Skip to content

chore(deps): bump the github-actions group across 1 directory with 4 updates#5438

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-6855d708bb
Open

chore(deps): bump the github-actions group across 1 directory with 4 updates#5438
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-6855d708bb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps the github-actions group with 4 updates in the / directory: getsentry/craft/.github/workflows/changelog-preview.yml, getsentry/github-workflows, actions/create-github-app-token and getsentry/craft.

Updates getsentry/craft/.github/workflows/changelog-preview.yml from 2.26.3 to 2.26.4

Release notes

Sourced from getsentry/craft/.github/workflows/changelog-preview.yml's releases.

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

Changelog

Sourced from getsentry/craft/.github/workflows/changelog-preview.yml's changelog.

Changelog

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

2.26.3

Bug Fixes 🐛

2.26.2

Security 🔒

Bug Fixes 🐛

  • (prepare) Remove --allow-remote-config gate by @​BYK in #809

Internal Changes 🔧

2.26.1

Security 🔒

  • (release-env) Allowlist GITHUB_* and RUNNER_* by prefix by @​BYK in #807

Bug Fixes 🐛

  • (npm) Tolerate workspace:* deps in version bump and bun.lock patching by @​BYK in #805

Internal Changes 🔧

  • Fix Node 20 + app-id deprecation warnings, refresh Node matrix by @​BYK in #803

2.26.0

... (truncated)

Commits
  • 70714dd release: 2.26.4
  • a7098da fix: resolve open dependabot security alerts (#816)
  • ebbd176 build(deps-dev): bump simple-git from 3.33.0 to 3.36.0 (#814)
  • 134b650 fix(security): Prevent script injection in changelog-preview workflow (#813)
  • e04c703 meta: Bump new development version
  • 0589632 Merge branch 'release/2.26.3'
  • See full diff in compare view

Updates getsentry/github-workflows from 3.3.0 to 3.4.0

Release notes

Sourced from getsentry/github-workflows's releases.

3.4.0

Features

  • Validate PR - Action is advisory: it posts a single friendly comment on community PRs that don't reference an issue with maintainer discussion. PRs are not closed and no labels are applied. Recommended trigger is types: [opened].
  • Validate PR - Skip validation for PRs with fewer than 100 lines changed, excluding common lock files (Cargo.lock, yarn.lock, package-lock.json, Pipfile.lock, etc.). Tiny PRs no longer go through the issue-discussion loop.
  • Add validate-pr composite action for validating non-maintainer PRs against contribution guidelines (#153)

Fixes

  • Complete script injection hardening across all actions: move remaining step outputs to env vars, validate Danger version against semver (#152)
  • Updater - Trigger CI for new PRs without changelog updates (#166)
  • Updater - Select the first branch when multiple branches point at HEAD (#165)

Dependencies

Commits
  • 607fed7 release: 3.4.0
  • 82866c1 chore: update getsentry/craft to 2.26.3 (#168)
  • 24be696 fix: complete script injection hardening across all actions (#152)
  • a940f77 fix(updater): Trigger CI for new PRs without changelog updates (#166)
  • 98c1e36 test(updater): Accept either main or master as sentry-cli main branch (#167)
  • d81d746 chore: update danger/danger.properties to 13.0.5 (#160)
  • 80476a9 fix(updater): Select first matching main branch (#165)
  • 43bf14b feat(validate-pr): Make advisory; drop close + labels (#163)
  • 71588dd feat(validate-pr): Skip checks for users with write access (#162)
  • 02fd7a2 feat(validate-pr): Skip all checks when a maintainer reopens a PR (#161)
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 3.1.1 to 3.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

Updates getsentry/craft from 2.26.3 to 2.26.4

Release notes

Sourced from getsentry/craft's releases.

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

Changelog

Sourced from getsentry/craft's changelog.

Changelog

2.26.4

Bug Fixes 🐛

Internal Changes 🔧

2.26.3

Bug Fixes 🐛

2.26.2

Security 🔒

Bug Fixes 🐛

  • (prepare) Remove --allow-remote-config gate by @​BYK in #809

Internal Changes 🔧

2.26.1

Security 🔒

  • (release-env) Allowlist GITHUB_* and RUNNER_* by prefix by @​BYK in #807

Bug Fixes 🐛

  • (npm) Tolerate workspace:* deps in version bump and bun.lock patching by @​BYK in #805

Internal Changes 🔧

  • Fix Node 20 + app-id deprecation warnings, refresh Node matrix by @​BYK in #803

2.26.0

... (truncated)

Commits
  • 70714dd release: 2.26.4
  • a7098da fix: resolve open dependabot security alerts (#816)
  • ebbd176 build(deps-dev): bump simple-git from 3.33.0 to 3.36.0 (#814)
  • 134b650 fix(security): Prevent script injection in changelog-preview workflow (#813)
  • e04c703 meta: Bump new development version
  • 0589632 Merge branch 'release/2.26.3'
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 15, 2026
@dependabot dependabot Bot requested a review from adinauer as a code owner May 15, 2026 04:41
@dependabot dependabot Bot added the github_actions Pull requests that update GitHub Actions code label May 15, 2026
cursor[bot]
cursor Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit e5964d2. Configure here.

Comment thread .github/workflows/validate-pr.yml
pull-requests: write
steps:
- uses: getsentry/github-workflows/validate-pr@71588ddf95134f804e82c5970a8098588e2eaecd
- uses: getsentry/github-workflows/validate-pr@26f565c05d0dd49f703d238706b775883037d76b
Copy link
Copy Markdown

@cursor cursor Bot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

validate-pr action downgraded instead of upgraded to v3.4.0

High Severity

The validate-pr action is pinned to commit 26f565c0... which is the v3.3.0 release of getsentry/github-workflows. All other references to this dependency (danger.yml, update-deps.yml) are correctly bumped from 26f565c0... (v3.3.0) to 607fed74... (v3.4.0). The previous pin (71588ddf...) was actually a newer commit from the v3.4.0 development cycle, so this change is a downgrade rather than an upgrade. The correct hash here is 607fed74f812e69201531a5185b6c3c57caa4e89.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit e5964d2. Configure here.

Copy link
Copy Markdown
Contributor

@runningcode runningcode May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why?

@dependabot
chore(deps): bump the github-actions group across 1 directory with 4 …
6310d1d 
…updates

Bumps the github-actions group with 4 updates in the / directory: [getsentry/craft/.github/workflows/changelog-preview.yml](https://github.com/getsentry/craft), [getsentry/github-workflows](https://github.com/getsentry/github-workflows), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [getsentry/craft](https://github.com/getsentry/craft).


Updates `getsentry/craft/.github/workflows/changelog-preview.yml` from 2.26.3 to 2.26.4
- [Release notes](https://github.com/getsentry/craft/releases)
- [Changelog](https://github.com/getsentry/craft/blob/master/CHANGELOG.md)
- [Commits](getsentry/craft@bae212c...70714dd)

Updates `getsentry/github-workflows` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/getsentry/github-workflows/releases)
- [Commits](getsentry/github-workflows@3.3.0...3.4.0)

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@1b10c78...bcd2ba4)

Updates `getsentry/craft` from 2.26.3 to 2.26.4
- [Release notes](https://github.com/getsentry/craft/releases)
- [Changelog](https://github.com/getsentry/craft/blob/master/CHANGELOG.md)
- [Commits](getsentry/craft@bae212c...70714dd)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: getsentry/craft
  dependency-version: 2.26.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: getsentry/craft/.github/workflows/changelog-preview.yml
  dependency-version: 2.26.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: getsentry/github-workflows
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-6855d708bb branch from e5964d2 to 6310d1d Compare May 15, 2026 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@romtsn romtsn Awaiting requested review from romtsn romtsn is a code owner

@markushi markushi Awaiting requested review from markushi markushi is a code owner

@runningcode runningcode Awaiting requested review from runningcode runningcode is a code owner

@0xadam-brown 0xadam-brown Awaiting requested review from 0xadam-brown 0xadam-brown is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@runningcode