truncated)

Commits

22103cc chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3 (#2814)
6c02e90 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#2815)
05f9457 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764)
52ed872 chore(deps): bump lodash and @types/lodash (#2807)
1cc5746 chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774)
de2962f chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (#2775)
37e96cc chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#2806)
2180b0f chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799)
cf021c1 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809)
b54ac6f chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810)
Additional commits viewable in compare view

Updates aws-actions/aws-secretsmanager-get-secrets from 2.0.10 to 3.0.0

Release notes

Sourced from aws-actions/aws-secretsmanager-get-secrets's releases.

v3.0.0

What's Changed

Replace push dist/ with check dist/ by @simonmarty in aws-actions/aws-secretsmanager-get-secrets#256

fix: use OIDC for Codecov by @ThirdEyeSqueegee in aws-actions/aws-secretsmanager-get-secrets#266

Add versioned user-agent to AWS API calls by @vedant-jaiswal in aws-actions/aws-secretsmanager-get-secrets#272

Update dependencies by @simonmarty in aws-actions/aws-secretsmanager-get-secrets#292

chore: Bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in aws-actions/aws-secretsmanager-get-secrets#295

Update dependencies by @dependabot[bot] in aws-actions/aws-secretsmanager-get-secrets#298

Remove actions/github, update actions/core by @simonmarty in aws-actions/aws-secretsmanager-get-secrets#299

Bump version from 2.0.11 to 3.0.0 by @simonmarty in aws-actions/aws-secretsmanager-get-secrets#297

New Contributors

@ThirdEyeSqueegee made their first contribution in aws-actions/aws-secretsmanager-get-secrets#266

@vedant-jaiswal made their first contribution in aws-actions/aws-secretsmanager-get-secrets#272

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v3.0.0

Commits

3a411b6 Bump version from 2.0.11 to 3.0.0 (#297)
07435e3 Remove actions/github, update actions/core (#299)
bed0d09 Update dependencies (#298)
ca8dc62 chore: Bump flatted from 3.3.3 to 3.4.2 (#295)
9c2003c Update dependencies (#292)
8d2df8d Add versioned user-agent to AWS API calls (#272)
aa511bf fix: use OIDC for Codecov (#266)
3f3c975 Replace push dist/ with check dist/ (#256)
See full diff in compare view

Updates github/codeql-action from 4.31.9 to 4.35.1

Release notes

Sourced from github/codeql-action's releases.

v4.35.1

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

v4.35.0

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

Update default CodeQL bundle version to 2.25.1. #3773

v4.34.1

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v4.34.0

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

v4.33.0

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked".

Bumps the all-github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `5.1.1` | `6.0.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.1` | `47.0.5` | | [aws-actions/aws-secretsmanager-get-secrets](https://github.com/aws-actions/aws-secretsmanager-get-secrets) | `2.0.10` | `3.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.1` | Updates `aws-actions/configure-aws-credentials` from 5.1.1 to 6.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@61815dc...8df5847) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `tj-actions/changed-files` from 47.0.1 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@e002140...22103cc) Updates `aws-actions/aws-secretsmanager-get-secrets` from 2.0.10 to 3.0.0 - [Release notes](https://github.com/aws-actions/aws-secretsmanager-get-secrets/releases) - [Commits](aws-actions/aws-secretsmanager-get-secrets@a9a7eb4...3a411b6) Updates `github/codeql-action` from 4.31.9 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@5d4e8d1...c10b806) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions - dependency-name: aws-actions/aws-secretsmanager-get-secrets dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-02T17:09:41Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot added the Release Not Needed Add this label if a PR does not need to be released. label Apr 2, 2026

GarrettBeatty closed this Apr 2, 2026

GarrettBeatty reopened this Apr 2, 2026

GarrettBeatty approved these changes Apr 2, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-github-actions group with 7 updates#2319

Bump the all-github-actions group with 7 updates#2319
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/github_actions/dev/all-github-actions-ee81c66ffd

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 2, 2026

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

Changelog

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

5.1.1 (2025-11-24)

Miscellaneous Chores

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v6.18.0

v6.17.0

v6.16.0

v47.0.5

What's Changed

v47.0.4

What's Changed

v47.0.3

What's Changed

v47.0.2

What's Changed

Changelog

47.0.5 - (2026-03-03)

🔄 Update

⚙️ Miscellaneous Tasks

⬆️ Upgrades

47.0.4 - (2026-02-17)

🔄 Update

47.0.3 - (2026-02-17)

🔄 Update

⚙️ Miscellaneous Tasks

v3.0.0

What's Changed

New Contributors

v4.35.1

v4.35.0

v4.34.1

v4.34.0

v4.33.0

Uh oh!

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant