chore(deps): bump the actions group across 1 directory with 8 updates #6

dependabot · 2026-01-18T20:45:10Z

Bumps the actions group with 8 updates in the / directory:

Package	From	To
actions/checkout	`4.1.1`	`6.0.1`
github/codeql-action	`3.27.0`	`4.31.10`
actions/setup-node	`6.1.0`	`6.2.0`
ruby/setup-ruby	`1.276.0`	`1.283.0`
webfactory/ssh-agent	`0.9.0`	`0.9.1`
dtolnay/rust-toolchain	`56f84321dbccf38fb67ce29ab63e4754056677e0`	`f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561`
trufflesecurity/trufflehog	`3.92.3`	`3.92.5`
ossf/scorecard-action	`2.4.0`	`2.4.3`

Updates actions/checkout from 4.1.1 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
08eba0b Prepare release v4.3.0 (#2237)
Additional commits viewable in compare view

Updates github/codeql-action from 3.27.0 to 4.31.10

Release notes

Sourced from github/codeql-action's releases.

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

... (truncated)

Commits

cdefb33 Merge pull request #3394 from github/update-v4.31.10-0fa411efd
cfa77c6 Update changelog for v4.31.10
0fa411e Merge pull request #3393 from github/update-bundle/codeql-bundle-v2.23.9
c284324 Add changelog note
83e7d00 Update default bundle to codeql-bundle-v2.23.9
f6a16be Merge pull request #3391 from github/dependabot/npm_and_yarn/npm-minor-f1cdf5...
c1f5f1a Rebuild
1805d8d Bump the npm-minor group with 2 updates
b2951d2 Merge pull request #3353 from github/kaspersv/bump-min-cli-v-for-overlay
41448d9 Merge pull request #3287 from github/henrymercer/generate-mergeback-last
Additional commits viewable in compare view

Updates actions/setup-node from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-node's releases.

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

@munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
621ac41 README.md: bump to latest released checkout version v6 (#1446)
2951748 Bump @actions/cache to v5.0.1 (#1449)
21ddc7b Correct mirror option typos (#1442)
65d868f Update Documentation for Lockfile (#1454)
See full diff in compare view

Updates ruby/setup-ruby from 1.276.0 to 1.283.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.283.0

What's Changed

Add restriction and validation for download urls by @ntkme in ruby/setup-ruby#856

Add ruby-3.2.10 by @ruby-builder-bot in ruby/setup-ruby#860

Full Changelog: ruby/setup-ruby@v1.282.0...v1.283.0

v1.282.0

What's Changed

Add ruby-4.0.1 by @ruby-builder-bot in ruby/setup-ruby#859

Full Changelog: ruby/setup-ruby@v1.281.0...v1.282.0

v1.281.0

What's Changed

Generate test matrix dynamically by @ntkme in ruby/setup-ruby#854

Add truffleruby-33.0.0,truffleruby+graalvm-33.0.0 by @ruby-builder-bot in ruby/setup-ruby#857

Full Changelog: ruby/setup-ruby@v1.280.0...v1.281.0

v1.280.0

What's Changed

Test ruby 4.0 on windows by @ntkme in ruby/setup-ruby#853

Add token input for downloading release assets by @TingluoHuang in ruby/setup-ruby#851

New Contributors

@TingluoHuang made their first contribution in ruby/setup-ruby#851

Full Changelog: ruby/setup-ruby@v1.279.0...v1.280.0

v1.279.0

Full Changelog: ruby/setup-ruby@v1.278.0...v1.279.0

v1.278.0

What's Changed

Set BUNDLER_VERSION whenever we know which version to use by @eregon in ruby/setup-ruby#849

Full Changelog: ruby/setup-ruby@v1.277.0...v1.278.0

v1.277.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#847

Full Changelog: ruby/setup-ruby@v1.276.0...v1.277.0

Commits

708024e Add ruby-3.2.10
757ecf5 Give a proper name to CI jobs checking generated files
6963d48 Use Regexp.escape to not need to manually escape (error-prone)
3fc6249 Match more strictly with \A and \z
b939495 Add restriction and validation for download urls
4fc31e1 Add ruby-4.0.1
675dd7b Add truffleruby-33.0.0,truffleruby+graalvm-33.0.0
5dd816a Tweaks for the generated CI matrix
c2f29a7 Generate test matrix dynamically
d5f787c Define a helper to download to avoid duplication
Additional commits viewable in compare view

Updates webfactory/ssh-agent from 0.9.0 to 0.9.1

Release notes

Sourced from webfactory/ssh-agent's releases.

v0.9.1

What's Changed

Acknowledge custom command inputs in cleanup.js by @janopae in webfactory/ssh-agent#235

New Contributors

@janopae made their first contribution in webfactory/ssh-agent#235

Full Changelog: webfactory/ssh-agent@v0.9.0...v0.9.1

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235)

v0.9.0 [2024-02-06]

Changed

Update all versions of actions/checkout to v4 (#199)

Update to Node 20 (#201)

v0.8.0 [2023-03-24]

Changed

No longer writing GitHub's SSH host keys to known_hosts (#171)

Update to actions/checkout@v3 (#143)

Allow the user to override the commands for git, ssh-agent, and ssh-add (#154)

v0.7.0 [2022-10-19]

Added

Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)

Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/).

v0.5.4 [2021-11-21]

Fixed

... (truncated)

Commits

a6f90b1 Release v0.9.1
72c0bfd Improve documentation on why we use os.userInfo()
e3f1a8e Acknowledge custom command inputs in cleanup.js (#235)
b504c19 Update CHANGELOG.md
See full diff in compare view

Updates dtolnay/rust-toolchain from 56f84321dbccf38fb67ce29ab63e4754056677e0 to f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561

Commits

f7ccc83 Merge pull request #177 from dtolnay/permitcopyrename
1c0547f Permit cross-device copy
0b1efab Update actions/checkout@v5 -> v6
0f44b27 Add 1.91.1 patch release
6d653ac Merge pull request #171 from dtolnay/up
30dc51d Update Linux arm64 runner to Ubuntu 24.04
e97e2d8 Update actions/checkout@v4 -> v5
3bd6ba1 Merge pull request #168 from dtolnay/sed
0185c06 Fix update-revs.sh to recognize only the intended required: true
350b817 Merge pull request #166 from dtolnay/fix1
Additional commits viewable in compare view

Updates trufflesecurity/trufflehog from 3.92.3 to 3.92.5

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.92.5

What's Changed

[INS-206] Store Gitlab Project ID in secret location metadata by @mustansir14 in trufflesecurity/trufflehog#4601

[INS-242] Add more validations to Custom Detector config by @mustansir14 in trufflesecurity/trufflehog#4642

Fix syslog test failing due to hardcoded timestamp by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4646

[INS-120] Increase code coverage for Postman's source scanItem function by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4648

[INS-232] Fix S3 Source "panic: runtime error: index out of range" bug by @mustansir14 in trufflesecurity/trufflehog#4610

[INS-170] Unify JDBC URL Parsing Across Detector and Analyzer (Continued) by @mustansir14 in trufflesecurity/trufflehog#4606

Add exponential backoff retry logic in Twilio detector by @shahzadhaider1 in trufflesecurity/trufflehog#4652

Fix typo in help description for Postman API metric by @shahzadhaider1 in trufflesecurity/trufflehog#4656

Rework JWT detector to better block local IPs by @bradlarsen in trufflesecurity/trufflehog#4607

Gitlab Source: Backoff from Scan2 which is experimental to legacy pagination API call by @kashifkhan0771 in trufflesecurity/trufflehog#4608

fix: git commit date parsing for non-English locales by @GLEF1X in trufflesecurity/trufflehog#4653

fix: report accurate line numbers for chunked file scanning (#1876) by @GLEF1X in trufflesecurity/trufflehog#4615

Add Postman API monthly request limit metric by @shahzadhaider1 in trufflesecurity/trufflehog#4667

[INS-243] Fix jdbc detector detecting incomplete connection string and fixed invalid… by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4636

New Contributors

@GLEF1X made their first contribution in trufflesecurity/trufflehog#4653

Full Changelog: trufflesecurity/trufflehog@v3.92.4...v3.92.5

v3.92.4

What's Changed

[INS-170] Unify JDBC URL parsing across detectors and analyzers by @mustansir14 in trufflesecurity/trufflehog#4574

Pagination and Rate-Limit Handling In Docker Registry Namespace API Calls by @nabeelalam in trufflesecurity/trufflehog#4557

[INS-226] Use pinned image for Quay registry Integration test by @mustansir14 in trufflesecurity/trufflehog#4602

Update module golang.org/x/crypto to v0.45.0 [SECURITY] by @renovate[bot] in trufflesecurity/trufflehog#4562

[INS-207] Add Role-Aware Resumption Support for Legacy S3 Scan by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4600

Enable line numbers for GitHub Real-time by @rosecodym in trufflesecurity/trufflehog#4611

Full Changelog: trufflesecurity/trufflehog@v3.92.3...v3.92.4

Commits

116e717 [INS-243] Fix jdbc detector detecting incomplete connection string and fixed ...
b924c0b added monthly requests limit to postman api request metrics collection (#4667)
f3eff52 fix: report accurate line numbers for chunked file scanning (#1876) (#4615)
6a0bc78 fix(git): use --iso-strict git arg to prevent locale issue (#4653)
fc3f35c Gitlab Source: Backoff from Scan2 which is experimental to legacy pagination ...
728d71f Rework JWT detector to better block local IPs; add HTTP instrumentation (#4607)
89cc34b Fix typo in help description for Postman API metric (#4656)
6904595 detectors/twilio: add exponential backoff retry logic (#4652)
4e02afb [INS-170] Unify JDBC URL Parsing Across Detector and Analyzer (Continued) (#4...
964eab0 [INS-232] Fix S3 Source "panic: runtime error: index out of range" bug (#4610)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.0 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

docs: clarify GITHUB_TOKEN permissions needed for private repos by @pankajtaneja5 in ossf/scorecard-action#1574

📖 Fix recommended command to test the image in development by @deivid-rodriguez in ossf/scorecard-action#1583

Other

add missing top-level token permissions to workflows by @timothyklee in ossf/scorecard-action#1566

setup codeowners for requesting reviews by @spencerschrock in ossf/scorecard-action#1576

🌱 Improve printing options by @deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

@timothyklee made their first contribution in ossf/scorecard-action#1566

@pankajtaneja5 made their first contribution in ossf/scorecard-action#1574

@deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

What's Changed

This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.

Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.

use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in ossf/scorecard-action#1423

Some errors were made into annotations to make them more visible

Make default branch error more prominent by @jsoref in ossf/scorecard-action#1459

There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.

add input for specifying --file-mode by @spencerschrock in ossf/scorecard-action#1509

The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

🌱 publish docker images to GitHub Container Registry by @spencerschrock in ossf/scorecard-action#1453

Docs

Installation docs update by @JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

@JeremiahAHoward made their first contribution in ossf/scorecard-action#1416

@jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

Commits

4eaacf0 bump docker to ghcr v2.4.3 (#1587)
42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
92083b5 📖 Fix recommended command to test the image in development (#1583)
7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
c3f1350 🌱 Improve printing options (#1584)
43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.0` | `4.31.10` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.2.0` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.276.0` | `1.283.0` | | [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.9.1` | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.92.3` | `3.92.5` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.3` | Updates `actions/checkout` from 4.1.1 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4.1.1...v6.0.1) Updates `github/codeql-action` from 3.27.0 to 4.31.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.27.0...cdefb33) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@395ad32...6044e13) Updates `ruby/setup-ruby` from 1.276.0 to 1.283.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@ae195bb...708024e) Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](webfactory/ssh-agent@dc588b6...a6f90b1) Updates `dtolnay/rust-toolchain` from 56f84321dbccf38fb67ce29ab63e4754056677e0 to f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](dtolnay/rust-toolchain@56f8432...f7ccc83) Updates `trufflesecurity/trufflehog` from 3.92.3 to 3.92.5 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@v3.92.3...116e717) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...4eaacf0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ruby/setup-ruby dependency-version: 1.283.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: webfactory/ssh-agent dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: dtolnay/rust-toolchain dependency-version: f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 dependency-type: direct:production dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.92.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 18, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): bump the actions group across 1 directory with 8 updates #6

chore(deps): bump the actions group across 1 directory with 8 updates #6

Uh oh!

dependabot bot commented on behalf of github Jan 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

chore(deps): bump the actions group across 1 directory with 8 updates #6

Are you sure you want to change the base?

chore(deps): bump the actions group across 1 directory with 8 updates #6

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 18, 2026

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.31.10

CodeQL Action Changelog

4.31.10 - 12 Jan 2026

v4.31.9

CodeQL Action Changelog

4.31.9 - 16 Dec 2025

v4.31.8

CodeQL Action Changelog

4.31.8 - 11 Dec 2025

v4.31.7

CodeQL Action Changelog

4.31.7 - 05 Dec 2025

v4.31.6

CodeQL Action Changelog

4.31.6 - 01 Dec 2025

CodeQL Action Changelog

[UNRELEASED]

4.31.10 - 12 Jan 2026

4.31.9 - 16 Dec 2025

4.31.8 - 11 Dec 2025

4.31.7 - 05 Dec 2025

4.31.6 - 01 Dec 2025

4.31.5 - 24 Nov 2025

4.31.4 - 18 Nov 2025

4.31.3 - 13 Nov 2025

4.31.2 - 30 Oct 2025

4.31.1 - 30 Oct 2025

4.31.0 - 24 Oct 2025

v6.2.0

What's Changed

Documentation

Dependency updates:

New Contributors

v1.283.0

What's Changed

v1.282.0

What's Changed

v1.281.0

What's Changed

v1.280.0

What's Changed

New Contributors

v1.279.0

v1.278.0

What's Changed

v1.277.0

What's Changed

v0.9.1

What's Changed

New Contributors

Changelog

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

v0.9.0 [2024-02-06]

Changed

v0.8.0 [2023-03-24]

Changed

v0.7.0 [2022-10-19]

Added