Bump the gh-actions group with 4 updates #164

dependabot · 2025-01-01T04:44:24Z

Bumps the gh-actions group with 4 updates: peter-evans/create-pull-request, actions/upload-artifact, Quantco/ui-actions and softprops/action-gh-release.

Updates peter-evans/create-pull-request from 7.0.5 to 7.0.6

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.6

⚙️ Fixes an issue with commit signing where unicode characters in file paths were not preserved.

What's Changed

build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot in peter-evans/create-pull-request#3365

Update distribution by @actions-bot in peter-evans/create-pull-request#3370

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.2.4 to 13.2.5 by @dependabot in peter-evans/create-pull-request#3375

build(deps-dev): bump @types/node from 18.19.50 to 18.19.54 by @dependabot in peter-evans/create-pull-request#3376

build(deps): bump @octokit/plugin-paginate-rest from 11.3.3 to 11.3.5 by @dependabot in peter-evans/create-pull-request#3377

Update distribution by @actions-bot in peter-evans/create-pull-request#3388

build(deps-dev): bump @types/node from 18.19.54 to 18.19.55 by @dependabot in peter-evans/create-pull-request#3400

build(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in peter-evans/create-pull-request#3401

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.2.5 to 13.2.6 by @dependabot in peter-evans/create-pull-request#3403

build(deps-dev): bump eslint-plugin-import from 2.30.0 to 2.31.0 by @dependabot in peter-evans/create-pull-request#3402

build(deps): bump @octokit/plugin-throttling from 9.3.1 to 9.3.2 by @dependabot in peter-evans/create-pull-request#3404

Update distribution by @actions-bot in peter-evans/create-pull-request#3423

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in peter-evans/create-pull-request#3441

build(deps): bump undici from 6.19.8 to 6.20.1 by @dependabot in peter-evans/create-pull-request#3442

Update distribution by @actions-bot in peter-evans/create-pull-request#3451

build(deps-dev): bump @types/node from 18.19.55 to 18.19.58 by @dependabot in peter-evans/create-pull-request#3457

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in peter-evans/create-pull-request#3462

build(deps-dev): bump @types/node from 18.19.58 to 18.19.60 by @dependabot in peter-evans/create-pull-request#3463

chore: don't bundle undici by @benmccann in peter-evans/create-pull-request#3475

Update distribution by @actions-bot in peter-evans/create-pull-request#3478

chore: use node-fetch-native support for proxy env vars by @peter-evans in peter-evans/create-pull-request#3483

build(deps-dev): bump @types/node from 18.19.60 to 18.19.64 by @dependabot in peter-evans/create-pull-request#3488

build(deps-dev): bump undici from 6.20.1 to 6.21.0 by @dependabot in peter-evans/create-pull-request#3499

build(deps-dev): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot in peter-evans/create-pull-request#3500

docs: note push-to-repo classic PAT workflow scope requirement by @scop in peter-evans/create-pull-request#3511

docs: spelling fixes by @scop in peter-evans/create-pull-request#3512

build(deps-dev): bump typescript from 5.6.3 to 5.7.2 by @dependabot in peter-evans/create-pull-request#3516

build(deps-dev): bump prettier from 3.3.3 to 3.4.0 by @dependabot in peter-evans/create-pull-request#3517

build(deps-dev): bump @types/node from 18.19.64 to 18.19.66 by @dependabot in peter-evans/create-pull-request#3518

docs(README): clarify that an existing open PR is managed by @caugner in peter-evans/create-pull-request#3498

Update distribution by @actions-bot in peter-evans/create-pull-request#3529

build(deps): bump @octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 by @dependabot in peter-evans/create-pull-request#3542

build(deps-dev): bump @types/node from 18.19.66 to 18.19.67 by @dependabot in peter-evans/create-pull-request#3543

build(deps-dev): bump prettier from 3.4.0 to 3.4.1 by @dependabot in peter-evans/create-pull-request#3544

build(deps-dev): bump eslint-import-resolver-typescript from 3.6.3 to 3.7.0 by @dependabot in peter-evans/create-pull-request#3559

build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by @dependabot in peter-evans/create-pull-request#3560

build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 by @dependabot in peter-evans/create-pull-request#3570

build(deps): bump p-limit from 6.1.0 to 6.2.0 by @dependabot in peter-evans/create-pull-request#3578

Update distribution by @actions-bot in peter-evans/create-pull-request#3583

fix: preserve unicode in filepaths when commit signing by @peter-evans in peter-evans/create-pull-request#3588

New Contributors

@benmccann made their first contribution in peter-evans/create-pull-request#3475

@scop made their first contribution in peter-evans/create-pull-request#3511

@caugner made their first contribution in peter-evans/create-pull-request#3498

... (truncated)

Commits

67ccf78 fix: preserve unicode in filepaths when commit signing (#3588)
bb88e27 build: update distribution (#3583)
b378ed5 build(deps): bump p-limit from 6.1.0 to 6.2.0 (#3578)
fa9200e build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 (#3570)
16e0059 build(deps-dev): bump prettier from 3.4.1 to 3.4.2 (#3560)
5bffd5a build(deps-dev): bump eslint-import-resolver-typescript (#3559)
a22a0dd build(deps-dev): bump prettier from 3.4.0 to 3.4.1 (#3544)
b27ce37 build(deps-dev): bump @types/node from 18.19.66 to 18.19.67 (#3543)
4e0cc19 build(deps): bump @octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 (#3542)
25b6871 docs: update scopes for push-to-fork
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.3 to 4.5.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits

6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
See full diff in compare view

Updates Quantco/ui-actions from 1.0.15 to 1.0.17

Commits

8c5c674 bump version
1cf221b [auto] build version-metadata: update compiled version
0adc940 [auto] build publish: update compiled version
7eecf88 update pnpm/action-setup version
dc9e395 update author name
See full diff in compare view

Updates softprops/action-gh-release from 2.1.0 to 2.2.0

Release notes

Sourced from softprops/action-gh-release's releases.

v2.2.0

What's Changed

Exciting New Features 🎉

feat: read the release assets asynchronously by @xen0n in softprops/action-gh-release#552

Bug fixes 🐛

fix(docs): clarify the default for tag_name by @alexeagle in softprops/action-gh-release#544

Other Changes 🔄

chore(deps): bump typescript from 5.6.3 to 5.7.2 by @dependabot in softprops/action-gh-release#548

chore(deps): bump @types/node from 22.9.0 to 22.9.4 by @dependabot in softprops/action-gh-release#547

chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @dependabot in softprops/action-gh-release#545

chore(deps): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot in softprops/action-gh-release#543

chore(deps): bump prettier from 3.3.3 to 3.4.1 by @dependabot in softprops/action-gh-release#550

chore(deps): bump @types/node from 22.9.4 to 22.10.1 by @dependabot in softprops/action-gh-release#551

chore(deps): bump prettier from 3.4.1 to 3.4.2 by @dependabot in softprops/action-gh-release#554

New Contributors

@alexeagle made their first contribution in softprops/action-gh-release#544

@xen0n made their first contribution in softprops/action-gh-release#552

Full Changelog: softprops/action-gh-release@v2.1.0...v2.2.0

Changelog

Sourced from softprops/action-gh-release's changelog.

2.2.0

What's Changed

Exciting New Features 🎉

feat: read the release assets asynchronously by @xen0n in softprops/action-gh-release#552

Bug fixes 🐛

fix(docs): clarify the default for tag_name by @alexeagle in softprops/action-gh-release#544

Other Changes 🔄

chore(deps): bump typescript from 5.6.3 to 5.7.2 by @dependabot in softprops/action-gh-release#548

chore(deps): bump @types/node from 22.9.0 to 22.9.4 by @dependabot in softprops/action-gh-release#547

chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by @dependabot in softprops/action-gh-release#545

chore(deps): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot in softprops/action-gh-release#543

chore(deps): bump prettier from 3.3.3 to 3.4.1 by @dependabot in softprops/action-gh-release#550

chore(deps): bump @types/node from 22.9.4 to 22.10.1 by @dependabot in softprops/action-gh-release#551

chore(deps): bump prettier from 3.4.1 to 3.4.2 by @dependabot in softprops/action-gh-release#554

2.1.0

What's Changed

Exciting New Features 🎉

feat: add support for release assets with multiple spaces within the name by @dukhine in softprops/action-gh-release#518

feat: preserve upload order by @richarddd in softprops/action-gh-release#500

Other Changes 🔄

chore(deps): bump @types/node from 22.8.2 to 22.8.7 by @dependabot in softprops/action-gh-release#539

2.0.9

maintenance release with updated dependencies

2.0.8

Other Changes 🔄

chore(deps): bump prettier from 2.8.0 to 3.3.3 by @dependabot in softprops/action-gh-release#480

chore(deps): bump @types/node from 20.14.9 to 20.14.11 by @dependabot in softprops/action-gh-release#483

chore(deps): bump @octokit/plugin-throttling from 9.3.0 to 9.3.1 by @dependabot in softprops/action-gh-release#484

chore(deps): bump glob from 10.4.2 to 11.0.0 by @dependabot in softprops/action-gh-release#477

refactor: write jest config in ts by @chenrui333 in softprops/action-gh-release#485

chore(deps): bump @actions/github from 5.1.1 to 6.0.0 by @dependabot in softprops/action-gh-release#470

2.0.7

Bug fixes 🐛

... (truncated)

Commits

7b4da11 release 2.2.0
64f1fa1 feat: read the release assets asynchronously (#552)
9e35a64 chore(deps): bump prettier from 3.4.1 to 3.4.2 (#554)
92bc83c chore(deps): bump @types/node from 22.9.4 to 22.10.1 (#551)
09f0e37 chore(deps): bump prettier from 3.3.3 to 3.4.1 (#550)
f138a07 chore(deps): bump @vercel/ncc from 0.38.2 to 0.38.3 (#543)
39a5683 fix(docs): clarify the default for tag_name (#544)
62368ac chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#545)
181b5bc chore(deps): bump @types/node from 22.9.0 to 22.9.4 (#547)
3284404 chore(deps): bump typescript from 5.6.3 to 5.7.2 (#548)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gh-actions group with 4 updates: [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request), [actions/upload-artifact](https://github.com/actions/upload-artifact), [Quantco/ui-actions](https://github.com/quantco/ui-actions) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.6 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@5e91468...67ccf78) Updates `actions/upload-artifact` from 4.4.3 to 4.5.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b4b15b8...6f51ac0) Updates `Quantco/ui-actions` from 1.0.15 to 1.0.17 - [Commits](Quantco/ui-actions@a0653e9...8c5c674) Updates `softprops/action-gh-release` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@01570a1...7b4da11) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions - dependency-name: Quantco/ui-actions dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from pavelzw as a code owner January 1, 2025 04:44

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2025

Use newest pixi version

1d3bbb2

pavelzw merged commit 6bfb8b7 into main Jan 6, 2025
132 checks passed

pavelzw deleted the dependabot/github_actions/gh-actions-46767c8ffe branch January 6, 2025 12:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the gh-actions group with 4 updates #164

Bump the gh-actions group with 4 updates #164

dependabot bot commented on behalf of github Jan 1, 2025

Bump the gh-actions group with 4 updates #164

Bump the gh-actions group with 4 updates #164

Conversation

dependabot bot commented on behalf of github Jan 1, 2025

Create Pull Request v7.0.6

What's Changed

New Contributors

v4.5.0

What's Changed

New Contributors

v2.2.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

New Contributors

2.2.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

2.1.0

What's Changed

Exciting New Features 🎉

Other Changes 🔄

2.0.9

2.0.8

Other Changes 🔄

2.0.7

Bug fixes 🐛