Skip to content

Bump the github-actions-updates group with 8 updates#40

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-updates-9eb998c790
Closed

Bump the github-actions-updates group with 8 updates#40
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-updates-9eb998c790

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps the github-actions-updates group with 8 updates:

Package From To
step-security/harden-runner 2.19.4 2.20.0
lfreleng-actions/repository-metadata-action 0.2.1 0.2.3
lfreleng-actions/github2gerrit-action 1.3.3 1.4.2
im-open/workflow-conclusion 2.2.5 3.0.0
actions/upload-artifact 4 7
lfreleng-actions/checkout-gerrit-change-action 1.0.1 1.0.2
1password/load-secrets-action 4.0.0 4.0.1
lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml 0.7.2 0.7.4

Updates step-security/harden-runner from 2.19.4 to 2.20.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.20.0

What's Changed

  • Support for block policy for MacOS and Windows GitHub-hosted runners
  • Support for Bitrise MacOS GitHub Actions runners
  • HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0

Commits
  • bf7454d Merge pull request #673 from step-security/fix/aggregate-error-startup-hang
  • 1188420 Update non-TLS agent to v0.16.2
  • 162cfea Update non-TLS agent to v0.16.1
  • eb9e1f4 Bring macOS runner updates from PR 674
  • 1a10b01 Update Windows agent to v1.0.7
  • 8b4a105 Apply npm audit fixes with release-age cooldown
  • 3626e03 Default TLS status check failures to enabled
  • 100e08b Update agent-ebpf to v1.8.12
  • 774f75f Update agent to v1.8.9
  • f312657 Extend missing-agent-dir guard to Linux and macOS cleanup paths
  • Additional commits viewable in compare view

Updates lfreleng-actions/repository-metadata-action from 0.2.1 to 0.2.3

Release notes

Sourced from lfreleng-actions/repository-metadata-action's releases.

v0.2.3

Downloads for this release

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

v0.2.2

Downloads for this release

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

Links

Commits
  • 61e837e Merge pull request #124 from lfreleng-actions/pre-commit-ci-update-config
  • 7909703 Chore: pre-commit autoupdate
  • 93407da Merge pull request #121 from lfreleng-actions/dependabot/github_actions/actio...
  • 9723574 Merge pull request #120 from lfreleng-actions/dependabot/github_actions/lfrel...
  • 437113c Merge pull request #123 from lfreleng-actions/dependabot/github_actions/actio...
  • 7fa2f05 Merge pull request #122 from lfreleng-actions/dependabot/github_actions/relea...
  • eda4aa4 Chore: Bump actions/cache from 5.0.5 to 6.1.0
  • 073e023 Chore: Bump release-drafter/release-drafter from 7.4.0 to 7.5.1
  • fe6ad86 Chore: Bump actions/setup-python from 6.2.0 to 6.3.0
  • 619ed6e Chore: Bump lfreleng-actions/tag-validate-action from 1.0.3 to 1.0.4
  • Additional commits viewable in compare view

Updates lfreleng-actions/github2gerrit-action from 1.3.3 to 1.4.2

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.4.2

Downloads for this release

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

v1.4.1

Downloads for this release

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

Links

v1.4.0

Downloads for this release

✨ New Features ✨

🐛 Bug Fixes 🐛

... (truncated)

Commits
  • 9f32f3c Merge pull request #335 from lfreleng-actions/dependabot/uv/hatchling-1.31.0
  • 86c6955 Merge pull request #333 from lfreleng-actions/dependabot/uv/mypy-2.2.0
  • c6305b3 Merge pull request #332 from lfreleng-actions/dependabot/github_actions/astra...
  • d6a1ecd Merge pull request #334 from lfreleng-actions/dependabot/github_actions/lfit/...
  • 5ae1bf9 Merge pull request #331 from lfreleng-actions/dependabot/github_actions/step-...
  • e134af5 Chore: Bump hatchling from 1.30.1 to 1.31.0
  • 5dc30c2 Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-sc...
  • b053702 Chore: Bump mypy from 2.1.0 to 2.2.0
  • 0be7d15 Chore: Bump astral-sh/setup-uv from 8.3.0 to 8.3.2
  • 6d3b65f Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0
  • Additional commits viewable in compare view

Updates im-open/workflow-conclusion from 2.2.5 to 3.0.0

Commits
  • 8eac7f1 Merge pull request #29 from im-open/node24
  • c4d9654 Update to node 24
  • aa85805 Merge pull request #23 from im-open/dependabot/npm_and_yarn/multi-0f30d60bd3
  • 40cf9b3 Merge branch 'main' into dependabot/npm_and_yarn/multi-0f30d60bd3
  • 58125f7 Bump @​octokit/plugin-paginate-rest and @​actions/github
  • See full diff in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates lfreleng-actions/checkout-gerrit-change-action from 1.0.1 to 1.0.2

Release notes

Sourced from lfreleng-actions/checkout-gerrit-change-action's releases.

v1.0.2

Downloads for this release

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

Commits
  • f87b90a Merge pull request #106 from lfreleng-actions/pre-commit-ci-update-config
  • 3b77a16 Chore: pre-commit autoupdate
  • 719371f Merge pull request #105 from modeseven-lfreleng-actions/chore/add-security-md
  • 43d9e1a Docs: Add SECURITY.md security policy
  • 857d657 Merge pull request #104 from modeseven-lfreleng-actions/dependabot-cooldown
  • b164594 CI(dependabot): Add 7-day update cooldown
  • 9b89664 Merge pull request #103 from lfreleng-actions/pre-commit-ci-update-config
  • 0d8f64d Chore: pre-commit autoupdate
  • 60dc200 Merge pull request #102 from modeseven-lfreleng-actions/chore/remove-redundan...
  • 0ecb658 Chore: remove redundant workflow copies
  • Additional commits viewable in compare view

Updates 1password/load-secrets-action from 4.0.0 to 4.0.1

Release notes

Sourced from 1password/load-secrets-action's releases.

v4.0.1

What's Changed

Fix

  • Fixed a Windows specific issue where 1Password CLI installation could fail because the downloaded archive lacked a .zip extension required by PowerShell’s archive extraction fallback. (#154)
  • Bump actions/checkout from v5 to v6 in CI workflows. (#156)

Security

  • Harden GitHub Actions workflows by pinning external actions to immutable commit SHAs. (#157)

Docs

  • Add 1Password API Terms of Service notice to the README (#166)

New Contributors

Full Changelog: 1Password/load-secrets-action@v4.0.0...v4.0.1

Commits
  • 3a12b0a Merge pull request #167 from 1Password/release/v4.0.1
  • 0f0cd1b create new build
  • be2f36b Add Terms of Service to README (#166)
  • 908aabf Merge pull request #154 from superteppo/main
  • cc166c6 Merge pull request #157 from dagecko/runner-guard/fix-ci-security
  • 080cd2d Merge branch '1Password:main' into main
  • 2a321c3 fix: pin 4 unpinned action(s),extract 3 unsafe expression(s) to env vars
  • 2a9101f Merge pull request #156 from 1Password/jill/bump-actions
  • 5b18565 bump actions
  • a763b8d fix installer error on windows
  • See full diff in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.4

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml's releases.

v0.7.4

Downloads for this release

🔧 Maintenance 🔧

  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#751)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.6.1 to 0.7.2 @dependabot[bot] (#753)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#754)
  • Chore: Bump github/codeql-action/init from 4.36.2 to 4.36.3 @dependabot[bot] (#752)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#755)
  • Chore: Bump dorny/paths-filter from 4.0.1 to 4.0.2 @dependabot[bot] (#756)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#750)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#757)
  • Chore: Bump docker/build-push-action from 7.2.0 to 7.3.0 @dependabot[bot] (#758)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#760)
  • Chore: Bump lfreleng-actions/credential-load-action from 1.0.0 to 1.1.0 @dependabot[bot] (#759)
  • Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.0 to 0.3.1 @dependabot[bot] (#761)
  • Chore: Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 @dependabot[bot] (#762)
  • Chore: pre-commit linting updates @pre-commit-ci[bot] (#765)
  • Chore: Bump jordanconway/package-manager-hardening from 0.4.2 to 0.4.3 @dependabot[bot] (#763)
  • Chore: Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 @dependabot[bot] (#764)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#769)
  • Chore: Bump github/codeql-action/upload-sarif from 4.36.3 to 4.37.0 @dependabot[bot] (#770)
  • Chore: Bump github/codeql-action/analyze from 4.36.3 to 4.37.0 @dependabot[bot] (#768)
  • Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0 @dependabot[bot] (#771)
  • Chore: Bump lfreleng-actions/credential-load-action from 1.1.0 to 2.0.0 @dependabot[bot] (#767)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#772)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#773)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#775)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#774)
  • Chore: Bump github/codeql-action/init from 4.36.3 to 4.37.0 @dependabot[bot] (#776)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#778)
  • Chore: Bump actions/setup-java from 5.4.0 to 5.5.0 @dependabot[bot] (#777)
  • Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.1 to 0.4.0 @dependabot[bot] (#779)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#780)

Links

v0.7.3

Downloads for this release

🔧 Maintenance 🔧

Links

Commits
  • 5fa62e3 Merge pull request #780 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • 34d94b1 Merge pull request #779 from lfit/dependabot/github_actions/lfreleng-actions/...
  • 70d4d84 Merge pull request #777 from lfit/dependabot/github_actions/actions/setup-jav...
  • 55039c6 Merge pull request #778 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • d940c57 Merge pull request #776 from lfit/dependabot/github_actions/github/codeql-act...
  • 57c5c52 Merge pull request #774 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • a54a16e Merge pull request #775 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • 66b4a1c Merge pull request #773 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • aa3ba13 Merge pull request #772 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • f463514 Merge pull request #767 from lfit/dependabot/github_actions/lfreleng-actions/...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions-updates group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.4` | `2.20.0` |
| [lfreleng-actions/repository-metadata-action](https://github.com/lfreleng-actions/repository-metadata-action) | `0.2.1` | `0.2.3` |
| [lfreleng-actions/github2gerrit-action](https://github.com/lfreleng-actions/github2gerrit-action) | `1.3.3` | `1.4.2` |
| [im-open/workflow-conclusion](https://github.com/im-open/workflow-conclusion) | `2.2.5` | `3.0.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [lfreleng-actions/checkout-gerrit-change-action](https://github.com/lfreleng-actions/checkout-gerrit-change-action) | `1.0.1` | `1.0.2` |
| [1password/load-secrets-action](https://github.com/1password/load-secrets-action) | `4.0.0` | `4.0.1` |
| [lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml](https://github.com/lfit/releng-reusable-workflows) | `0.7.2` | `0.7.4` |


Updates `step-security/harden-runner` from 2.19.4 to 2.20.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@9af89fc...bf7454d)

Updates `lfreleng-actions/repository-metadata-action` from 0.2.1 to 0.2.3
- [Release notes](https://github.com/lfreleng-actions/repository-metadata-action/releases)
- [Changelog](https://github.com/lfreleng-actions/repository-metadata-action/blob/main/docs/CHANGES_SUMMARY.md)
- [Commits](lfreleng-actions/repository-metadata-action@fa041b9...61e837e)

Updates `lfreleng-actions/github2gerrit-action` from 1.3.3 to 1.4.2
- [Release notes](https://github.com/lfreleng-actions/github2gerrit-action/releases)
- [Commits](lfreleng-actions/github2gerrit-action@f44c168...9f32f3c)

Updates `im-open/workflow-conclusion` from 2.2.5 to 3.0.0
- [Commits](im-open/workflow-conclusion@7b14694...8eac7f1)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

Updates `lfreleng-actions/checkout-gerrit-change-action` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/lfreleng-actions/checkout-gerrit-change-action/releases)
- [Commits](lfreleng-actions/checkout-gerrit-change-action@8523d76...f87b90a)

Updates `1password/load-secrets-action` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/1password/load-secrets-action/releases)
- [Commits](1Password/load-secrets-action@92467eb...3a12b0a)

Updates `lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml` from 0.7.2 to 0.7.4
- [Release notes](https://github.com/lfit/releng-reusable-workflows/releases)
- [Commits](lfit/releng-reusable-workflows@fd3c1b4...5fa62e3)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
- dependency-name: lfreleng-actions/repository-metadata-action
  dependency-version: 0.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-updates
- dependency-name: lfreleng-actions/github2gerrit-action
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-updates
- dependency-name: im-open/workflow-conclusion
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-updates
- dependency-name: lfreleng-actions/checkout-gerrit-change-action
  dependency-version: 1.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-updates
- dependency-name: 1password/load-secrets-action
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-updates
- dependency-name: lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml
  dependency-version: 0.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions

Copy link
Copy Markdown

PR: #40
Mode: squash
Topic: GH-policy-clamp-40
Change-Ids:
Id0b478b9c184aa6108f0e2dd6311acb82b036973
Digest: 8179555e044c
GitHub-Hash: 8867668c6c265f6c

Note: This metadata is also included in the Gerrit commit message for reconciliation.

@github-actions

Copy link
Copy Markdown

Change raised in Gerrit by GitHub2Gerrit: https://gerrit.onap.org/r/c/policy/clamp/+/146289

onap-github pushed a commit that referenced this pull request Jul 15, 2026
Bumps the github-actions-updates group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| step-security/harden-runner | `2.19.4` | `2.20.0` |
| lfreleng-actions/repository-metadata-action | `0.2.1` | `0.2.3` |
| lfreleng-actions/github2gerrit-action | `1.3.3` | `1.4.2` |
| im-open/workflow-conclusion | `2.2.5` | `3.0.0` |
| actions/upload-artifact | `4` | `7` |
| lfreleng-actions/checkout-gerrit-change-action | `1.0.1` | `1.0.2` |
| 1password/load-secrets-action | `4.0.0` | `4.0.1` |
| lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml | `0.7.2` | `0.7.4` |

Updates `step-security/harden-runner` from 2.19.4 to 2.20.0
## Release notes

Sourced from step-security/harden-runner's releases.

v2.20.0
What's Changed

Support for block policy for MacOS and Windows GitHub-hosted runners
Support for Bitrise MacOS GitHub Actions runners
HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0

## Commits

bf7454d Merge pull request #673 from step-security/fix/aggregate-error-startup-hang
1188420 Update non-TLS agent to v0.16.2
162cfea Update non-TLS agent to v0.16.1
eb9e1f4 Bring macOS runner updates from PR 674
1a10b01 Update Windows agent to v1.0.7
8b4a105 Apply npm audit fixes with release-age cooldown

3626e03 Default TLS status check failures to enabled
100e08b Update agent-ebpf to v1.8.12
774f75f Update agent to v1.8.9
f312657 Extend missing-agent-dir guard to Linux and macOS cleanup paths
Additional commits viewable in compare view

Updates `lfreleng-actions/repository-metadata-action` from 0.2.1 to 0.2.3
## Release notes

Sourced from lfreleng-actions/repository-metadata-action's releases.

v0.2.3

🐛 Bug Fixes 🐛

Fix(deps): Remove uv exclude-newer cooldown @​ModeSevenIndustrialSolutions (#119)

🔧 Maintenance 🔧

Chore: Bump release-drafter/release-drafter from 7.4.0 to 7.5.1 @dependabot[bot] (#122)
Chore: Bump actions/cache from 5.0.5 to 6.1.0 @dependabot[bot] (#123)
Chore: Bump lfreleng-actions/tag-validate-action from 1.0.3 to 1.0.4 @dependabot[bot] (#120)
Chore: Bump actions/setup-python from 6.2.0 to 6.3.0 @dependabot[bot] (#121)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#124)

🎓 Code Quality 🎓

CI: Add OpenSSF Scorecard workflow @​ModeSevenIndustrialSolutions (#118)

Links

Submit bugs/feature requests

v0.2.2

🐛 Bug Fixes 🐛

Fix: resolve Zizmor findings and bump GitPython @​ModeSevenIndustrialSolutions (#117)

🔧 Maintenance 🔧

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#105)
Chore: Bump lfreleng-actions/tag-validate-action from 1.0.2 to 1.0.3 @dependabot[bot] (#106)
Chore: Bump actions/checkout from 6.0.3 to 7.0.0 @dependabot[bot] (#107)
Chore: Bump release-drafter/release-drafter from 7.3.1 to 7.4.0 @dependabot[bot] (#108)
Chore: Bump lfreleng-actions/draft-release-promote-action from 0.1.3 to 0.1.4 @dependabot[bot] (#109)
Chore: Bump cryptography from 46.0.3 to 48.0.1 @dependabot[bot] (#110)
Chore: Bump idna from 3.11 to 3.15 @dependabot[bot] (#111)
Chore: Bump urllib3 from 2.6.2 to 2.7.0 @dependabot[bot] (#112)
Chore: Bump pyjwt from 2.10.1 to 2.13.0 @dependabot[bot] (#113)
Chore: Bump pytest from 7.4.4 to 9.0.3 @dependabot[bot] (#115)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#116)
Chore: Bump requests from 2.32.5 to 2.33.0 @dependabot[bot] (#114)

Links

Submit bugs/feature requests

## Commits

61e837e Merge pull request #124 from lfreleng-actions/pre-commit-ci-update-config
7909703 Chore: pre-commit autoupdate
93407da Merge pull request #121 from lfreleng-actions/dependabot/github_actions/actio
9723574 Merge pull request #120 from lfreleng-actions/dependabot/github_actions/lfrel
437113c Merge pull request #123 from lfreleng-actions/dependabot/github_actions/actio
7fa2f05 Merge pull request #122 from lfreleng-actions/dependabot/github_actions/relea
eda4aa4 Chore: Bump actions/cache from 5.0.5 to 6.1.0
073e023 Chore: Bump release-drafter/release-drafter from 7.4.0 to 7.5.1
fe6ad86 Chore: Bump actions/setup-python from 6.2.0 to 6.3.0
619ed6e Chore: Bump lfreleng-actions/tag-validate-action from 1.0.3 to 1.0.4
Additional commits viewable in compare view

Updates `lfreleng-actions/github2gerrit-action` from 1.3.3 to 1.4.2
## Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.4.2

🐛 Bug Fixes 🐛

Fix: Reconcile closed changes and bundle action/workflow @​ModeSevenIndustrialSolutions (#330)

🔧 Maintenance 🔧

Chore: Bump astral-sh/setup-uv from 8.2.0 to 8.3.0 @dependabot[bot] (#327)
Chore: Bump responses from 0.26.1 to 0.26.2 @dependabot[bot] (#328)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#329)
Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0 @dependabot[bot] (#331)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.4 @dependabot[bot] (#334)
Chore: Bump astral-sh/setup-uv from 8.3.0 to 8.3.2 @dependabot[bot] (#332)
Chore: Bump mypy from 2.1.0 to 2.2.0 @dependabot[bot] (#333)
Chore: Bump hatchling from 1.30.1 to 1.31.0 @dependabot[bot] (#335)

🎓 Code Quality 🎓

CI: Set coverage data_file outside project tree @​ModeSevenIndustrialSolutions (#326)

Links

Submit bugs/feature requests

v1.4.1

🐛 Bug Fixes 🐛

Fix: Unify Gerrit topic format across push/query @​ModeSevenIndustrialSolutions (#324)

🔧 Maintenance 🔧

Chore: Remove AI-slop comments flagged by aislop @​ModeSevenIndustrialSolutions (#325)

Links

Submit bugs/feature requests

v1.4.0

✨ New Features ✨

Feat: Add Copilot to known automation tools @​eb-oss (#296)
Feat: Add OpenSSF Scorecard and fix zizmor @​ModeSevenIndustrialSolutions (#311)

🐛 Bug Fixes 🐛

Fix(deps): Remove uv exclude-newer cooldown @​ModeSevenIndustrialSolutions (#312)

... (truncated)

## Commits

9f32f3c Merge pull request #335 from lfreleng-actions/dependabot/uv/hatchling-1.31.0
86c6955 Merge pull request #333 from lfreleng-actions/dependabot/uv/mypy-2.2.0
c6305b3 Merge pull request #332 from lfreleng-actions/dependabot/github_actions/astra
d6a1ecd Merge pull request #334 from lfreleng-actions/dependabot/github_actions/lfit/
5ae1bf9 Merge pull request #331 from lfreleng-actions/dependabot/github_actions/step-
e134af5 Chore: Bump hatchling from 1.30.1 to 1.31.0
5dc30c2 Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-sc
b053702 Chore: Bump mypy from 2.1.0 to 2.2.0
0be7d15 Chore: Bump astral-sh/setup-uv from 8.3.0 to 8.3.2
6d3b65f Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0
Additional commits viewable in compare view

Updates `im-open/workflow-conclusion` from 2.2.5 to 3.0.0
## Commits

8eac7f1 Merge pull request #29 from im-open/node24
c4d9654 Update to node 24
aa85805 Merge pull request #23 from im-open/dependabot/npm_and_yarn/multi-0f30d60bd3
40cf9b3 Merge branch 'main' into dependabot/npm_and_yarn/multi-0f30d60bd3
58125f7 Bump @​octokit/plugin-paginate-rest and @​actions/github
See full diff in compare view

Updates `actions/upload-artifact` from 4 to 7
## Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0
v7 What's new
Direct Uploads
Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.
ESM
To support new versions of the @actions/* packages, we've upgraded the package to ESM.
What's Changed

Add proxy integration test by @​Link- in actions/upload-artifact#754
Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

@​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0
v6.0.0
v6 - What's new

[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24
This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.
What's Changed

Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0
v5.0.0
What's Changed
BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @​GhadimiR in actions/upload-artifact#681
Update README.md by @​nebuk89 in actions/upload-artifact#712
Readme: spell out the first use of GHES by @​danwkennedy in actions/upload-artifact#727
Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/upload-artifact#725
Bump @actions/artifact to v4.0.0
Prepare v5.0.0 by @​danwkennedy in actions/upload-artifact#734

... (truncated)

## Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
Additional commits viewable in compare view

Updates `lfreleng-actions/checkout-gerrit-change-action` from 1.0.1 to 1.0.2
## Release notes

Sourced from lfreleng-actions/checkout-gerrit-change-action's releases.

v1.0.2

🔧 Maintenance 🔧

Chore: Bump step-security/harden-runner from 2.16.0 to 2.16.1 @dependabot[bot] (#79)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#80)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#81)
Chore: Bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#83)
Chore: Bump step-security/harden-runner from 2.16.1 to 2.18.0 @dependabot[bot] (#82)
Chore: Bump release-drafter/release-drafter from 7.2.0 to 7.2.1 @dependabot[bot] (#88)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#85)
Chore: Bump step-security/harden-runner from 2.18.0 to 2.19.0 @dependabot[bot] (#86)
Chore: Bump lfreleng-actions/tag-validate-action from 1.0.1 to 1.0.2 @dependabot[bot] (#87)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#89)
Chore: Bump step-security/harden-runner from 2.19.0 to 2.19.1 @dependabot[bot] (#90)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#91)
Chore: Bump step-security/harden-runner from 2.19.1 to 2.19.2 @dependabot[bot] (#93)
Chore: Bump release-drafter/release-drafter from 7.2.1 to 7.3.0 @dependabot[bot] (#92)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#94)
Chore: Bump step-security/harden-runner from 2.19.2 to 2.19.3 @dependabot[bot] (#95)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#96)
Chore: Bump step-security/harden-runner from 2.19.3 to 2.19.4 @dependabot[bot] (#97)
Chore: Bump release-drafter/release-drafter from 7.3.0 to 7.3.1 @dependabot[bot] (#98)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#99)
Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#100)
Chore: remove redundant workflow copies @​ModeSevenIndustrialSolutions (#102)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#103)
Docs: Add SECURITY.md security policy @​ModeSevenIndustrialSolutions (#105)
Chore: pre-commit autoupdate @pre-commit-ci[bot] (#106)

🎓 Code Quality 🎓

CI: update tag-push workflow from template @​ModeSevenIndustrialSolutions (#84)
CI(dependabot): Add 7-day update cooldown @​ModeSevenIndustrialSolutions (#104)

Links

Submit bugs/feature requests

## Commits

f87b90a Merge pull request #106 from lfreleng-actions/pre-commit-ci-update-config
3b77a16 Chore: pre-commit autoupdate
719371f Merge pull request #105 from modeseven-lfreleng-actions/chore/add-security-md
43d9e1a Docs: Add SECURITY.md security policy
857d657 Merge pull request #104 from modeseven-lfreleng-actions/dependabot-cooldown
b164594 CI(dependabot): Add 7-day update cooldown
9b89664 Merge pull request #103 from lfreleng-actions/pre-commit-ci-update-config
0d8f64d Chore: pre-commit autoupdate
60dc200 Merge pull request #102 from modeseven-lfreleng-actions/chore/remove-redundan
0ecb658 Chore: remove redundant workflow copies
Additional commits viewable in compare view

Updates `1password/load-secrets-action` from 4.0.0 to 4.0.1
## Release notes

Sourced from 1password/load-secrets-action's releases.

v4.0.1
What's Changed
Fix

Fixed a Windows specific issue where 1Password CLI installation could fail because the downloaded archive lacked a .zip extension required by PowerShell’s archive extraction fallback. (#154)
Bump actions/checkout from v5 to v6 in CI workflows. (#156)

Security

Harden GitHub Actions workflows by pinning external actions to immutable commit SHAs. (#157)

Docs

Add 1Password API Terms of Service notice to the README (#166)

New Contributors

@​dagecko made their first contribution in 1Password/load-secrets-action#157
@​superteppo made their first contribution in 1Password/load-secrets-action#154
@​libutcher made their first contribution in 1Password/load-secrets-action#166

Full Changelog: 1Password/load-secrets-action@v4.0.0...v4.0.1

## Commits

3a12b0a Merge pull request #167 from 1Password/release/v4.0.1
0f0cd1b create new build
be2f36b Add Terms of Service to README (#166)
908aabf Merge pull request #154 from superteppo/main
cc166c6 Merge pull request #157 from dagecko/runner-guard/fix-ci-security
080cd2d Merge branch '1Password:main' into main
2a321c3 fix: pin 4 unpinned action(s),extract 3 unsafe expression(s) to env vars
2a9101f Merge pull request #156 from 1Password/jill/bump-actions
5b18565 bump actions
a763b8d fix installer error on windows
See full diff in compare view

Updates `lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml` from 0.7.2 to 0.7.4
## Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml's releases.

v0.7.4

🔧 Maintenance 🔧

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#751)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.6.1 to 0.7.2 @dependabot[bot] (#753)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#754)
Chore: Bump github/codeql-action/init from 4.36.2 to 4.36.3 @dependabot[bot] (#752)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#755)
Chore: Bump dorny/paths-filter from 4.0.1 to 4.0.2 @dependabot[bot] (#756)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#750)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#757)
Chore: Bump docker/build-push-action from 7.2.0 to 7.3.0 @dependabot[bot] (#758)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#760)
Chore: Bump lfreleng-actions/credential-load-action from 1.0.0 to 1.1.0 @dependabot[bot] (#759)
Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.0 to 0.3.1 @dependabot[bot] (#761)
Chore: Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 @dependabot[bot] (#762)
Chore: pre-commit linting updates @pre-commit-ci[bot] (#765)
Chore: Bump jordanconway/package-manager-hardening from 0.4.2 to 0.4.3 @dependabot[bot] (#763)
Chore: Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 @dependabot[bot] (#764)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#769)
Chore: Bump github/codeql-action/upload-sarif from 4.36.3 to 4.37.0 @dependabot[bot] (#770)
Chore: Bump github/codeql-action/analyze from 4.36.3 to 4.37.0 @dependabot[bot] (#768)
Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0 @dependabot[bot] (#771)
Chore: Bump lfreleng-actions/credential-load-action from 1.1.0 to 2.0.0 @dependabot[bot] (#767)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#772)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#773)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#775)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#774)
Chore: Bump github/codeql-action/init from 4.36.3 to 4.37.0 @dependabot[bot] (#776)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#778)
Chore: Bump actions/setup-java from 5.4.0 to 5.5.0 @dependabot[bot] (#777)
Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.1 to 0.4.0 @dependabot[bot] (#779)
Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#780)

Links

Submit bugs/feature requests

v0.7.3

🔧 Maintenance 🔧

Chore: Bump change-isolation-action to v0.2.0 @​ModeSevenIndustrialSolutions (#766)

Links

Submit bugs/feature requests

## Commits

5fa62e3 Merge pull request #780 from lfit/dependabot/github_actions/lfit/releng-reusa
34d94b1 Merge pull request #779 from lfit/dependabot/github_actions/lfreleng-actions/
70d4d84 Merge pull request #777 from lfit/dependabot/github_actions/actions/setup-jav
55039c6 Merge pull request #778 from lfit/dependabot/github_actions/lfit/releng-reusa
d940c57 Merge pull request #776 from lfit/dependabot/github_actions/github/codeql-act
57c5c52 Merge pull request #774 from lfit/dependabot/github_actions/lfit/releng-reusa
a54a16e Merge pull request #775 from lfit/dependabot/github_actions/lfit/releng-reusa
66b4a1c Merge pull request #773 from lfit/dependabot/github_actions/lfit/releng-reusa
aa3ba13 Merge pull request #772 from lfit/dependabot/github_actions/lfit/releng-reusa
f463514 Merge pull request #767 from lfit/dependabot/github_actions/lfreleng-actions/
Additional commits viewable in compare view

Issue-ID: CIMAN-33
Signed-off-by: dependabot[bot] <support@github.com>
Change-Id: Id0b478b9c184aa6108f0e2dd6311acb82b036973
GitHub-PR: #40
GitHub-Hash: 8867668c6c265f6c
Signed-off-by: onap.gh2gerrit <releng+onap-gh2gerrit@linuxfoundation.org>
@github-actions

Copy link
Copy Markdown

Automated PR Closure

This pull request has been automatically closed by GitHub2Gerrit.

The corresponding Gerrit change has been accepted and merged ✅

Gerrit change URL: https://gerrit.onap.org/r/c/policy/clamp/+/146289

The changes from this PR are now part of the main codebase in Gerrit.


This is an automated action performed by the GitHub2Gerrit tool.

@github-actions github-actions Bot closed this Jul 15, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot
dependabot Bot deleted the dependabot/github_actions/github-actions-updates-9eb998c790 branch July 15, 2026 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Development

Successfully merging this pull request may close these issues.

0 participants