chore(deps): bump the github-actions group across 1 directory with 4 updates by dependabot[bot] · Pull Request #223 · smlx/ccv

dependabot · 2026-05-01T05:06:10Z

Bumps the github-actions group with 4 updates in the / directory: goreleaser/goreleaser-action, vladopajic/go-test-coverage, dependabot/fetch-metadata and docker/login-action.

Updates goreleaser/goreleaser-action from 7.0.0 to 7.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

test: cover install across release eras by @caarlos0 in goreleaser/goreleaser-action#555

feat: add version-file input by @caarlos0 in goreleaser/goreleaser-action#556

feat: resolve nightly to latest vX.Y.Z--nightly release by @caarlos0 in goreleaser/goreleaser-action#558

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

feat: verify release checksum and cosign signature by @caarlos0 in goreleaser/goreleaser-action#550

docs: document cosign verification in README by @caarlos0 in goreleaser/goreleaser-action#553

docs: Upgrade import GPG action version by @flecno in goreleaser/goreleaser-action#547

ci: drop docker-bake in favor of plain npm by @caarlos0 in goreleaser/goreleaser-action#551

ci: add release-major-tag workflow by @caarlos0 in goreleaser/goreleaser-action#552

ci: drop pre-cosign-v3 goreleaser versions from tests by @caarlos0 in goreleaser/goreleaser-action#554

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#543

ci(deps): bump the actions group with 5 updates by @dependabot[bot] in goreleaser/goreleaser-action#546

chore(deps): bump undici from 6.23.0 to 6.24.1 by @dependabot[bot] in goreleaser/goreleaser-action#545

New Contributors

@flecno made their first contribution in goreleaser/goreleaser-action#547

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

Commits

1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
a71152e refactor: drop legacy 'nightly' tag fallback
4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
4f96abf feat: add version-file input (#556)
15fa2a9 test: cover install across release eras (#555)
e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
be2e8a3 docs: document cosign verification in README (#553)
5e53f8e ci: add release-major-tag workflow (#552)
4068afa build: drop docker-bake in favor of plain npm (#551)
213ec80 docs: add CONTRIBUTING with pre-commit workflow
Additional commits viewable in compare view

Updates vladopajic/go-test-coverage from 2.18.4 to 2.18.7

Release notes

Sourced from vladopajic/go-test-coverage's releases.

v2.18.7

What's Changed

fix(coverage): file search should be preceded by / by @vladopajic in vladopajic/go-test-coverage#308

chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 by @dependabot[bot] in vladopajic/go-test-coverage#307

Full Changelog: vladopajic/go-test-coverage@v2.18.6...v2.18.7

v2.18.6

What's Changed

fix(docker): add certs by @vladopajic in vladopajic/go-test-coverage#306

Full Changelog: vladopajic/go-test-coverage@v2.18.5...v2.18.6

v2.18.5

What's Changed

chore: remove deprecated field by @vladopajic in vladopajic/go-test-coverage#286

chore(deps): bump dawidd6/action-download-artifact from 16 to 18 by @dependabot[bot] in vladopajic/go-test-coverage#287

chore: cosmetics by @vladopajic in vladopajic/go-test-coverage#288

chore(deps): bump dawidd6/action-download-artifact from 18 to 19 by @dependabot[bot] in vladopajic/go-test-coverage#289

chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 by @dependabot[bot] in vladopajic/go-test-coverage#290

chore(deps): bump golang.org/x/image from 0.18.0 to 0.38.0 by @dependabot[bot] in vladopajic/go-test-coverage#291

chore: remove magic values from args by @vladopajic in vladopajic/go-test-coverage#203

chore: update .github/.testcoverage.yml by @vladopajic in vladopajic/go-test-coverage#293

chore: update docker-entrypoint.sh by @vladopajic in vladopajic/go-test-coverage#294

chore(ci): reuse action test steps by @vladopajic in vladopajic/go-test-coverage#295

ci: trigger via pull request by @vladopajic in vladopajic/go-test-coverage#296

test(action): add more test cases by @vladopajic in vladopajic/go-test-coverage#297

chore(deps): bump dawidd6/action-download-artifact from 19 to 20 by @dependabot[bot] in vladopajic/go-test-coverage#299

chore(deps): bump golang from 1.26.1 to 1.26.2 by @dependabot[bot] in vladopajic/go-test-coverage#301

fix(coverage): fix comment annotation column bound case by @vladopajic in vladopajic/go-test-coverage#302

chore(coverage): ruse file ast by @vladopajic in vladopajic/go-test-coverage#304

chore: improvements by @vladopajic in vladopajic/go-test-coverage#303

TLD

this release includes security hardening and various improvements.

smaller performance gains in #304

Full Changelog: vladopajic/go-test-coverage@v2.18.4...2.18.5

Commits

8cfd056 chore(version): bump to v2.18.7
4203ba5 chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 (#307)
c43ff5b fix(coverage): file search should be preceded by / (#308)
b7a53f8 chore(version): bump to v2.18.6
bb6f9c6 fix(docker): add certs (#306)
5b86b55 chore(version): bump to v2.18.5
54057b8 chore: improvements (#303)
a1eb8f2 chore(coverage): ruse file ast (#304)
e212d64 fix(coverage): fix comment annotation column bound case (#302)
f91bdba chore(deps): bump golang from 1.26.1 to 1.26.2 (#301)
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 3.0.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

smlx · 2026-05-01T09:21:45Z

@dependabot rebase

…updates Bumps the github-actions group with 4 updates in the / directory: [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action), [vladopajic/go-test-coverage](https://github.com/vladopajic/go-test-coverage), [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [docker/login-action](https://github.com/docker/login-action). Updates `goreleaser/goreleaser-action` from 7.0.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@ec59f47...1a80836) Updates `vladopajic/go-test-coverage` from 2.18.4 to 2.18.7 - [Release notes](https://github.com/vladopajic/go-test-coverage/releases) - [Commits](vladopajic/go-test-coverage@f190f66...8cfd056) Updates `dependabot/fetch-metadata` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@ffa630c...25dd0e3) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: vladopajic/go-test-coverage dependency-version: 2.18.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 1, 2026

github-actions Bot enabled auto-merge May 1, 2026 05:06

smlx approved these changes May 1, 2026

View reviewed changes

dependabot Bot changed the title ~~chore(deps): bump the github-actions group with 4 updates~~ chore(deps): bump the github-actions group across 1 directory with 4 updates May 1, 2026

dependabot Bot force-pushed the dependabot/github_actions/github-actions-099a841535 branch from 8960010 to be6fa9b Compare May 1, 2026 09:23

github-actions Bot merged commit e70813c into main May 1, 2026
9 checks passed

github-actions Bot deleted the dependabot/github_actions/github-actions-099a841535 branch May 1, 2026 09:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 4 updates#223

chore(deps): bump the github-actions group across 1 directory with 4 updates#223
github-actions[bot] merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-099a841535

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

Uh oh!

smlx commented May 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v7.2.1

v7.2.0

What's Changed

v7.1.0

What's Changed

New Contributors

v2.18.7

What's Changed

v2.18.6

What's Changed

v2.18.5

What's Changed

TLD

v3.1.0

What's Changed

New Contributors

v4.1.0

Uh oh!

smlx commented May 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading