SRE-3690 cq: Bump the gha-versions group with 8 updates by dependabot[bot] · Pull Request #17783 · daos-stack/daos

dependabot · 2026-03-24T20:38:24Z

Bumps the gha-versions group with 8 updates:

Package	From	To
actions/checkout	`5.0.0`	`6.0.2`
EnricoMi/publish-unit-test-result-action	`2.20.0`	`2.23.0`
actions/upload-artifact	`4`	`7`
actions/setup-python	`6.0.0`	`6.2.0`
codespell-project/actions-codespell	`2.1`	`2.2`
github/codeql-action	`4.30.7`	`4.34.1`
dorny/test-reporter	`2.1.1`	`3.0.0`
aquasecurity/trivy-action	`0.33.1`	`0.35.0`

Updates actions/checkout from 5.0.0 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
See full diff in compare view

Updates EnricoMi/publish-unit-test-result-action from 2.20.0 to 2.23.0

Release notes

Sourced from EnricoMi/publish-unit-test-result-action's releases.

v2.23.0

Adds the following improvements:

Lock composite actions' versions by SHA EnricoMi/publish-unit-test-result-action#719

Upgrading Python dependencies EnricoMi/publish-unit-test-result-action#721, EnricoMi/publish-unit-test-result-action#727

Upgrade GitHub actions EnricoMi/publish-unit-test-result-action#720, EnricoMi/publish-unit-test-result-action#728

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.22.0...v2.23.0

v2.22.0

Adds the following improvements:

Upgrade all Python dependencies to latest version #710

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.21.0...v2.22.0

v2.21.0

Adds the following improvements:

Add Docker action to allow setting Docker registry and image #688

Fix class name matching for NUnit3 #689

Upgrade all Python dependencies to latest version #695

Fix @2 tag in README.md to @v2 #687

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.20.0...v2.21.0

Commits

c950f6f Releasing v2.23.0
013b82b Upgrade direct dependencies (#727)
08eaa63 Upgrade setup-python in misc actions (#728)
ee9b6e2 Extend dependabot config (#722)
42756a1 Upgrading Python dependencies (#721)
13d372a Fix comment
4f082d0 Upgrade GitHub actions (#720)
8608181 Lock composite actions' versions by SHA (#719)
27d65e1 Releasing v2.22.0
2deae40 Upgrade transient dependencies (#710)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
ddc45ed docs: update README to correct action name for Node.js 24 support
615b319 chore: release v6.0.0 for Node.js 24 support
017748b Merge pull request #744 from actions/fix-storage-blob
38d4c79 chore: rebuild dist
Additional commits viewable in compare view

Updates actions/setup-python from 6.0.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates codespell-project/actions-codespell from 2.1 to 2.2

Release notes

Sourced from codespell-project/actions-codespell's releases.

v2.2

What's Changed

Add the config file option and tests by @rdimaio in codespell-project/actions-codespell#80

Use pip install with --no-cache-dir in the Dockerfile by @PeterDaveHello in codespell-project/actions-codespell#89

Upgrade to Python 3.13 by @candrews in codespell-project/actions-codespell#82

Add checkout action and problem matcher to README by @vadi2 in codespell-project/actions-codespell#32

New Contributors

@rdimaio made their first contribution in codespell-project/actions-codespell#80

@PeterDaveHello made their first contribution in codespell-project/actions-codespell#89

@candrews made their first contribution in codespell-project/actions-codespell#82

@vadi2 made their first contribution in codespell-project/actions-codespell#32

Full Changelog: codespell-project/actions-codespell@v2...v2.2

Commits

8f01853 MAINT: Release notes
23a4abe Add checkout action and problem matcher to README (#32)
906f13f Upgrade to Python 3.13 (#82)
df0bba3 [pre-commit.ci] pre-commit autoupdate (#85)
c460eef Use pip install with --no-cache-dir in the Dockerfile (#89)
037a23a Add the config file option and tests (#80)
8d1a4b1 Bump actions/setup-python from 5 to 6 (#92)
71286cb Bump actions/checkout from 4 to 5 (#91)
fad9339 [pre-commit.ci] pre-commit autoupdate (#84)
See full diff in compare view

Updates github/codeql-action from 4.30.7 to 4.34.1

Release notes

Sourced from github/codeql-action's releases.

v4.34.1

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v4.34.0

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

v4.33.0

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

v4.32.6

Update default CodeQL bundle version to 2.24.3. #3548

v4.32.5

Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507

Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487

The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515

Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516

Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498

Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512

The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

v4.32.4

Update default CodeQL bundle version to 2.24.2. #3493

Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473

When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486

Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485

Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

v4.32.3

Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v4.32.2

Update default CodeQL bundle version to 2.24.1. #3460

v4.32.1

A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422

Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

4.34.1 - 20 Mar 2026

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

Update default CodeQL bundle version to 2.24.3. #3548

4.32.5 - 02 Mar 2026

Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507

Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487

The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515

Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516

Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498

Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512

The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

4.32.4 - 20 Feb 2026

Update default CodeQL bundle version to 2.24.2. #3493

Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473

... (truncated)

Commits

3869755 Merge pull request #3763 from github/update-v4.34.1-095e0fe50
20e68ac Update changelog for v4.34.1
095e0fe Merge pull request #3762 from github/henrymercer/downgrade-default-bundle
47b94fe Add changelog note
51a1d69 Downgrade default bundle to codeql-bundle-v2.24.3
510cf73 Merge pull request #3589 from github/mergeback/v4.34.0-to-main-c6f93110
89f0c86 Rebuild
c3f90ba Update changelog and version after v4.34.0
c6f9311 Merge pull request #3588 from github/update-v4.34.0-30c555a52
eeb9b3f Update changelog for v4.34.0
Additional commits viewable in compare view

Updates dorny/test-reporter from 2.1.1 to 3.0.0

Release notes

Sourced from dorny/test-reporter's releases.

v3.0.0

Note: The v3 release requires NodeJS 24 runtime on GitHub Actions runners.

What's Changed

Upgrade action runtime to Node.js 24 by @dav-tb in dorny/test-reporter#738

Explicitly use lowest permissions required to run workflow by @jozefizso in dorny/test-reporter#745

Other Changes

Bump @typescript-eslint/parser from 8.57.0 to 8.57.1 by @dependabot[bot] in dorny/test-reporter#742

Bump @types/adm-zip from 0.5.7 to 0.5.8 by @dependabot[bot] in dorny/test-reporter#743

Bump flatted from 3.4.1 to 3.4.2 by @dependabot[bot] in dorny/test-reporter#744

New Contributors

@dav-tb made their first contribution in dorny/test-reporter#738

Full Changelog: dorny/test-reporter@v2.7.0...v3.0.0

v2.7.0

What's Changed

Feature: Add slug-prefix output for link anchors dorny/test-reporter#731

Feature: Report jest-junit testsuite errors as failures dorny/test-reporter#155

Security: Update dependencies to fix reported security vulnerabilities

Other Changes

Bump eslint from 9.39.3 to 9.39.4 by @dependabot[bot] in dorny/test-reporter#732

Bump @typescript-eslint/parser from 8.56.1 to 8.57.0 by @dependabot[bot] in dorny/test-reporter#733

Bump jest from 30.2.0 to 30.3.0 by @dependabot[bot] in dorny/test-reporter#734

Bump undici from 6.23.0 to 6.24.1 by @dependabot[bot] in dorny/test-reporter...
Description has been truncated

Bump the gha-versions group with 8 updates Bumps the gha-versions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.2` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.20.0` | `2.23.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.0.0` | `6.2.0` | | [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) | `2.1` | `2.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.30.7` | `4.34.1` | | [dorny/test-reporter](https://github.com/dorny/test-reporter) | `2.1.1` | `3.0.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.35.0` | Updates `actions/checkout` from 5.0.0 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...de0fac2) Updates `EnricoMi/publish-unit-test-result-action` from 2.20.0 to 2.23.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](EnricoMi/publish-unit-test-result-action@3a74b29...c950f6f) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) Updates `actions/setup-python` from 6.0.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@e797f83...a309ff8) Updates `codespell-project/actions-codespell` from 2.1 to 2.2 - [Release notes](https://github.com/codespell-project/actions-codespell/releases) - [Commits](codespell-project/actions-codespell@406322e...8f01853) Updates `github/codeql-action` from 4.30.7 to 4.34.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e296a93...3869755) Updates `dorny/test-reporter` from 2.1.1 to 3.0.0 - [Release notes](https://github.com/dorny/test-reporter/releases) - [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md) - [Commits](dorny/test-reporter@dc3a926...a43b3a5) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.35.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@b6643a2...57a97c7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-versions - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-versions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-versions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-versions - dependency-name: codespell-project/actions-codespell dependency-version: '2.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-versions - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-versions - dependency-name: dorny/test-reporter dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-versions - dependency-name: aquasecurity/trivy-action dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-versions ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-24T20:43:31Z

Errors are Unable to load ticket data
https://daosio.atlassian.net/browse/SRE-3690

.github/workflows/bullseye-coverage.yml

.github/workflows/rpm-build-and-test.yml

Doc-only: true Signed-off-by: Dalton Bohning <dalton.bohning@hpe.com>

Bumps org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dalton Bohning <dalton.bohning@hpe.com> Doc-only: true

Ignore the GHSA-72hv-8253-57qq vulnerability reported in com.fasterxml.jackson.core:jackson-core 2.14.3 The com.fasterxml.jackson.core:jackson-core can not be upgraded as it is a part of org.apache.hadoop:hadoop-common:3.4.2::2d40acbf and there is no new version of hadoop. Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@hpe.com> Doc-only: true

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 24, 2026

daltonbohning self-requested a review March 24, 2026 20:49

github-advanced-security bot found potential problems Mar 24, 2026

View reviewed changes

pin upload-artifact

23a20d4

Doc-only: true Signed-off-by: Dalton Bohning <dalton.bohning@hpe.com>

grom72 self-requested a review March 25, 2026 07:32

grom72 changed the title ~~Doc-only: true Bump the gha-versions group with 8 updates~~ SRE-3690 cq: Bump the gha-versions group with 8 updates Mar 25, 2026

grom72 previously approved these changes Mar 25, 2026

View reviewed changes

daltonbohning and others added 2 commits March 25, 2026 09:24

DAOS-18406 java: Bump log4jfrom 2.17.1 to 2.25.3 (#17298) (#17374)

cd569a4

Bumps org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3. Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Dalton Bohning <dalton.bohning@hpe.com> Doc-only: true

grom72 dismissed their stale review via cb21d69 March 25, 2026 08:33

grom72 requested review from a team as code owners March 25, 2026 08:33

grom72 self-requested a review March 25, 2026 10:51

grom72 approved these changes Mar 25, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SRE-3690 cq: Bump the gha-versions group with 8 updates#17783

SRE-3690 cq: Bump the gha-versions group with 8 updates#17783
dependabot[bot] wants to merge 4 commits intorelease/2.6.4-aurorafrom
dependabot/github_actions/release/2.6.4-aurora/gha-versions-186fd1fa9e

dependabot bot commented on behalf of github Mar 24, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Mar 24, 2026 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Mar 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v2.23.0

v2.22.0

v2.21.0

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v6.0.0

v6 - What's new

Node.js 24

What's Changed

v5.0.0

What's Changed

v6.2.0

What's Changed

Dependency Upgrades

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

v2.2

What's Changed

New Contributors

v4.34.1

v4.34.0

v4.33.0

v4.32.6

v4.32.5

v4.32.4

v4.32.3

v4.32.2

v4.32.1

CodeQL Action Changelog

[UNRELEASED]

4.34.1 - 20 Mar 2026

4.34.0 - 20 Mar 2026

4.33.0 - 16 Mar 2026

4.32.6 - 05 Mar 2026

4.32.5 - 02 Mar 2026

4.32.4 - 20 Feb 2026

v3.0.0

What's Changed

Other Changes

New Contributors

v2.7.0

What's Changed

Other Changes

Uh oh!

github-actions bot commented Mar 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Mar 24, 2026 •

edited

Loading

github-actions bot commented Mar 24, 2026 •

edited

Loading