Bump the github-actions group across 5 directories with 6 updates #1284

dependabot · 2025-10-06T16:36:21Z

Bumps the github-actions group with 4 updates in the / directory: aws-actions/configure-aws-credentials, Alfresco/alfresco-build-tools, checkmarx/kics-github-action and github/codeql-action.
Bumps the github-actions group with 1 update in the /.github/actions/cache-downloads directory: actions/cache.
Bumps the github-actions group with 1 update in the /.github/actions/galaxy directory: actions/cache.
Bumps the github-actions group with 2 updates in the /.github/actions/molecule_integration_ec2 directory: aws-actions/configure-aws-credentials and Alfresco/alfresco-build-tools.
Bumps the github-actions group with 1 update in the /.github/actions/setup-python directory: actions/setup-python.

Updates aws-actions/configure-aws-credentials from 4.3.1 to 5.0.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

4.3.1 (2025-08-04)

Bug Fixes

update readme to 4.3.1 (#1424) (be2e7ad)

4.3.0 (2025-08-04)

Features

depenency update and feature cleanup (#1414) (59489ba), closes #1062 #1191

Optional environment variable output (c3b3ce6)

Bug Fixes

docs: readme samples versioning (5b3c895)

the wrong example region for China partition in README (37fe9a7)

properly set proxy environment variable (cbea708)

Miscellaneous Chores

release 4.3.0 (3f7c218)

4.2.1 (2025-05-14)

Bug Fixes

ensure explicit inputs take precedence over environment variables (e56e6c4)

... (truncated)

Commits

a03048d chore(main): release 5.0.0 (#1451)
337f510 chore: Fix markdown link formatting in README.md (#1466)
f001d79 chore: update README with versioning (#1465)
cf5f2ac chore: Update dist
b394bdd chore(deps-dev): bump @aws-sdk/credential-provider-env (#1463)
b632c0b chore(deps-dev): bump memfs from 4.38.1 to 4.38.2 (#1462)
978e44a chore: Update dist
c4be498 feat: support account id allowlist (#1456)
c5a43c3 chore: Update dist
8c45f6b feat: add skip OIDC option (#1458)
Additional commits viewable in compare view

Updates Alfresco/alfresco-build-tools from 8.33.0 to 9.3.1

Release notes

Sourced from Alfresco/alfresco-build-tools's releases.

v9.3.1

What's Changed

AAE-35226 Remove useless permissions in reusable workflow by @atchertchian in Alfresco/alfresco-build-tools#1179

Full Changelog: Alfresco/alfresco-build-tools@v9.3.0...v9.3.1

v9.3.0

What's Changed

Enforce version tags for internal action references in Copilot instructions by @Copilot in Alfresco/alfresco-build-tools#1166

build(deps): bump flux to v2.7.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1167

Bump the catch-all group in /.github/actions/docker-build-image with 2 updates by @dependabot[bot] in Alfresco/alfresco-build-tools#1174

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/maven-build in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1176

Bump actions/checkout from 4.3.0 to 5.0.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1171

Bump docker/login-action from 3.5.0 to 3.6.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1169

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/dbp-charts/verify-compose in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1175

build(deps): bump kcadm to 26.4.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1168

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/maven-build-and-tag in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1172

Bump terraform-linters/setup-tflint from 5.0.0 to 6.1.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1170

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/dbp-charts/verify-helm in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1173

Update copilot-instructions with versioning guidelines by @gionn in Alfresco/alfresco-build-tools#1177

Release script update version references in markdown files by @gionn in Alfresco/alfresco-build-tools#1178

AAE-35226 Add reusable workflow for dependabot flow management by @atchertchian in Alfresco/alfresco-build-tools#1163

Full Changelog: Alfresco/alfresco-build-tools@v9.2.0...v9.3.0

v9.2.0

What's Changed

AAE-38169 Allow controlling the git SHA when creating a gh deployment status by @atchertchian in Alfresco/alfresco-build-tools#1165

Full Changelog: Alfresco/alfresco-build-tools@v9.1.0...v9.2.0

v9.1.0

What's Changed

build(deps): bump updatecli to v0.108.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1157

build(deps): bump kcadm to 26.3.5 by @github-actions[bot] in Alfresco/alfresco-build-tools#1159

build(deps): bump rancher-cli to v2.12.2 by @github-actions[bot] in Alfresco/alfresco-build-tools#1158

Bump github/codeql-action from 3.30.4 to 3.30.5 in /.github/actions/docker-build-image in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1160

Bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.25 to 4.0.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1161

Add comprehensive GitHub Copilot instructions with version bumping requirements by @Copilot in Alfresco/alfresco-build-tools#1156

OPSEXP-3531 add branch promotion reusable workflow by @gionn in Alfresco/alfresco-build-tools#1162

Full Changelog: Alfresco/alfresco-build-tools@v9.0.1...v9.1.0

v9.0.1

What's Changed

Bump github/codeql-action from 3.30.3 to 3.30.4 in /.github/actions/docker-build-image in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1150

... (truncated)

Commits

348e767 Release v9.3.1
31c3d74 AAE-35226 Remove useless permissions in reusable workflow (#1179)
09ecb59 Release v9.3.0
d51093a AAE-35226 Add reusable workflow for dependabot flow management (#1163)
6dd83b2 Release script update version references in markdown files (#1178)
9d23e70 Update copilot-instructions with versioning guidelines (#1177)
740be64 Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/dbp-charts/v...
f22ea40 Bump terraform-linters/setup-tflint from 5.0.0 to 6.1.0 (#1170)
5754ec5 Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/maven-build-...
88ce2ac build(deps): bump kcadm to 26.4.0 (#1168)
Additional commits viewable in compare view

Updates checkmarx/kics-github-action from 2.1.13 to 2.1.14

Release notes

Sourced from checkmarx/kics-github-action's releases.

v2.1.14

What's Changed

Update kics to version 2.1.14 by @cx-bruno-silva in Checkmarx/kics-github-action#141

Full Changelog: Checkmarx/kics-github-action@v2.1.13...v2.1.14

Commits

c11ca46 Update kics to version 2.1.14 (#141)
See full diff in compare view

Updates github/codeql-action from 3.29.11 to 3.30.6

Release notes

Sourced from github/codeql-action's releases.

v3.30.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

Update default CodeQL bundle version to 2.23.2. #3168

See the full CHANGELOG.md for more information.

v3.30.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

v3.30.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100

We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107

You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130

Update default CodeQL bundle version to 2.23.1. #3118

See the full CHANGELOG.md for more information.

v3.30.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

CodeQL Action Changelog

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.6 - 02 Oct 2025

Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100

We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107

You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130

Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

Fixed a bug which could cause language autodetection to fail. #3084

Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

... (truncated)

Commits

64d10c1 Merge pull request #3172 from github/update-v3.30.6-10feb5d2a
909610e Update changelog for v3.30.6
10feb5d Merge pull request #3167 from github/mbg/upload-sarif/find-then-filter
4182ea3 Merge pull request #3168 from github/update-bundle/codeql-bundle-v2.23.2
34afe5b Merge pull request #3171 from github/mbg/start-proxy/telemetry
096fe67 Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2
b496401 Merge pull request #3170 from github/mbg/start-proxy/remove-update-workflow
d573787 Report registry types that are configured for CodeQL in start-proxy telemetry
1591680 Send a basic status report in start-proxy Action if it succeeds
cb5a284 Send status report when start-proxy fails
Additional commits viewable in compare view

Updates actions/cache from 4.2.0 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

Add note on runner versions by @GhadimiR in actions/cache#1642

Prepare v4.3.0 release by @Link- in actions/cache#1655

New Contributors

@GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

Update README.md by @nebuk89 in actions/cache#1620

Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in actions/cache#1634

Prepare release 4.2.4 by @Link- in actions/cache#1636

New Contributors

@nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

Update to use @actions/cache 4.0.3 package & prepare for new release by @salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

@salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.2 by @robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

... (truncated)

Commits

0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
4f5ea67 Update licensed cache
9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
3862dcc Add note on runner versions
0400d5f Merge pull request #1636 from actions/Link-/release-4.2.4
374a27f Prepare release 4.2.4
358a730 Merge pull request #1634 from actions/Link-/optimise-deps
2ee706e Fix with another approach
94f7b5d Fix bundle exec
Additional commits viewable in compare view

Updates actions/cache from 4.2.4 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

Add note on runner versions by @GhadimiR in actions/cache#1642

Prepare v4.3.0 release by @Link- in actions/cache#1655

New Contributors

@GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

Update README.md by @nebuk89 in actions/cache#1620

Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in actions/cache#1634

Prepare release 4.2.4 by @Link- in actions/cache#1636

New Contributors

@nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

Update to use @actions/cache 4.0.3 package & prepare for new release by @salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

@salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Bump @actions/cache to v4.0.2 by @robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

... (truncated)

Commits

0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
4f5ea67 Update licensed cache
9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
3862dcc Add note on runner versions
0400d5f Merge pull request #1636 from actions/Link-/release-4.2.4
374a27f Prepare release 4.2.4
358a730 Merge pull request #1634 from actions/Link-/optimise-deps
2ee706e Fix with another approach
94f7b5d Fix bundle exec
Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4.3.1 to 5.0.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

4.3.1 (2025-08-04)

Bug Fixes

update readme to 4.3.1 (#1424) (be2e7ad)

4.3.0 (2025-08-04)

Features

depenency update and feature cleanup (#1414) (59489ba), closes #1062 #1191

Optional environment variable output (c3b3ce6)

Bug Fixes

docs: readme samples versioning (5b3c895)

the wrong example region for China partition in README (37fe9a7)

properly set proxy environment variable (cbea708)

Miscellaneous Chores

release 4.3.0 (3f7c218)

4.2.1 (2025-05-14)

Bug Fixes

ensure explicit inputs take precedence over environment variables (e56e6c4)

... (truncated)

Commits

a03048d chore(main): release 5.0.0 (#1451)
337f510 chore: Fix markdown link formatting in README.md (#1466)
f001d79 chore: update README with versioning (#1465)
cf5f2ac chore: Update dist
b394bdd chore(deps-dev): bump @aws-sdk/credential-provider-env (#1463)
b632c0b chore(deps-dev): bump memfs from 4.38.1 to 4.38.2 (#1462)
978e44a chore: Update dist
c4be498 feat: support account id allowlist (#1456)
c5a43c3 chore: Update dist
8c45f6b feat: add skip OIDC option (#1458)
Additional commits viewable in compare view

Updates Alfresco/alfresco-build-tools from 8.33.0 to 9.3.1

Release notes

Sourced from Alfresco/alfresco-build-tools's releases.

v9.3.1

What's Changed

AAE-35226 Remove useless permissions in reusable workflow by @atchertchian in Alfresco/alfresco-build-tools#1179

Full Changelog: Alfresco/alfresco-build-tools@v9.3.0...v9.3.1

v9.3.0

What's Changed

Enforce version tags for internal action references in Copilot instructions by @Copilot in Alfresco/alfresco-build-tools#1166

build(deps): bump flux to v2.7.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1167

Bump the catch-all group in /.github/actions/docker-build-image with 2 updates by @dependabot[bot] in Alfresco/alfresco-build-tools#1174

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/maven-build in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1176

Bump actions/checkout from 4.3.0 to 5.0.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1171

Bump docker/login-action from 3.5.0 to 3.6.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1169

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/dbp-charts/verify-compose in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1175

build(deps): bump kcadm to 26.4.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1168

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/maven-build-and-tag in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1172

Bump terraform-linters/setup-tflint from 5.0.0 to 6.1.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1170

Bump docker/login-action from 3.5.0 to 3.6.0 in /.github/actions/dbp-charts/verify-helm in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1173

Update copilot-instructions with versioning guidelines by @gionn in Alfresco/alfresco-build-tools#1177

Release script update version references in markdown files by @gionn in Alfresco/alfresco-build-tools#1178

AAE-35226 Add reusable workflow for dependabot flow management by @atchertchian in Alfresco/alfresco-build-tools#1163

Full Changelog: Alfresco/alfresco-build-tools@v9.2.0...v9.3.0

v9.2.0

What's Changed

AAE-38169 Allow controlling the git SHA when creating a gh deployment status by @atchertchian in Alfresco/alfresco-build-tools#1165

Full Changelog: Alfresco/alfresco-build-tools@v9.1.0...v9.2.0

v9.1.0

What's Changed

build(deps): bump updatecli to v0.108.0 by @github-actions[bot] in Alfresco/alfresco-build-tools#1157

build(deps): bump kcadm to 26.3.5 by @github-actions[bot] in Alfresco/alfresco-build-tools#1159

build(deps): bump rancher-cli to v2.12.2 by @github-actions[bot] in Alfresco/alfresco-build-tools#1158

Bump github/codeql-action from 3.30.4 to 3.30.5 in /.github/actions/docker-build-image in the catch-all group by @dependabot[bot] in Alfresco/alfresco-build-tools#1160

Bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.25 to 4.0.0 by @dependabot[bot] in Alfresco/alfresco-build-tools#1161

Add comprehensive GitHub Copilot instructions with version bumping requirements by @Copilot in Alfresco/alfresco-build-tools#1156

OPSEXP-3531 add branch promotion reusable workflow by @gionn in Alfresco/alfresco-build-tools#1162

Full Changelog:

Bumps the github-actions group with 4 updates in the / directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials), [Alfresco/alfresco-build-tools](https://github.com/alfresco/alfresco-build-tools), [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) and [github/codeql-action](https://github.com/github/codeql-action). Bumps the github-actions group with 1 update in the /.github/actions/cache-downloads directory: [actions/cache](https://github.com/actions/cache). Bumps the github-actions group with 1 update in the /.github/actions/galaxy directory: [actions/cache](https://github.com/actions/cache). Bumps the github-actions group with 2 updates in the /.github/actions/molecule_integration_ec2 directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) and [Alfresco/alfresco-build-tools](https://github.com/alfresco/alfresco-build-tools). Bumps the github-actions group with 1 update in the /.github/actions/setup-python directory: [actions/setup-python](https://github.com/actions/setup-python). Updates `aws-actions/configure-aws-credentials` from 4.3.1 to 5.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@7474bc4...a03048d) Updates `Alfresco/alfresco-build-tools` from 8.33.0 to 9.3.1 - [Release notes](https://github.com/alfresco/alfresco-build-tools/releases) - [Commits](Alfresco/alfresco-build-tools@v8.33.0...v9.3.1) Updates `checkmarx/kics-github-action` from 2.1.13 to 2.1.14 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@7145454...c11ca46) Updates `github/codeql-action` from 3.29.11 to 3.30.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3c3833e...64d10c1) Updates `actions/cache` from 4.2.0 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...0057852) Updates `actions/cache` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@1bd1e32...0057852) Updates `aws-actions/configure-aws-credentials` from 4.3.1 to 5.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@7474bc4...a03048d) Updates `Alfresco/alfresco-build-tools` from 8.33.0 to 9.3.1 - [Release notes](https://github.com/alfresco/alfresco-build-tools/releases) - [Commits](Alfresco/alfresco-build-tools@v8.33.0...v9.3.1) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...e797f83) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: Alfresco/alfresco-build-tools dependency-version: 9.3.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: checkmarx/kics-github-action dependency-version: 2.1.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 3.30.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: Alfresco/alfresco-build-tools dependency-version: 9.3.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

.github/workflows/community.yml

.github/workflows/docker.yml

.github/workflows/enteprise.yml

.github/workflows/kics.yml

.github/workflows/mirror-libreoffice.yml

.github/workflows/precommit.yml

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 6, 2025

gionn reviewed Oct 6, 2025

View reviewed changes

Apply suggestions from code review

69c8a08

gionn approved these changes Oct 6, 2025

View reviewed changes

gionn merged commit 3ea504a into master Oct 7, 2025
63 checks passed

gionn deleted the dependabot/github_actions/github-actions-9618d856a7 branch October 7, 2025 07:25

This was referenced Oct 7, 2025

AAE-35226 Use reusable workflow for PR check Activiti/Activiti#5166

Merged

Local actions in .github/actions/ are not checked dependabot/dependabot-core#6345

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the github-actions group across 5 directories with 6 updates #1284

Bump the github-actions group across 5 directories with 6 updates #1284

Uh oh!

dependabot bot commented on behalf of github Oct 6, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the github-actions group across 5 directories with 6 updates #1284

Bump the github-actions group across 5 directories with 6 updates #1284

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 6, 2025

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

Changelog

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

4.3.1 (2025-08-04)

Bug Fixes

4.3.0 (2025-08-04)

Features

Bug Fixes

Miscellaneous Chores

4.2.1 (2025-05-14)

Bug Fixes

v9.3.1

What's Changed

v9.3.0

What's Changed

v9.2.0

What's Changed

v9.1.0

What's Changed

v9.0.1

What's Changed

v2.1.14

What's Changed

v3.30.6

CodeQL Action Changelog

3.30.6 - 02 Oct 2025

v3.30.5

CodeQL Action Changelog

3.30.5 - 26 Sep 2025

v3.30.4

CodeQL Action Changelog

3.30.4 - 25 Sep 2025

v3.30.3

CodeQL Action Changelog

3.30.3 - 10 Sep 2025

v3.30.2

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

3.30.6 - 02 Oct 2025

3.30.5 - 26 Sep 2025

3.30.4 - 25 Sep 2025

3.30.3 - 10 Sep 2025

3.30.2 - 09 Sep 2025

3.30.1 - 05 Sep 2025

3.30.0 - 01 Sep 2025

3.29.11 - 21 Aug 2025

3.29.10 - 18 Aug 2025

3.29.9 - 12 Aug 2025

v4.3.0

What's Changed

New Contributors

v4.2.4

What's Changed

New Contributors

v4.2.3

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

Releases

4.3.0

4.2.4

4.2.3

4.2.2

4.2.1

4.2.0

4.1.2