shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,639 Commits 1,133 Branches 344 Tags
334a2e59d82894164b697eb7303fa484f3735c9d
Commit Graph

52 Commits

Author SHA1 Message Date
dependabot[bot] 334a2e59d8 ci: bump the github-actions group across 1 directory with 14 updates 
Bumps the github-actions group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.17.0` | `2.19.4` |
| [chromaui/action](https://github.com/chromaui/action) | `16.3.0` | `17.0.1` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.1.1` | `3.2.0` |
| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `3.0.0` | `3.1.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.1.0` | `6.1.2` |
| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.5` | `2.8.8` |
| [depot/build-push-action](https://github.com/depot/build-push-action) | `1.17.0` | `1.18.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [linear/linear-release-action](https://github.com/linear/linear-release-action) | `0.7.0` | `0.14.0` |
| [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) | `3.0.1` | `3.0.2` |
| [benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch) | `1.3.1` | `1.3.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.0` |
| [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` |



Updates `step-security/harden-runner` from 2.17.0 to 2.19.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...9af89fc71515a100421586dfdb3dc9c984fbf411)

Updates `chromaui/action` from 16.3.0 to 17.0.1
- [Release notes](https://github.com/chromaui/action/releases)
- [Changelog](https://github.com/chromaui/action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chromaui/action/compare/5c6ec06f45a2117a25f07b1bf2b2f3009233fac8...0b8c883861c1663076150cf1f4592b19d1ff6a54)

Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee)

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1)

Updates `dependabot/fetch-metadata` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/ffa630c65fa7e0ecfa0625b5ceda64399aea1b36...25dd0e34f4fe68f24cc83900b1fe3fe149efef98)

Updates `aws-actions/configure-aws-credentials` from 6.1.0 to 6.1.2
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/ec61189d14ec14c8efccab744f656cffd0e33f37...acca2b1b2070338fb9fd1ca27ecee81d687e58e5)

Updates `fluxcd/flux2` from 2.8.5 to 2.8.8
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Commits](https://github.com/fluxcd/flux2/compare/5adad89dcce7b79f20274ae8e112bcec7bd46764...1fd61a06264d71cf445ed55c4f14d401d26a1c64)

Updates `depot/build-push-action` from 1.17.0 to 1.18.0
- [Release notes](https://github.com/depot/build-push-action/releases)
- [Commits](https://github.com/depot/build-push-action/compare/5f3b3c2e5a00f0093de47f657aeaefcedff27d18...98e78adca7817480b8185f474a400b451d74e287)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5)

Updates `linear/linear-release-action` from 0.7.0 to 0.14.0
- [Release notes](https://github.com/linear/linear-release-action/releases)
- [Commits](https://github.com/linear/linear-release-action/compare/0353b5fa8c00326913966f00557d68f8f30b8b6b...ad7da502eec3a93dd17e2e249e6c1cd84e3ee588)

Updates `toshimaru/auto-author-assign` from 3.0.1 to 3.0.2
- [Release notes](https://github.com/toshimaru/auto-author-assign/releases)
- [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/toshimaru/auto-author-assign/compare/4d585cc37690897bd9015942ed6e766aa7cdb97f...bdd7688cbf9e6d5683f02f8c7d8ae4062a254b6d)

Updates `benc-uk/workflow-dispatch` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/benc-uk/workflow-dispatch/releases)
- [Commits](https://github.com/benc-uk/workflow-dispatch/compare/7a027648b88c2413826b6ddd6c76114894dc5ec4...31e2b3319479a63f0ab15bf800eff9e913504e26)

Updates `github/codeql-action` from 4.35.1 to 4.36.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

Updates `actions/stale` from 10.2.0 to 10.3.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: benc-uk/workflow-dispatch
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: chromaui/action
  dependency-version: 17.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: depot/build-push-action
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: fluxcd/flux2
  dependency-version: 2.8.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: linear/linear-release-action
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: toshimaru/auto-author-assign
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-02 14:34:08 +00:00
Jakub Domeracki 9f02fec3a9 ci(.github/workflows/contrib): skip community label for dependabot (#24660) 2026-04-23 10:25:46 +02:00
dependabot[bot] edd5d83280 ci: bump the github-actions group with 12 updates (#24558) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lukasz <CommanderK5@users.noreply.github.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
 2026-04-23 10:31:55 +05:00
Jakub Domeracki d8d63ad9a0 fix(.github/workflows): upgrade github-script to v9 in community-label job (#24479) 
The `community-label` job in the contrib workflow fails with:

```
Error: Cannot find module '@actions/github'
```

`require("@actions/github")` does not work inside the bundled
`actions/github-script` v8 dist — the package is compiled into
`dist/index.js` and is not resolvable by Node's module loader at
runtime.

`actions/github-script` v9 exposes `getOctokit` as an injected script
parameter, so the `require` call is no longer needed.

Failing run:
https://github.com/coder/coder/actions/runs/24566113706/job/71826621724

> 🤖 Generated by Coder Agents
 2026-04-17 15:39:43 +02:00
Garrett Delfosse 7e68d18e04 fix(.github/workflows/contrib): use @actions/github instead of @octokit/rest in community-label job (#24343) 2026-04-14 14:38:19 -04:00
Garrett Delfosse 079dc48ba0 ci: use GitHub App for community label org membership check (#24149) 
Supersedes #23343.

## Problem

`author_association` on `pull_request_target` events is unreliable:

- Returns `CONTRIBUTOR` instead of `MEMBER` when both apply
([actions/github-script#643](https://github.com/actions/github-script/issues/643)).
- Returns `NONE` for members with private org visibility
([community#18690](https://github.com/orgs/community/discussions/18690)).

This causes org members to incorrectly receive the `community` label.

## Approach

Replace the `author_association` check with an explicit
`orgs.checkMembershipForUser()` API call, which reliably detects both
public and private org members.

Uses a dedicated **GitHub App** via `actions/create-github-app-token`
instead of a PAT. The App only needs **Organization > Members: Read**
permission. Installation tokens are short-lived (1 hour) and
auto-rotated — no long-lived secrets to worry about.

### Setup required

A repo/org admin needs to:
1. Create a GitHub App with only **Organization > Members: Read**
permission.
2. Install it on the `coder` org.
3. Store the App ID as a repository variable: `ORG_MEMBERSHIP_APP_ID`.
4. Store the App's private key as a repository secret:
`ORG_MEMBERSHIP_APP_PRIVATE_KEY`.

> [!NOTE]
> Generated by Coder Agents

---------

Co-authored-by: Jakub Domeracki <jakub@coder.com>
 2026-04-13 10:18:16 -04:00
Atif Ali 677f90b78a chore: label community PRs on open (#23157) 2026-03-18 18:15:37 +05:00
Mathias Fredriksson aa6f301305 ci: add conventional commit PR title linting (#23096) 
Restore PR title validation that was removed in 828f33a when
cdr-bot was expected to handle it. That bot has since been disabled.

The new title job in contrib.yaml validates:
- Conventional commit format (type(scope): description)
- Type from the same set used by release notes generation
- Scope validity derived from the changed files in the PR diff
- All changed files fall under the declared scope

Uses actions/github-script (no third-party marketplace actions).

Also fixes feat(api) examples across docs (no api folder exists)
and consolidates commit rules into CONTRIBUTING.md as the single
source of truth.
 2026-03-16 12:24:59 +02:00
Dean Sheather b8b8387b27 chore: allow blinkagent[bot] to bypass CLA check (#21872) 2026-02-03 03:03:51 +00:00
dependabot[bot] 0b460b8d95 ci: bump the github-actions group across 1 directory with 16 updates (#19736) 
Bumps the github-actions group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.0` |
`5.0.0` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.35.3` |
`1.36.2` |
| [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` |
`4.3.1` |
| [chromaui/action](https://github.com/chromaui/action) | `13.1.3` |
`13.1.4` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1`
| `5.0.0` |
|
[google-github-actions/auth](https://github.com/google-github-actions/auth)
| `2.1.12` | `3.0.0` |
|
[google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud)
| `2.2.0` | `3.0.1` |
| [actions/attest](https://github.com/actions/attest) | `2.4.0` |
`3.0.0` |
|
[google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials)
| `2.3.4` | `3.0.0` |
| [actions/github-script](https://github.com/actions/github-script) |
`7.0.1` | `8.0.0` |
| [depot/build-push-action](https://github.com/depot/build-push-action)
| `1.15.0` | `1.16.2` |
|
[tj-actions/changed-files](https://github.com/tj-actions/changed-files)
| `f963b3f3562b00b6d2dd25efc390eb04e51ef6c6` |
`8c14441336bb3d84fd6b7fa83b6d7201c740baf5` |
|
[nixbuild/nix-quick-install-action](https://github.com/nixbuild/nix-quick-install-action)
| `32` | `33` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.29.8` | `3.30.1` |
|
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action)
| `0.32.0` | `0.33.1` |
| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0`
|


Updates `actions/checkout` from 4.3.0 to 5.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a>
Update actions checkout to use node 24 (<a
href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/08eba0b27e820071cde6df949e0beb9ba4906955...08c6903cd8c0fde910a37f88322edcfb5dd907a8">compare
view</a></li>
</ul>
</details>
<br />

Updates `crate-ci/typos` from 1.35.3 to 1.36.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.36.2</h2>
<h2>[1.36.2] - 2025-09-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix regression from 1.36.1 when rendering an error for a line with
invalid UTF-8</li>
</ul>
<h2>v1.36.1</h2>
<h2>[1.36.1] - 2025-09-03</h2>
<h3>Fixes</h3>
<ul>
<li>Replaced the error rendering for various quality of life
improvements</li>
</ul>
<h2>v1.36.0</h2>
<h2>[1.36.0] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1345">August
2025</a> changes</li>
</ul>
<h2>v1.35.8</h2>
<h2>[1.35.8] - 2025-09-02</h2>
<h2>v1.35.7</h2>
<h2>[1.35.7] - 2025-08-29</h2>
<h3>Documentation</h3>
<ul>
<li>Expand PyPI metadata</li>
</ul>
<h2>v1.35.6</h2>
<h2>[1.35.6] - 2025-08-28</h2>
<h3>Fixes</h3>
<ul>
<li>Track <code>go.mod</code> as a golang file (regression from
1.13.21)</li>
</ul>
<h2>v1.35.5</h2>
<h2>[1.35.5] - 2025-08-18</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>accidently</code></li>
<li>Fix typo in correction to <code>dynamincally</code></li>
<li>Fix typo in correction to <code>interruptability</code></li>
<li>Fix typo in correction to <code>interruptability</code></li>
<li>Fix typo in correction to <code>messager</code></li>
<li>Fix typo in correction to <code>preferables</code></li>
<li>Fix typo in correction to <code>producibles</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.36.2] - 2025-09-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix regression from 1.36.1 when rendering an error for a line with
invalid UTF-8</li>
</ul>
<h2>[1.36.1] - 2025-09-03</h2>
<h3>Fixes</h3>
<ul>
<li>Replaced the error rendering for various quality of life
improvements</li>
</ul>
<h2>[1.36.0] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1345">August
2025</a> changes</li>
</ul>
<h2>[1.35.8] - 2025-09-02</h2>
<h2>[1.35.7] - 2025-08-29</h2>
<h3>Documentation</h3>
<ul>
<li>Expand PyPI metadata</li>
</ul>
<h2>[1.35.6] - 2025-08-28</h2>
<h3>Fixes</h3>
<ul>
<li>Track <code>go.mod</code> as a golang file (regression from
1.13.21)</li>
</ul>
<h2>[1.35.5] - 2025-08-18</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>accidently</code></li>
<li>Fix typo in correction to <code>dynamincally</code></li>
<li>Fix typo in correction to <code>interruptability</code></li>
<li>Fix typo in correction to <code>interruptability</code></li>
<li>Fix typo in correction to <code>messager</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/85f62a8a84f939ae994ab3763f01a0296d61a7ee"><code>85f62a8</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/6f26306a9140281f8f46294118abc2b5cf88a04d"><code>6f26306</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/6bd8b39b57af405b681ed2d7d563f5cdf788388f"><code>6bd8b39</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1374">#1374</a>
from epage/invalid</li>
<li><a
href="https://github.com/crate-ci/typos/commit/f5e19d303814c9192cf68dba44e25b470ef29461"><code>f5e19d3</code></a>
fix(cli): Don't panic with invalid utf-8</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5062775d92cab861376d135b425089eba7bb719d"><code>5062775</code></a>
test(cli): Generalize utf16 tests</li>
<li><a
href="https://github.com/crate-ci/typos/commit/b6297a6a5072df106aa9d94197f5d0533a9730bc"><code>b6297a6</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/e6d718928a2978481771e814abdc731cb904c980"><code>e6d7189</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/1bf1ed2584d38a3d8f47e0715013e092bdda3cec"><code>1bf1ed2</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1372">#1372</a>
from epage/render</li>
<li><a
href="https://github.com/crate-ci/typos/commit/9e79b8d2c636476c043d040ddaa0413ad065f28b"><code>9e79b8d</code></a>
refactor(cli): Give control over the whole group</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a5fa6034532da62881f747a74e2bbc1f58886265"><code>a5fa603</code></a>
refactor(cli): Extract snippet creation</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/52bd719c2c91f9d676e2aa359fc8e0db8925e6d8...85f62a8a84f939ae994ab3763f01a0296d61a7ee">compare
view</a></li>
</ul>
</details>
<br />

Updates `azure/setup-helm` from 4.3.0 to 4.3.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/azure/setup-helm/releases">azure/setup-helm's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/167">#167</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/167">Pinning
Action Dependencies for Security and Reliability</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/181">#181</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/181">Fix
types, and update node version.</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/191">#191</a>
<a
href="https://redirect.github.com/Azure/setup-helm/pull/191">chore(tests):
Mock arch to make tests pass on arm host</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/192">#192</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/192">chore:
remove unnecessary prebuild script</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/203">#203</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/203">Update
helm version retrieval to use JSON output for latest version</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/207">#207</a>
<a
href="https://redirect.github.com/Azure/setup-helm/pull/207">ci(workflows):
update helm version to v3.18.4 and add matrix for tests</a></li>
</ul>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/197">#197</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/197">Add
pre-commit hook</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md">azure/setup-helm's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<h2>[4.3.1] - 2025-08-12</h2>
<h3>Changed</h3>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/167">#167</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/167">Pinning
Action Dependencies for Security and Reliability</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/181">#181</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/181">Fix
types, and update node version.</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/191">#191</a>
<a
href="https://redirect.github.com/Azure/setup-helm/pull/191">chore(tests):
Mock arch to make tests pass on arm host</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/192">#192</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/192">chore:
remove unnecessary prebuild script</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/203">#203</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/203">Update
helm version retrieval to use JSON output for latest version</a></li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/207">#207</a>
<a
href="https://redirect.github.com/Azure/setup-helm/pull/207">ci(workflows):
update helm version to v3.18.4 and add matrix for tests</a></li>
</ul>
<h3>Added</h3>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/197">#197</a>
<a href="https://redirect.github.com/Azure/setup-helm/pull/197">Add
pre-commit hook</a></li>
</ul>
<h2>[4.3.0] - 2025-02-15</h2>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/152">#152</a>
feat: log when restoring from cache</li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/157">#157</a>
Dependencies Update</li>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/137">#137</a>
Add dependabot</li>
</ul>
<h2>[4.2.0] - 2024-04-15</h2>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/124">#124</a>
Fix OS detection and download OS-native archive extension</li>
</ul>
<h2>[4.1.0] - 2024-03-01</h2>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/130">#130</a>
switches to use Helm published file to read latest version instead of
using GitHub releases</li>
</ul>
<h2>[4.0.0] - 2024-02-12</h2>
<ul>
<li><a
href="https://redirect.github.com/azure/setup-helm/issues/121">#121</a>
update to node20 as node16 is deprecated</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Azure/setup-helm/commit/1a275c3b69536ee54be43f2070a358922e12c8d4"><code>1a275c3</code></a>
build</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/9e7f762d6f65c7a11db6cd4eadcf3c602b273f47"><code>9e7f762</code></a>
chore(release): v4.3.1 (<a
href="https://redirect.github.com/azure/setup-helm/issues/208">#208</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/c096176d63fc5e293d360dd405e4b9ab2ddadccd"><code>c096176</code></a>
Bump <code>@​types/node</code> from 24.1.0 to 24.2.1 in the actions
group (<a
href="https://redirect.github.com/azure/setup-helm/issues/206">#206</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/5e7287287e0a62377e90be8d80c4e9520ad5676b"><code>5e72872</code></a>
ci(workflows): update helm version to v3.18.4 and add matrix for tests
(<a
href="https://redirect.github.com/azure/setup-helm/issues/207">#207</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/fb8fa4070642059a5ed2b5d02e2992422ebb5f09"><code>fb8fa40</code></a>
Update default helm version to 3.18.3 (<a
href="https://redirect.github.com/azure/setup-helm/issues/194">#194</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/0d097290a8b8242b9d9c3aae2628122e860fea32"><code>0d09729</code></a>
chore: remove unnecessary prebuild script (<a
href="https://redirect.github.com/azure/setup-helm/issues/192">#192</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/32bc12022d790ee9f7033b2b57cd5c7c309e5333"><code>32bc120</code></a>
chore(tests): Mock arch to make tests pass on arm host (<a
href="https://redirect.github.com/azure/setup-helm/issues/191">#191</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/51463d68e891cc6fcd306c1f61fce342582ac53b"><code>51463d6</code></a>
Bump the actions group with 2 updates (<a
href="https://redirect.github.com/azure/setup-helm/issues/205">#205</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/aff10941b250308c1eea3c6dd4a2e8602246ba0f"><code>aff1094</code></a>
Bump the actions group across 1 directory with 2 updates (<a
href="https://redirect.github.com/azure/setup-helm/issues/204">#204</a>)</li>
<li><a
href="https://github.com/Azure/setup-helm/commit/a10a5247d8e840d5e622e4e00cfc8b6103a9cafa"><code>a10a524</code></a>
Update helm version retrieval to use JSON output for latest version (<a
href="https://redirect.github.com/azure/setup-helm/issues/203">#203</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...1a275c3b69536ee54be43f2070a358922e12c8d4">compare
view</a></li>
</ul>
</details>
<br />

Updates `chromaui/action` from 13.1.3 to 13.1.4
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/chromaui/action/commit/d0795df816d05c4a89c80295303970fddd247cce"><code>d0795df</code></a>
v13.1.4</li>
<li>See full diff in <a
href="https://github.com/chromaui/action/compare/58d9ffb36c90c97a02d061544ecc849cc4a242a9...d0795df816d05c4a89c80295303970fddd247cce">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-java` from 4.7.1 to 5.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-java/releases">actions/setup-java's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Upgrade to node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-java/pull/888">actions/setup-java#888</a></li>
</ul>
<p>Make sure your runner is updated to this version or newer to use this
release. v2.327.1 <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade Publish Immutable Action by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/798">actions/setup-java#798</a></li>
<li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-java/pull/730">actions/setup-java#730</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-java/pull/833">actions/setup-java#833</a></li>
<li>Upgrade form-data to bring in fix for critical vulnerability by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-java/pull/887">actions/setup-java#887</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-java/pull/896">actions/setup-java#896</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Prevent default installation of JetBrains pre-releases by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-java/pull/859">actions/setup-java#859</a></li>
<li>Improve Error Handling for Setup-Java Action to Help Debug
Intermittent Failures by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-java/pull/848">actions/setup-java#848</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-java/pull/848">actions/setup-java#848</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-java/pull/888">actions/setup-java#888</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-java/compare/v4...v5.0.0">https://github.com/actions/setup-java/compare/v4...v5.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-java/commit/dded0888837ed1f317902acf8a20df0ad188d165"><code>dded088</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-java/issues/896">#896</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/0913e9a06eb8b69c62db76aa61f580c2b3a5b4e0"><code>0913e9a</code></a>
Upgrade to node 24 (<a
href="https://redirect.github.com/actions/setup-java/issues/888">#888</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/e9343db97e09d87a3c50e544105d99fe912c204b"><code>e9343db</code></a>
Bumps form-data (<a
href="https://redirect.github.com/actions/setup-java/issues/887">#887</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/ae2b61dbc685e60e4427b2e8ed4f0135c6ea8597"><code>ae2b61d</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/setup-java/issues/833">#833</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/c190c18febcf6c040d80b10ea201a05a2c320263"><code>c190c18</code></a>
Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (<a
href="https://redirect.github.com/actions/setup-java/issues/730">#730</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/67aec007b3fcabe15ca665bfccc1e255dd52e30d"><code>67aec00</code></a>
Fix: prevent default installation of JetBrains pre-releases (<a
href="https://redirect.github.com/actions/setup-java/issues/859">#859</a>)</li>
<li><a
href="https://github.com/actions/setup-java/commit/ebb356cc4e59bcf94f518203228485f5d40e4b58"><code>ebb356c</code></a>
Improve Error Handling for Setup-Java Action to Help Debug Intermittent
Failu...</li>
<li><a
href="https://github.com/actions/setup-java/commit/f4f1212c880fdec8162ea9a6493f4495191887b4"><code>f4f1212</code></a>
Update publish-immutable-actions.yml (<a
href="https://redirect.github.com/actions/setup-java/issues/798">#798</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-java/compare/c5195efecf7bdfc987ee8bae7a71cb8b11521c00...dded0888837ed1f317902acf8a20df0ad188d165">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/auth` from 2.1.12 to 3.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/auth/releases">google-github-actions/auth's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump to Node 24 and remove old parameters by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/508">google-github-actions/auth#508</a></li>
<li>Remove hacky script by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/509">google-github-actions/auth#509</a></li>
<li>Release: v3.0.0 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/510">google-github-actions/auth#510</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2...v3.0.0">https://github.com/google-github-actions/auth/compare/v2...v3.0.0</a></p>
<h2>v2.1.13</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/auth/pull/506">google-github-actions/auth#506</a></li>
<li>Release: v2.1.13 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/auth/pull/507">google-github-actions/auth#507</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/auth/compare/v2.1.12...v2.1.13">https://github.com/google-github-actions/auth/compare/v2.1.12...v2.1.13</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/auth/commit/7c6bc770dae815cd3e89ee6cdf493a5fab2cc093"><code>7c6bc77</code></a>
Release: v3.0.0 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/510">#510</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/42e4997ee345eebb9d114030d0f9e9b47829ee80"><code>42e4997</code></a>
Remove hacky script (<a
href="https://redirect.github.com/google-github-actions/auth/issues/509">#509</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/5ea4dc11472eebb0a541812f1063c7d318adf57e"><code>5ea4dc1</code></a>
Bump to Node 24 and remove old parameters (<a
href="https://redirect.github.com/google-github-actions/auth/issues/508">#508</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/c200f3691d83b41bf9bbd8638997a462592937ed"><code>c200f36</code></a>
Release: v2.1.13 (<a
href="https://redirect.github.com/google-github-actions/auth/issues/507">#507</a>)</li>
<li><a
href="https://github.com/google-github-actions/auth/commit/3a53be7e7cedfadb446e102fa59e97734b2ad238"><code>3a53be7</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/auth/issues/506">#506</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/auth/compare/b7593ed2efd1c1617e1b0254da33b86225adb2a5...7c6bc770dae815cd3e89ee6cdf493a5fab2cc093">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/setup-gcloud` from 2.2.0 to 3.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/setup-gcloud/releases">google-github-actions/setup-gcloud's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Release: v3.0.1 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/729">google-github-actions/setup-gcloud#729</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v3.0.0...v3.0.1">https://github.com/google-github-actions/setup-gcloud/compare/v3.0.0...v3.0.1</a></p>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li><strong>‼️ This release requires Node 24+!</strong></li>
<li><strong>‼️ The <code>skip_tool_cache</code> option has been
removed!</strong> Skipping the tool cache is now the default behavior.
To restore the previous behavior of using the tool cache (which is
unnecessary on GitHub managed runners, but may provide performance
increases on self-hosted runners), set <code>cache: true</code>.</li>
</ul>
<hr />
<ul>
<li>Bump to node24 by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/723">google-github-actions/setup-gcloud#723</a></li>
<li>Do not use the tool-cache by default by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/724">google-github-actions/setup-gcloud#724</a></li>
<li>Update to use v3 references by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/725">google-github-actions/setup-gcloud#725</a></li>
<li>Release: v3.0.0 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/726">google-github-actions/setup-gcloud#726</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2.2.1...v3.0.0">https://github.com/google-github-actions/setup-gcloud/compare/v2.2.1...v3.0.0</a></p>
<h2>v3</h2>
<p>Floating v3 tag</p>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/720">google-github-actions/setup-gcloud#720</a></li>
<li>Bump to the latest actions-utils to fix the gen-readme bug by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/721">google-github-actions/setup-gcloud#721</a></li>
<li>Release: v2.2.1 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/setup-gcloud/pull/722">google-github-actions/setup-gcloud#722</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/setup-gcloud/compare/v2...v2.2.1">https://github.com/google-github-actions/setup-gcloud/compare/v2...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/aa5489c8933f4cc7a4f7d45035b3b1440c9c10db"><code>aa5489c</code></a>
Release: v3.0.1 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/729">#729</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/26f734c2779b00b7dda794207734c511110a4368"><code>26f734c</code></a>
Release: v3.0.0 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/726">#726</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/d26df95ce13fba88a7c3f942b50bab0a6e17dc95"><code>d26df95</code></a>
Update to use v3 references (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/725">#725</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/f7c29183d6310acc4d89a82a2e4a06374e259082"><code>f7c2918</code></a>
Do not use the tool-cache by default (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/724">#724</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/6387e6954450355c9cd00e752f0b5e6a07078e1a"><code>6387e69</code></a>
Bump to node24 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/723">#723</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/e427ad8a34f8676edf47cf7d7925499adf3eb74f"><code>e427ad8</code></a>
Release: v2.2.1 (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/722">#722</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/d71efb74bd86be0c5c0035758f8b5b9069ef835f"><code>d71efb7</code></a>
Bump to the latest actions-utils to fix the gen-readme bug (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/721">#721</a>)</li>
<li><a
href="https://github.com/google-github-actions/setup-gcloud/commit/ed8ba68de5f95fc08e400796581a06a4acab88ae"><code>ed8ba68</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/setup-gcloud/issues/720">#720</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/setup-gcloud/compare/cb1e50a9932213ecece00a606661ae9ca44f3397...aa5489c8933f4cc7a4f7d45035b3b1440c9c10db">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/attest` from 2.4.0 to 3.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/attest/releases">actions/attest's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump form-data from 4.0.0 to 4.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/attest/pull/266">actions/attest#266</a></li>
<li>Bump <code>@​sigstore/oci</code> from 0.5.0 to 0.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/attest/pull/271">actions/attest#271</a></li>
<li>Upgrade to Node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> / <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest/pull/276">actions/attest#276</a></li>
<li>Improved checksum parsing by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest/pull/280">actions/attest#280</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p>v2.327.1
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest/compare/v2.4.0...v3.0.0">https://github.com/actions/attest/compare/v2.4.0...v3.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/attest/commit/daf44fb950173508f38bd2406030372c1d1162b1"><code>daf44fb</code></a>
improved checksum parsing (<a
href="https://redirect.github.com/actions/attest/issues/280">#280</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/eda10f897a7c40837fe73266c10a25e1046b87ff"><code>eda10f8</code></a>
Upgrade to Node 24 (<a
href="https://redirect.github.com/actions/attest/issues/276">#276</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/1e2321d2815b6c07c5479f3309d67a7698b091a1"><code>1e2321d</code></a>
remove super-linter (<a
href="https://redirect.github.com/actions/attest/issues/283">#283</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/aecfe99586992ebf9c025e2fb6ebb78f4f445055"><code>aecfe99</code></a>
Bump the npm-development group across 1 directory with 4 updates (<a
href="https://redirect.github.com/actions/attest/issues/282">#282</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/03f25d860248eee1946e81e6ad8d2420e4de03f3"><code>03f25d8</code></a>
Bump the npm-development group with 4 updates (<a
href="https://redirect.github.com/actions/attest/issues/273">#273</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/0fca5a6fa3c943b77f214acb62a366c247a8469e"><code>0fca5a6</code></a>
use absolute path in linter config (<a
href="https://redirect.github.com/actions/attest/issues/275">#275</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/238c03f77f9c851e5129d01004ff41fa0c755c35"><code>238c03f</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/attest/issues/272">#272</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/9c3e2717a6a9e8eafa4f389f0874b682bcb6f052"><code>9c3e271</code></a>
Bump <code>@​sigstore/oci</code> from 0.5.0 to 0.6.0 (<a
href="https://redirect.github.com/actions/attest/issues/271">#271</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/b40d9fa17a9e7bc51fb727ac9b6dae3ea1da6fa3"><code>b40d9fa</code></a>
Bump the npm-development group with 8 updates (<a
href="https://redirect.github.com/actions/attest/issues/270">#270</a>)</li>
<li><a
href="https://github.com/actions/attest/commit/e831e0e28dfaff51bc0c846aef5bb4195609318f"><code>e831e0e</code></a>
Bump form-data from 4.0.0 to 4.0.4 (<a
href="https://redirect.github.com/actions/attest/issues/266">#266</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/attest/compare/ce27ba3b4a9a139d9a20a4a07d69fabb52f1e5bc...daf44fb950173508f38bd2406030372c1d1162b1">compare
view</a></li>
</ul>
</details>
<br />

Updates `google-github-actions/get-gke-credentials` from 2.3.4 to 3.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google-github-actions/get-gke-credentials/releases">google-github-actions/get-gke-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump to Node 24 by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/339">google-github-actions/get-gke-credentials#339</a></li>
<li>Release: v3.0.0 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/340">google-github-actions/get-gke-credentials#340</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/v2...v3.0.0">https://github.com/google-github-actions/get-gke-credentials/compare/v2...v3.0.0</a></p>
<h2>v2.3.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deps by <a
href="https://github.com/sethvargo"><code>@​sethvargo</code></a> in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/337">google-github-actions/get-gke-credentials#337</a></li>
<li>Release: v2.3.5 by <a
href="https://github.com/google-github-actions-bot"><code>@​google-github-actions-bot</code></a>
in <a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/pull/338">google-github-actions/get-gke-credentials#338</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/v2.3.4...v2.3.5">https://github.com/google-github-actions/get-gke-credentials/compare/v2.3.4...v2.3.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/3da1e46a907576cefaa90c484278bb5b259dd395"><code>3da1e46</code></a>
Release: v3.0.0 (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/340">#340</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/a1565805d2a41ba5f23190da0a27b6c53ae74250"><code>a156580</code></a>
Bump to Node 24 (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/339">#339</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/64bc7249bbcf78056bb92f14d3cedc2da193946c"><code>64bc724</code></a>
Release: v2.3.5 (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/338">#338</a>)</li>
<li><a
href="https://github.com/google-github-actions/get-gke-credentials/commit/9de2e29024e4aeff8cf37aaa326508267ea011fc"><code>9de2e29</code></a>
Update deps (<a
href="https://redirect.github.com/google-github-actions/get-gke-credentials/issues/337">#337</a>)</li>
<li>See full diff in <a
href="https://github.com/google-github-actions/get-gke-credentials/compare/8e574c49425fa7efed1e74650a449bfa6a23308a...3da1e46a907576cefaa90c484278bb5b259dd395">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/github-script` from 7.0.1 to 8.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Node.js version support to 24.x by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li>
<li>README for updating actions/github-script from v7 to v8 by <a
href="https://github.com/sneha-krip"><code>@​sneha-krip</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/637">actions/github-script#637</a></li>
<li><a
href="https://github.com/sneha-krip"><code>@​sneha-krip</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/653">actions/github-script#653</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7.1.0...v8.0.0">https://github.com/actions/github-script/compare/v7.1.0...v8.0.0</a></p>
<h2>v7.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade husky to v9 by <a
href="https://github.com/benelan"><code>@​benelan</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li>
<li>Upgrade IA Publish by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/486">actions/github-script#486</a></li>
<li>Fix workflow status badges by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/497">actions/github-script#497</a></li>
<li>Update usage of <code>actions/upload-artifact</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/512">actions/github-script#512</a></li>
<li>Clear up package name confusion by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/514">actions/github-script#514</a></li>
<li>Update dependencies with <code>npm audit fix</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/515">actions/github-script#515</a></li>
<li>Specify that the used script is JavaScript by <a
href="https://github.com/timotk"><code>@​timotk</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li>
<li>chore: Add Dependabot for NPM and Actions by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/472">actions/github-script#472</a></li>
<li>Define <code>permissions</code> in workflows and update actions by
<a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in
<a
href="https://redirect.github.com/actions/github-script/pull/531">actions/github-script#531</a></li>
<li>chore: Add Dependabot for .github/actions/install-dependencies by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/532">actions/github-script#532</a></li>
<li>chore: Remove .vscode settings by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/533">actions/github-script#533</a></li>
<li>ci: Use github/setup-licensed by <a
href="https://github.com/nschonni"><code>@​nschonni</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/473">actions/github-script#473</a></li>
<li>make octokit instance available as octokit on top of github, to make
it easier to seamlessly copy examples from GitHub rest api or octokit
documentations by <a
href="https://github.com/iamstarkov"><code>@​iamstarkov</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li>
<li>Remove <code>octokit</code> README updates for v7 by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/557">actions/github-script#557</a></li>
<li>docs: add &quot;exec&quot; usage examples by <a
href="https://github.com/neilime"><code>@​neilime</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li>
<li>Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/563">actions/github-script#563</a></li>
<li>Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/github-script/pull/575">actions/github-script#575</a></li>
<li>Clearly document passing inputs to the <code>script</code> by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/603">actions/github-script#603</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/benelan"><code>@​benelan</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/482">actions/github-script#482</a></li>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/485">actions/github-script#485</a></li>
<li><a href="https://github.com/timotk"><code>@​timotk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/478">actions/github-script#478</a></li>
<li><a
href="https://github.com/iamstarkov"><code>@​iamstarkov</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/508">actions/github-script#508</a></li>
<li><a href="https://github.com/neilime"><code>@​neilime</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/546">actions/github-script#546</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/610">actions/github-script#610</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7...v7.1.0">https://github.com/actions/github-script/compare/v7...v7.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd"><code>ed59741</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/653">#653</a>
from actions/sneha-krip/readme-for-v8</li>
<li><a
href="https://github.com/actions/github-script/commit/2dc352e4baefd91bec0d06f6ae2f1045d1687ca3"><code>2dc352e</code></a>
Bold minimum Actions Runner version in README</li>
<li><a
href="https://github.com/actions/github-script/commit/01e118c8d0d22115597e46514b5794e7bc3d56f1"><code>01e118c</code></a>
Update README for Node 24 runtime requirements</li>
<li><a
href="https://github.com/actions/github-script/commit/8b222ac82eda86dcad7795c9d49b839f7bf5b18b"><code>8b222ac</code></a>
Apply suggestion from <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a></li>
<li><a
href="https://github.com/actions/github-script/commit/adc0eeac992408a7b276994ca87edde1c8ce4d25"><code>adc0eea</code></a>
README for updating actions/github-script from v7 to v8</li>
<li><a
href="https://github.com/actions/github-script/commit/20fe497b3fe0c7be8aae5c9df711ac716dc9c425"><code>20fe497</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/637">#637</a>
from actions/node24</li>
<li><a
href="https://github.com/actions/github-script/commit/e7b7f222b11a03e8b695c4c7afba89a02ea20164"><code>e7b7f22</code></a>
update licenses</li>
<li><a
href="https://github.com/actions/github-script/commit/2c81ba05f308415d095291e6eeffe983d822345b"><code>2c81ba0</code></a>
Update Node.js version support to 24.x</li>
<li><a
href="https://github.com/actions/github-script/commit/f28e40c7f34bde8b3046d885e986cb6290c5673b"><code>f28e40c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/610">#610</a>
from actions/nebuk89-patch-1</li>
<li><a
href="https://github.com/actions/github-script/commit/1ae9958572fde544457e4d51aed5ea044e8936f3"><code>1ae9958</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/github-script/compare/60a0d83039c74a4aee543508d2ffcb1c3799cdea...ed597411d8f924073f98dfc5c65a23a2325f34cd">compare
view</a></li>
</ul>
</details>
<br />

Updates `depot/build-push-action` from 1.15.0 to 1.16.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/depot/build-push-action/releases">depot/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Use ubuntu-latest for release workflow (<a
href="https://redirect.github.com/depot/build-push-action/issues/42">#42</a>)
<a
href="https://github.com/jacobwgillespie"><code>@​jacobwgillespie</code></a></li>
</ul>
<h2>v1.16.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@​depot/actions-public-oidc-client</code> to v1.1.0 (<a
href="https://redirect.github.com/depot/build-push-action/issues/41">#41</a>)
<a
href="https://github.com/jacobwgillespie"><code>@​jacobwgillespie</code></a></li>
</ul>
<h2>v1.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add support for annotations (<a
href="https://redirect.github.com/depot/build-push-action/issues/38">#38</a>)
<a href="https://github.com/zanieb"><code>@​zanieb</code></a></li>
<li>feat: add <code>save-tags</code> for multiple depot registry tags
(<a
href="https://redirect.github.com/depot/build-push-action/issues/40">#40</a>)
<a href="https://github.com/goller"><code>@​goller</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/depot/build-push-action/commit/9785b135c3c76c33db102e45be96a25ab55cd507"><code>9785b13</code></a>
Merge pull request <a
href="https://redirect.github.com/depot/build-push-action/issues/42">#42</a>
from depot/latest</li>
<li><a
href="https://github.com/depot/build-push-action/commit/7a65e80415392c68bece25b0881703a9ff3e55c5"><code>7a65e80</code></a>
Use ubuntu-latest for release workflow</li>
<li><a
href="https://github.com/depot/build-push-action/commit/0781b3393f28b17fe7982ea3fabe715825b35fad"><code>0781b33</code></a>
Merge pull request <a
href="https://redirect.github.com/depot/build-push-action/issues/41">#41</a>
from depot/updates</li>
<li><a
href="https://github.com/depot/build-push-action/commit/d5d8e086fdcca080fa6279ece582eee909994026"><code>d5d8e08</code></a>
Deduplicate dependencies</li>
<li><a
href="https://github.com/depot/build-push-action/commit/801feb102f76406603cd2a12b4146a7e5af86a34"><code>801feb1</code></a>
Update <code>@​depot/actions-public-oidc-client</code> to v1.1.0</li>
<li><a
href="https://github.com/depot/build-push-action/commit/0b7423b11016b0349604e22d7ea01b078bed6c70"><code>0b7423b</code></a>
Merge pull request <a
href="https://redirect.github.com/depot/build-push-action/issues/38">#38</a>
from zanieb/zb/annotations</li>
<li><a
href="https://github.com/depot/build-push-action/commit/57a5fb2c1acdc2d3fa72bcd36b20f1ea326890de"><code>57a5fb2</code></a>
Merge branch 'main' into zb/annotations</li>
<li><a
href="https://github.com/depot/build-push-action/commit/3ebc0d44eced926ba1bb3f8d1e29794031973ca1"><code>3ebc0d4</code></a>
Merge pull request <a
href="https://redirect.github.com/depot/build-push-action/issues/40">#40</a>
from depot/feat/save-tags</li>
<li><a
href="https://github.com/depot/build-push-action/commit/d662c5a48fd5747bf4dce16d8484eb3ebf98ad2c"><code>d662c5a</code></a>
feat: add <code>save-tags</code> for multiple depot registry tags</li>
<li><a
href="https://github.com/depot/build-push-action/commit/06fcbb73efc9fb42f4df83c43e283a2170c8f9cf"><code>06fcbb7</code></a>
Add support for annotations</li>
<li>See full diff in <a
href="https://github.com/depot/build-push-action/compare/2583627a84956d07561420dcc1d0eb1f2af3fac0...9785b135c3c76c33db102e45be96a25ab55cd507">compare
view</a></li>
</ul>
</details>
<br />

Updates `tj-actions/changed-files` from
f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 to
8c14441336bb3d84fd6b7fa83b6d7201c740baf5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tj-actions/changed-files/blob/main/HISTORY.md">tj-actions/changed-files's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.4...v46.0.5">46.0.5</a>
- (2025-04-09)</h1>
<h2><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h2>
<ul>
<li><strong>deps:</strong> Bump yaml from 2.7.0 to 2.7.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2520">#2520</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/ed68ef82c095e0d48ec87eccea555d944a631a4c">ed68ef8</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump typescript from 5.8.2 to 5.8.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2516">#2516</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/a7bc14b808f23d3b467a4079c69a81f1a4500fd5">a7bc14b</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump <code>@​types/node</code> from
22.13.11 to 22.14.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2517">#2517</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/3d751f6b6d84071a17e1b9cf4ed79a80a27dd0ab">3d751f6</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump eslint-plugin-prettier from 5.2.3 to
5.2.6 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2519">#2519</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/e2fda4ec3cb0bc2a353843cae823430b3124db8f">e2fda4e</a>)
- (dependabot[bot])</li>
<li><strong>deps-dev:</strong> Bump ts-jest from 29.2.6 to 29.3.1 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2518">#2518</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/0bed1b1132ec4879a39a2d624cf82a00d0bcfa48">0bed1b1</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump github/codeql-action from 3.28.12 to
3.28.15 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2530">#2530</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/68024587dc36f49685c96d59d3f1081830f968bb">6802458</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump tj-actions/branch-names from 8.0.1 to
8.1.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2521">#2521</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/cf2e39e86bf842d1f9bc5bca56c0a6b207cca792">cf2e39e</a>)
- (dependabot[bot])</li>
<li><strong>deps:</strong> Bump tj-actions/verify-changed-files from
20.0.1 to 20.0.4 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2523">#2523</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/6abeaa506a419f85fa9e681260b443adbeebb3d4">6abeaa5</a>)
- (dependabot[bot])</li>
</ul>
<h2><!-- raw HTML omitted -->⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.4 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2511">#2511</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot]
&lt;41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;
(<a
href="https://github.com/tj-actions/changed-files/commit/6f67ee9ac810f0192ea7b3d2086406f97847bcf9">6f67ee9</a>)
- (github-actions[bot])</p>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.3...v46.0.4">46.0.4</a>
- (2025-04-03)</h1>
<h2><!-- raw HTML omitted -->🐛 Bug Fixes</h2>
<ul>
<li>Bug modified_keys and changed_key outputs not set when no changes
detected (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2509">#2509</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/6cb76d07bee4c9772c6882c06c37837bf82a04d3">6cb76d0</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted -->📚 Documentation</h2>
<ul>
<li>Update readme (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2508">#2508</a>)
(<a
href="https://github.com/tj-actions/changed-files/commit/b74df86ccb65173a8e33ba5492ac1a2ca6b216fd">b74df86</a>)
- (Tonye Jack)</li>
</ul>
<h2><!-- raw HTML omitted -->⬆️ Upgrades</h2>
<ul>
<li>Upgraded to v46.0.3 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2506">#2506</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot]
&lt;41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;
Co-authored-by: Tonye Jack <a
href="mailto:jtonye@ymail.com">jtonye@ymail.com</a> (<a
href="https://github.com/tj-actions/changed-files/commit/27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99">27ae6b3</a>)
- (github-actions[bot])</p>
<h1><a
href="https://github.com/tj-actions/changed-files/compare/v46.0.2...v46.0.3">46.0.3</a>
- (2025-03-23)</h1>
<h2><!-- raw HTML omitted -->🔄 Update</h2>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2501">#2501</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot]
&lt;41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;
(<a
href="https://github.com/tj-actions/changed-files/commit/41e0de576a0f2b64d9f06f2773f539109e55a70a">41e0de5</a>)
- (github-actions[bot])</p>
<ul>
<li>Updated README.md (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2499">#2499</a>)</li>
</ul>
<p>Co-authored-by: github-actions[bot]
&lt;41898282+github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&gt;
(<a
href="https://github.com/tj-actions/changed-files/commit/945787811a795cd840a1157ac590dd7827a05c8e">9457878</a>)
- (github-actions[bot])</p>
<h2><!-- raw HTML omitted -->📚 Documentation</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tj-actions/changed-files/commit/8c14441336bb3d84fd6b7fa83b6d7201c740baf5"><code>8c14441</code></a>
chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 (<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2656">#2656</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/e995ac4be5be2bcb6e29556edc51fb63aca6b49b"><code>e995ac4</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 24.3.0 to 24.3.1
(<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2657">#2657</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/3b04099b21072562f07469c10deb182b24236ca9"><code>3b04099</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 24.2.1 to 24.3.0
(<a
href="https://redirect.github.com/tj-actions/changed-files/issues/2649">#2649</a>)</li>
<li><a
href="https://github.com/tj-actions/changed-files/commit/e7b6c977e51984988e3cc1d6b18abe2a3ba8daaa"><code>e7b6c97</code></a>
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (<a
href="h...

_Description has been truncated_

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 11:55:07 +00:00
Dean Sheather 8d0bc485df chore: add actionlint and zizmor linters (#19459) 2025-08-21 22:14:43 +10:00
Kyle Carberry 7b273b0b8c fix: add blink-so to contributors bypass (#18215) 2025-06-03 17:45:28 +00:00
Ben Potter 2a0a268946 chore: exempt blink agent from CLA (#18190) 2025-06-02 13:31:28 -04:00
Ethan 186a9b5bdc ci: fix not setting breaking label on ready_for_review (#16616) 
Noticed in my PR this wasn't getting added when I moved it out of draft: https://github.com/coder/coder/actions/runs/13406348393/job/37446868622

Related to https://github.com/coder/coder/pull/14667
 2025-02-20 13:01:41 +11:00
Ethan 8815b38c88 ci!: set pr write perms on release-labels (#16380) 
I'm pretty sure this is the fix, but I can't test it without merging it,
as `pull_request_target` causes the workflow to run using the workflow
on `main` (where the permissions aren't set).

This comment would seem to indicate that `pull_request_target` with PR
write perms does the trick:
https://github.com/actions/labeler/issues/136#issuecomment-1357839196

From what I can tell this job has been broken since ~nov '24, which
leads me to believe it was the permissions change made that month:
https://github.com/coder/coder/actions/runs/11915659159/job/33206435274
 2025-02-03 20:49:37 +11:00
M Atif Ali e37b7fc481 ci: fix cla and dependabot notifications jobs (#16343) 2025-01-31 14:17:47 +00:00
dependabot[bot] 84a54c1d7b ci: bump the github-actions group with 3 updates (#16299) 
Bumps the github-actions group with 3 updates:
[dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata),
[github/codeql-action](https://github.com/github/codeql-action) and
[umbrelladocs/action-linkspector](https://github.com/umbrelladocs/action-linkspector).

Updates `dependabot/fetch-metadata` from 2.2.0 to 2.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/create-github-app-token from 1.10.2 to 1.10.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/537">dependabot/fetch-metadata#537</a></li>
<li>Update readme to include an if conditional by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/548">dependabot/fetch-metadata#548</a></li>
<li>Silence audit and funding messages from <code>npm</code> by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/550">dependabot/fetch-metadata#550</a></li>
<li>Bump actions/create-github-app-token from 1.10.3 to 1.11.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/554">dependabot/fetch-metadata#554</a></li>
<li>fix readme action example by <a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li>
<li>Fixed missing outputs in action.yml by <a
href="https://github.com/CatChen"><code>@​CatChen</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li>
<li>Handle branch names containing dependency group by <a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/565">dependabot/fetch-metadata#565</a></li>
<li>v2.3.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/543">dependabot/fetch-metadata#543</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/CloudNStoyan"><code>@​CloudNStoyan</code></a>
made their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li>
<li><a href="https://github.com/CatChen"><code>@​CatChen</code></a> made
their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/d7267f607e9d3fb96fc2fbe83e0af444713e90b7"><code>d7267f6</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/543">#543</a>
from dependabot/bump-to-v2.3.0</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/e3dd295a04f6eccc15a116fc5cde058f1735c05d"><code>e3dd295</code></a>
v2.3.0</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/3da9521b8c62beab87c4d18ad1e9bd7fd7b9d3bf"><code>3da9521</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/565">#565</a>
from CloudNStoyan/main</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/de52f600152fa3f48a82e88e06e864cba8421436"><code>de52f60</code></a>
update build</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/59d2b1fb73ac123a1953e2ddc99ea8f1b869463a"><code>59d2b1f</code></a>
fix incorrect parsing of directory when using dependency-group</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/0d270694949cee4e6c179fc89629d95e0b9fb763"><code>0d27069</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/564">#564</a>
from CatChen/fixed-missing-outputs-in-action-yml</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/5a7546a6e709997b54d62d4e673a23eaa8621a26"><code>5a7546a</code></a>
Fixed missing outputs in action.yml</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/06ea45a2e4582d87b11f03c7ce596ae3261f39f6"><code>06ea45a</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/563">#563</a>
from CloudNStoyan/main</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/bbfca7ec1c0b06b16cc955f242ebc9f1c8daa4f4"><code>bbfca7e</code></a>
fix readme action example</li>
<li><a
href="https://github.com/dependabot/fetch-metadata/commit/b0d0393a82702c1819b5ae7ad6ea780cd8c18aae"><code>b0d0393</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/554">#554</a>
from dependabot/dependabot/github_actions/actions/cre...</li>
<li>Additional commits viewable in <a
href="https://github.com/dependabot/fetch-metadata/compare/dbb049abf0d677abbd7f7eee0375145b417fdd34...d7267f607e9d3fb96fc2fbe83e0af444713e90b7">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.28.1 to 3.28.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.28.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
<li>Update default CodeQL bundle version to 2.20.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2678">#2678</a></li>
</ul>
<h2>3.28.0 - 20 Dec 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2655">#2655</a></li>
<li>Don't fail in the unusual case that a file is on the search path. <a
href="https://redirect.github.com/github/codeql-action/pull/2660">#2660</a>.</li>
</ul>
<h2>3.27.9 - 12 Dec 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.8 - 12 Dec 2024</h2>
<ul>
<li>Fixed an issue where streaming the download and extraction of the
CodeQL bundle did not respect proxy settings. <a
href="https://redirect.github.com/github/codeql-action/pull/2624">#2624</a></li>
</ul>
<h2>3.27.7 - 10 Dec 2024</h2>
<ul>
<li>We are rolling out a change in December 2024 that will extract the
CodeQL bundle directly to the toolcache to improve performance. <a
href="https://redirect.github.com/github/codeql-action/pull/2631">#2631</a></li>
<li>Update default CodeQL bundle version to 2.20.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2636">#2636</a></li>
</ul>
<h2>3.27.6 - 03 Dec 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4"><code>f6091c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2721">#2721</a>
from github/update-v3.28.5-01f001931</li>
<li><a
href="https://github.com/github/codeql-action/commit/064af10f0de41995b41632364b4bfb00a34df047"><code>064af10</code></a>
Update changelog for v3.28.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/01f0019310ce544d1cf748667a69f8fd6e26e48a"><code>01f0019</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2717">#2717</a>
from github/update-bundle/codeql-bundle-v2.20.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/573ad887cd5b527e9baef02653bd455e1ff5181c"><code>573ad88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2718">#2718</a>
from github/kaeluka/4779-1</li>
<li><a
href="https://github.com/github/codeql-action/commit/d7f39764f685cbe3764f763469a0d72383d7b9c8"><code>d7f3976</code></a>
permissions block in query-filters.yml</li>
<li><a
href="https://github.com/github/codeql-action/commit/428975ce2cf327a0e919004c63e734eddd0e6255"><code>428975c</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/208091da0a1069394981cdf5e7a91a8ee3f10709"><code>208091d</code></a>
Update default bundle to codeql-bundle-v2.20.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a"><code>7e3036b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2716">#2716</a>
from github/mergeback/v3.28.4-to-main-ee117c90</li>
<li><a
href="https://github.com/github/codeql-action/commit/e32a0d62d44ac06377953bfaf3ffd43618be076a"><code>e32a0d6</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/67c21e4084d5e020fbc969b839d42911b87fb8b5"><code>67c21e4</code></a>
Update changelog and version after v3.28.4</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4">compare
view</a></li>
</ul>
</details>
<br />

Updates `umbrelladocs/action-linkspector` from 1.2.4 to 1.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/umbrelladocs/action-linkspector/releases">umbrelladocs/action-linkspector's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: disable AppArmor user namespace restrictions on the runner by
<a href="https://github.com/Realiserad"><code>@​Realiserad</code></a> in
<a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/34">UmbrellaDocs/action-linkspector#34</a></li>
<li>chore(deps): update reviewdog/reviewdog to 0.20.3 by <a
href="https://github.com/github-actions"><code>@​github-actions</code></a>
in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/31">UmbrellaDocs/action-linkspector#31</a></li>
<li>Add fail_level argument and deprecate fail_on_error by <a
href="https://github.com/bitcoin-tools"><code>@​bitcoin-tools</code></a>
in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/23">UmbrellaDocs/action-linkspector#23</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Realiserad"><code>@​Realiserad</code></a> made
their first contribution in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/34">UmbrellaDocs/action-linkspector#34</a></li>
<li><a
href="https://github.com/bitcoin-tools"><code>@​bitcoin-tools</code></a>
made their first contribution in <a
href="https://redirect.github.com/UmbrellaDocs/action-linkspector/pull/23">UmbrellaDocs/action-linkspector#23</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/UmbrellaDocs/action-linkspector/compare/v1.2.4...UmbrellaDocs:release-1.2.5">https://github.com/UmbrellaDocs/action-linkspector/compare/v1.2.4...UmbrellaDocs:release-1.2.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/de84085e0f51452a470558693d7d308fbb2fa261"><code>de84085</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/35">#35</a>
from UmbrellaDocs/release-1.2.5</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/c6a59a6bf98fa2b8a152acaeff16921a3e39bc7b"><code>c6a59a6</code></a>
Added sample usage</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/21ce8cd6fc4d2812628c7d6a353ea86bf085eb59"><code>21ce8cd</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/23">#23</a>
from bitcoin-tools/deprecate-fail-on-error</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/e62bb2d5a68b84dfc5c0d1f61b133585a16ade13"><code>e62bb2d</code></a>
Fix YAML issues</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/64e2b9bf4f671dd0c213d87f40148216b4a0882a"><code>64e2b9b</code></a>
mitigate risk of untrusted inputs and define shell</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/e376d76f51c09def617e6cff4a49d04956213a15"><code>e376d76</code></a>
add backwards-compatability for <code>fail_on_error</code></li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/c6a531461dff91607a44a0221d82d3c087d5aeb1"><code>c6a5314</code></a>
replace deprecated option with fail_level</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/b8d796f06117f0151d00b6131c5c6ae9884c8ddf"><code>b8d796f</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/31">#31</a>
from UmbrellaDocs/depup/reviewdog/reviewdog</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/cde5159538b1a07765b494a136968cb9833df246"><code>cde5159</code></a>
Merge pull request <a
href="https://redirect.github.com/umbrelladocs/action-linkspector/issues/34">#34</a>
from Realiserad/main</li>
<li><a
href="https://github.com/UmbrellaDocs/action-linkspector/commit/d32de29fc2dd0fcdcf3da8f8a95e0a0c15f30e26"><code>d32de29</code></a>
fix: disable AppArmor user namespace restrictions on the runner</li>
<li>Additional commits viewable in <a
href="https://github.com/umbrelladocs/action-linkspector/compare/fc382e19892aca958e189954912fe379a8df270c...de84085e0f51452a470558693d7d308fbb2fa261">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-27 13:10:49 +00:00
M Atif Ali 8b5d22fdd2 ci: change PR merge strategy to squash in contrib workflow (#16297) 2025-01-27 12:25:42 +00:00
M Atif Ali 4e1c0eb743 ci: grant 'contents' write permission to auto-merge dependabot PRs (#16293) 2025-01-27 17:08:03 +05:00
M Atif Ali 7d6b73552a chore: remove patch condition for dependabot PRs (#16279) 2025-01-27 11:51:37 +00:00
Muhammad Atif Ali 84081e90eb chore: notify on auto merged dependabot PRs (#16234) 2025-01-23 15:38:54 +05:00
Muhammad Atif Ali f495ff07b7 chore: auto merge dependabot PRs for patch updates (#16222) 2025-01-22 21:24:07 +05:00
dependabot[bot] f8844cab0a ci: bump the github-actions group with 4 updates (#16192) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Muhammad Atif Ali <atif@coder.com>
 2025-01-21 15:31:30 +00:00
Ethan ea9e39d87c fix: give cla workflow pull request write permissions (#15820) 
When https://github.com/coder/coder/pull/15349 was added, it implicitly
set all the other permissions to none.

From
https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token
> If you specify the access for any of these permissions, all of those
that are not specified are set to none.
 2024-12-11 15:53:08 +11:00
Dean Sheather 018723c6b0 chore: use cdrci2 account for CLA (#15783) 2024-12-09 22:30:41 +10:00
dependabot[bot] 9e78aaeea3 ci: bump the github-actions group with 3 updates (#15649) 
Bumps the github-actions group with 3 updates:
[step-security/harden-runner](https://github.com/step-security/harden-runner),
[github/codeql-action](https://github.com/github/codeql-action) and
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).

Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's
releases</a>.</em></p>
<blockquote>
<h2>v2.10.2</h2>
<h2>What's Changed</h2>
<ol>
<li>
<p>Fixes low-severity command injection weaknesses
The advisory is here: <a
href="https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc">https://github.com/step-security/harden-runner/security/advisories/GHSA-g85v-wf27-67xc</a></p>
</li>
<li>
<p>Bug fix to improve detection of whether Harden-Runner is running in a
container</p>
</li>
</ol>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/step-security/harden-runner/compare/v2...v2.10.2">https://github.com/step-security/harden-runner/compare/v2...v2.10.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/step-security/harden-runner/commit/0080882f6c36860b6ba35c610c98ce87d4e2f26f"><code>0080882</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/476">#476</a>
from step-security/rc-16</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/4a3a88bbf8f2e304f84e1042472c02dce37eba82"><code>4a3a88b</code></a>
Update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/556aae632a6c1f630efa52e90d706218618e5f2f"><code>556aae6</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/480">#480</a>
from h0x0er/jatin/cleanup</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/6c39b8466160e86ad8606033d399fe7f4052aee1"><code>6c39b84</code></a>
chore: clean the code</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/40401cf6183a0ab2dae5c7e485c1d073fe911e91"><code>40401cf</code></a>
Update for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/806ab1cccb47a439a89d5f8f85d3ea41a7fb1e4c"><code>806ab1c</code></a>
Update check for isdocker</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/28468118cdb665b2214b64175253b83fcb4b25f6"><code>2846811</code></a>
update dist</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/df8a07c1712fac199e8d6e78d64a46092afffa44"><code>df8a07c</code></a>
Merge pull request <a
href="https://redirect.github.com/step-security/harden-runner/issues/475">#475</a>
from h0x0er/fix-execSync</li>
<li><a
href="https://github.com/step-security/harden-runner/commit/30636fb583e59a926da2f17677e5cd3b63cf1be1"><code>30636fb</code></a>
bug fixes</li>
<li>See full diff in <a
href="https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.27.4 to 3.27.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.27.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.27.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.27.5 - 19 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.4 - 14 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.3 - 12 Nov 2024</h2>
<p>No user facing changes.</p>
<h2>3.27.2 - 12 Nov 2024</h2>
<ul>
<li>Fixed an issue where setting up the CodeQL tools would sometimes
fail with the message &quot;Invalid value 'undefined' for header
'authorization'&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/2590">#2590</a></li>
</ul>
<h2>3.27.1 - 08 Nov 2024</h2>
<ul>
<li>The CodeQL Action now downloads bundles compressed using Zstandard
on GitHub Enterprise Server when using Linux or macOS runners. This
speeds up the installation of the CodeQL tools. This feature is already
available to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2573">#2573</a></li>
<li>Update default CodeQL bundle version to 2.19.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2576">#2576</a></li>
</ul>
<h2>3.27.0 - 22 Oct 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.14.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2549">#2549</a></li>
<li>Fix an issue where the <code>upload-sarif</code> Action would fail
with &quot;upload-sarif post-action step failed: Input required and not
supplied: token&quot; when called in a composite Action that had a
different set of inputs to the ones expected by the
<code>upload-sarif</code> Action. <a
href="https://redirect.github.com/github/codeql-action/pull/2557">#2557</a></li>
<li>Update default CodeQL bundle version to 2.19.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2552">#2552</a></li>
</ul>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/f09c1c0a94de965c15400f5634aa42fac8fb8f88"><code>f09c1c0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2616">#2616</a>
from github/update-v3.27.5-a6c8729a5</li>
<li><a
href="https://github.com/github/codeql-action/commit/67b73eaba559c7e6913377065b0362ccbfc94e87"><code>67b73ea</code></a>
Update changelog for v3.27.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/a6c8729a5d7573eb8d440e52a9645ce4db61d97c"><code>a6c8729</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2614">#2614</a>
from github/marcogario/per-platform-proxy</li>
<li><a
href="https://github.com/github/codeql-action/commit/8f3b48727ff1b076c28967a258b95fcee30a3a48"><code>8f3b487</code></a>
Start-proxy: Fetch OS specific binary</li>
<li><a
href="https://github.com/github/codeql-action/commit/cba5fb58d4f85affaf03eb9da32f5b6c9d76838b"><code>cba5fb5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2613">#2613</a>
from github/dependabot/npm_and_yarn/npm_and_yarn-018...</li>
<li><a
href="https://github.com/github/codeql-action/commit/e782c3a145d9946aba8fa390e406acbe4e4c05c5"><code>e782c3a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2612">#2612</a>
from github/angelapwen/report-linux-runner-release</li>
<li><a
href="https://github.com/github/codeql-action/commit/db6788195b646f87b3d1c616b0c14a6d5b7fa9a6"><code>db67881</code></a>
Update checked-in dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/ecde4d232d18cf2dba6c1a6b76810332abff736f"><code>ecde4d2</code></a>
Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3c67a01d31d9c173ba5ffccc9d0f275540d99de"><code>e3c67a0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2610">#2610</a>
from github/dependabot/npm_and_yarn/npm-d2ca52e617</li>
<li><a
href="https://github.com/github/codeql-action/commit/f9ada54538b47b6db28c4d11f53848689968909e"><code>f9ada54</code></a>
Telemetry: report OS release for GitHub-hosted Linux runners</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88">compare
view</a></li>
</ul>
</details>
<br />

Updates `aquasecurity/trivy-action` from 0.28.0 to 0.29.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.29.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: Allow skipping setup by <a
href="https://github.com/rvesse"><code>@​rvesse</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414">aquasecurity/trivy-action#414</a></li>
<li>Fix oras command not found in &quot;Update Trivy Cache&quot; action
by <a href="https://github.com/Tiryoh"><code>@​Tiryoh</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413">aquasecurity/trivy-action#413</a></li>
<li>Update README.md by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/420">aquasecurity/trivy-action#420</a></li>
<li>feat: add token for <code>setup-trivy</code> by <a
href="https://github.com/DmitriyLewen"><code>@​DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/421">aquasecurity/trivy-action#421</a></li>
<li>fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info by <a
href="https://github.com/DmitriyLewen"><code>@​DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/424">aquasecurity/trivy-action#424</a></li>
<li>docs: remove ignore-unfixed from IaC scan example by <a
href="https://github.com/nikpivkin"><code>@​nikpivkin</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/429">aquasecurity/trivy-action#429</a></li>
<li>chore(deps): Bump trivy to v0.57.1 by <a
href="https://github.com/simar7"><code>@​simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/434">aquasecurity/trivy-action#434</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rvesse"><code>@​rvesse</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/414">aquasecurity/trivy-action#414</a></li>
<li><a href="https://github.com/Tiryoh"><code>@​Tiryoh</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/413">aquasecurity/trivy-action#413</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0">https://github.com/aquasecurity/trivy-action/compare/0.28.0...0.29.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/18f2510ee396bbf400402947b394f2dd8c87dbb0"><code>18f2510</code></a>
chore(deps): Bump trivy to v0.57.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/434">#434</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/93941cebba762da4c91a91883859bf1bfb221c73"><code>93941ce</code></a>
docs: remove ignore-unfixed from IaC scan example (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/429">#429</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/d2a392a13760cb64cb6bbd31d4bed2a7d9a5298d"><code>d2a392a</code></a>
fix: bump <code>setup-trivy</code> and add new <code>contrib</code>
directory path info (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/424">#424</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/ee8934673cc18947baf4b05c01c4100ff36648da"><code>ee89346</code></a>
feat: add token for <code>setup-trivy</code> (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/421">#421</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/cf990b19d84bbbe1eb8833659989a7c1029132e3"><code>cf990b1</code></a>
Update README.md (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/420">#420</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/bff40be51b9207cf8f2148d628a9836cc7370247"><code>bff40be</code></a>
docs: Fix oras command not found (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/413">#413</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/fc1500abdcdc9fc681e98d8912a52fa70dbc67de"><code>fc1500a</code></a>
feat: Allow skipping setup (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/414">#414</a>)</li>
<li>See full diff in <a
href="https://github.com/aquasecurity/trivy-action/compare/915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2...18f2510ee396bbf400402947b394f2dd8c87dbb0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-26 16:24:10 +05:00
Muhammad Atif Ali 3a5a42ffa9 chore: update workflow permissions (#15349) 2024-11-04 11:09:40 +05:00
Muhammad Atif Ali 8e254cbb07 chore: integrate step-security/harden-runner in workflows (#15099) 
Redoing #15097
Part of #14879
 2024-10-16 11:23:00 -07:00
Muhammad Atif Ali 57a65c15bf chore: use commit sha for GitHub actions (#15019) 
Use specific commit SHAs for GitHub actions across various workflows to
enhance reliability and reproducibility. This change ensures that
actions run against a known version, reducing the risk of unexpected
issues due to updates in the third-party action repositories.

This contributes to improving the score in #14879
 2024-10-14 08:49:55 -07:00
dependabot[bot] 0623531ab8 ci: bump contributor-assistant/github-action from 2.6.0 to 2.6.1 in the github-actions group (#14870) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-01 17:33:10 +00:00
dependabot[bot] 86a82b5a2a ci: bump the github-actions group with 2 updates (#14770) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-25 19:40:06 +05:00
Mathias Fredriksson 7780087526 ci(.github): run release-labels when draft PRs are ready (#14667) 2024-09-13 12:41:45 +00:00
Mathias Fredriksson 95fc962871 ci(.github): remove success from release-labels job (#14664) 
It used to depend on another job which has since been removed.
 2024-09-13 11:28:27 +03:00
dependabot[bot] f007c90a30 ci: bump contributor-assistant/github-action (#14345) 
Bumps the github-actions group with 1 update in the / directory: [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action).


Updates `contributor-assistant/github-action` from 2.4.0 to 2.5.1
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](https://github.com/contributor-assistant/github-action/compare/v2.4.0...v2.5.1)

---
updated-dependencies:
- dependency-name: contributor-assistant/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-19 21:53:20 +03:00
dependabot[bot] 8c9560ddb8 ci: bump the github-actions group with 2 updates (#13238) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-10 17:38:07 +00:00
dependabot[bot] 064a08efa5 ci: bump the github-actions group with 1 update (#12743) 
Bumps the github-actions group with 1 update: [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action).


Updates `contributor-assistant/github-action` from 2.3.1 to 2.3.2
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](https://github.com/contributor-assistant/github-action/compare/v2.3.1...v2.3.2)

---
updated-dependencies:
- dependency-name: contributor-assistant/github-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-25 23:40:35 +03:00
dependabot[bot] 52ec3edd5d ci: bump the github-actions group with 4 updates (#12019) 
Bumps the github-actions group with 4 updates: [buildjet/cache](https://github.com/buildjet/cache), [crate-ci/typos](https://github.com/crate-ci/typos), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [hmarr/auto-approve-action](https://github.com/hmarr/auto-approve-action).


Updates `buildjet/cache` from 3 to 4
- [Changelog](https://github.com/BuildJet/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/buildjet/cache/compare/v3...v4)

Updates `crate-ci/typos` from 1.17.2 to 1.18.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.17.2...v1.18.0)

Updates `codecov/codecov-action` from 3 to 4
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3...v4)

Updates `hmarr/auto-approve-action` from 3 to 4
- [Release notes](https://github.com/hmarr/auto-approve-action/releases)
- [Commits](https://github.com/hmarr/auto-approve-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: buildjet/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: crate-ci/typos
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: hmarr/auto-approve-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-05 14:46:05 +00:00
dependabot[bot] c14c1cce13 ci: bump the github-actions group with 1 update (#10694) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-14 20:15:52 +00:00
dependabot[bot] eb72866a29 ci: bump the github-actions group with 2 updates (#9722) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-18 11:15:56 +00:00
Ben Potter f96622f192 chore: add exempt users to CLAbot allowlist (#9292) 2023-08-23 23:17:22 +00:00
Muhammad Atif Ali be1013899f chore: use names for all GitHub actions steps and use sqlc setup action (#8495) 2023-07-13 22:46:18 +03:00
Muhammad Atif Ali 80269ba1b9 hotfix(.github): fix dependency in contrib.yaml (#7754) 
`title` job was removed in #7743, so this job was falling.
 2023-06-01 10:29:07 +03:00
Ammar Bandukwala 828f33ac7b hotfix(.github): remove legacy title validator (#7743) 
* hotfix(.github): remove legacy title validator

`cdr-bot` centralizes the behavior and can enforce stricter
standards.

* Increase jest timeout
 2023-05-31 19:39:41 +00:00
Muhammad Atif Ali ce6b698048 hotfix(ci): fix a syntax issue in contrib.yaml (#7727) 2023-05-31 07:21:25 +00:00
Ammar Bandukwala 867996aa18 chore(.github): specify PR types 2023-05-30 23:57:45 +00:00
Kyle Carberry 4c204fc348 chore: ensure auto-approve-docs has a deep enough depth (#6484) 
* chore: ensure auto-approve-docs has a deep enough depth

This was failing on numerous PRs.

* Remove check because it isn't working
 2023-03-07 10:05:00 -06:00
Ben Potter 02100c64b5 fix: docs auto-approval (#6450) 
* fix: docs auto-approval

* empty commit
 2023-03-06 13:31:07 -06:00
Ammar Bandukwala 02f0968b33 chore: automatically approve Ben's docs PRs (#6444) 2023-03-04 08:07:45 -06:00
dependabot[bot] b56e1bb002 chore: bump contributor-assistant/github-action from 2.2.1 to 2.3.0 (#6384) 
Bumps [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](https://github.com/contributor-assistant/github-action/compare/v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: contributor-assistant/github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-01 09:18:01 -06:00
Kyle Carberry e49f41652f chore: merge codeql checks to run in parallel (#5907) 
* chore: merge codeql checks to run in parallel

This reduces a check and should maintain ~the same CI time.

* fix: close reconnecting pty conn when exiting agent

Fixes https://github.com/coder/coder/actions/runs/4038282899/jobs/6942170850

* Fix closing when agent fails

* Fix conpty

* Fix contrib

* Skip runner tests for being flakes

* Fix gpg key test

* Fix golden files

* Fix comments

* Fix closed

* Fix capitalized title

* Add a timeout when checking for dead links
 2023-01-29 15:28:22 -06:00