GoogleCloudPlatform
deps: Update dependencies for github (major)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | major | v4.3.0 -> v6.0.0 |
| actions/setup-go | action | major | v5.5.0 -> v6.1.0 |
| actions/upload-artifact | action | major | v4.6.2 -> v5.0.0 |
| github/codeql-action | action | major | v3.30.9 -> v4.31.4 |
| google-github-actions/auth | action | major | v2.1.13 -> v3.0.0 |
| google-github-actions/get-secretmanager-secrets | action | major | v2.2.5 -> v3.0.0 |
Release Notes
actions/checkout (actions/checkout)
v6.0.0
v5.0.1
What's Changed
- Port v6 cleanup to v5 by @ericsciple in #2301
Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1
v5.0.0
What's Changed
- Update actions checkout to use node 24 by @salmanmkc in #2226
- Prepare v5.0.0 release by @salmanmkc in #2238
⚠️ Minimum Compatible Runner Version
v2.327.1
Release Notes
Make sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0
v4.3.1
What's Changed
- Port v6 cleanup to v4 by @ericsciple in #2305
Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.1
actions/setup-go (actions/setup-go)
v6.1.0
What's Changed
Enhancements
- Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in #665
- Add support for .tool-versions file and update workflow by @priya-kinthali in #673
- Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in #674
Dependency updates
- Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in #617
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #641
- Upgrade semver and @types/semver by @dependabot in #652
New Contributors
- @nicholasngai made their first contribution in #665
- @priya-kinthali made their first contribution in #673
- @mahabaleshwars made their first contribution in #674
Full Changelog: https://github.com/actions/setup-go/compare/v6...v6.1.0
v6.0.0
What's Changed
Breaking Changes
- Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in #460
- Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in #624
Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in #589
- Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in #591
- Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in #590
- Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in #594
- Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in #538
- Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in #603
- Upgrade
form-datato bring in fix for critical vulnerability by @matthewhughes934 in #618 - Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #631
New Contributors
- @matthewhughes934 made their first contribution in #618
- @salmanmkc made their first contribution in #624
Full Changelog: https://github.com/actions/setup-go/compare/v5...v6.0.0
github/codeql-action (github/codeql-action)
v4.31.4
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
See the full CHANGELOG.md for more information.
v4.31.2
v4.31.1
v4.31.0
v4.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
See the full CHANGELOG.md for more information.
v4.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.30.7
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.7 - 06 Oct 2025
- [v4+ only] The CodeQL Action now runs on Node.js v24. #3169
See the full CHANGELOG.md for more information.
v3.31.4
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
See the full CHANGELOG.md for more information.
v3.31.2
v3.31.1
v3.31.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222
See the full CHANGELOG.md for more information.
google-github-actions/auth (google-github-actions/auth)
v3.0.0
What's Changed
- Bump to Node 24 and remove old parameters by @sethvargo in #508
- Remove hacky script by @sethvargo in #509
- Release: v3.0.0 by @google-github-actions-bot in #510
Full Changelog: https://github.com/google-github-actions/auth/compare/v2...v3.0.0
google-github-actions/get-secretmanager-secrets (google-github-actions/get-secretmanager-secrets)
v3.0.0
What's Changed
- Bump to Node 24 by @sethvargo in #324
- Release: v3.0.0 by @google-github-actions-bot in #325
Full Changelog: https://github.com/google-github-actions/get-secretmanager-secrets/compare/v2...v3.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
I don't think we can do this major version upgrade of golangci lint right now. We would need to significantly rewrite our lint rules.
