GoogleCloudPlatform
deps: Update dependencies for github (major)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-node | action | major | v4.4.0 -> v6.0.0 |
| actions/upload-artifact | action | major | v4.6.2 -> v5.0.0 |
| github/codeql-action | action | major | v3.29.9 -> v4.31.3 |
| google-github-actions/auth | action | major | v2.1.12 -> v3.0.0 |
| google-github-actions/get-secretmanager-secrets | action | major | v2.2.4 -> v3.0.0 |
| node | uses-with | major | 22 -> 24 |
Release Notes
actions/setup-node (actions/setup-node)
v6.0.0
What's Changed
Breaking Changes
- Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in #1374
Dependency Upgrades
- Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336
- Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362
Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0
v5.0.0
What's Changed
Breaking Changes
- Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in #1348
This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
package-manager-cache: false
- Upgrade action to use node24 by @salmanmkc in #1325
Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in #1227
- Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in #1273
- Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in #1295
- Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in #1332
- Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #1345
New Contributors
- @priya-kinthali made their first contribution in #1348
- @salmanmkc made their first contribution in #1325
Full Changelog: https://github.com/actions/setup-node/compare/v4...v5.0.0
github/codeql-action (github/codeql-action)
v4.31.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
See the full CHANGELOG.md for more information.
v4.31.2
v4.31.1
v4.31.0
v4.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
See the full CHANGELOG.md for more information.
v4.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.30.7
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.7 - 06 Oct 2025
- [v4+ only] The CodeQL Action now runs on Node.js v24. #3169
See the full CHANGELOG.md for more information.
v3.31.3
v3.31.2
v3.31.1
v3.31.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222
See the full CHANGELOG.md for more information.
v3.30.9
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
See the full CHANGELOG.md for more information.
v3.30.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.7
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.7 - 06 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.6
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2. #3168
See the full CHANGELOG.md for more information.
v3.30.5
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.5 - 26 Sep 2025
- We fixed a bug that was introduced in
3.30.4withupload-sarifwhich resulted in files without a.sarifextension not getting uploaded. #3160
See the full CHANGELOG.md for more information.
v3.30.4
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.4 - 25 Sep 2025
- We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the
codeql-action/initstep if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of thecodeql-action/initstep. #3099 and #3100 - We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
- You can now run the latest CodeQL nightly bundle by passing
tools: nightlyto theinitaction. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130 - Update default CodeQL bundle version to 2.23.1. #3118
See the full CHANGELOG.md for more information.
v3.30.3
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.3 - 10 Sep 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.2
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.2 - 09 Sep 2025
- Fixed a bug which could cause language autodetection to fail. #3084
- Experimental: The
quality-queriesinput that was added in3.29.2as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a newanalysis-kindsinput, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064
See the full CHANGELOG.md for more information.
v3.30.1
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.1 - 05 Sep 2025
- Update default CodeQL bundle version to 2.23.0. #3077
See the full CHANGELOG.md for more information.
v3.30.0
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.0 - 01 Sep 2025
- Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054
See the full CHANGELOG.md for more information.
v3.29.11
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.29.11 - 21 Aug 2025
- Update default CodeQL bundle version to 2.22.4. #3044
See the full CHANGELOG.md for more information.
v3.29.10
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.29.10 - 18 Aug 2025
No user facing changes.
See the full CHANGELOG.md for more information.
google-github-actions/auth (google-github-actions/auth)
v3.0.0
What's Changed
- Bump to Node 24 and remove old parameters by @sethvargo in #508
- Remove hacky script by @sethvargo in #509
- Release: v3.0.0 by @google-github-actions-bot in #510
Full Changelog: https://github.com/google-github-actions/auth/compare/v2...v3.0.0
v2.1.13
What's Changed
- Update deps by @sethvargo in #506
- Release: v2.1.13 by @google-github-actions-bot in #507
Full Changelog: https://github.com/google-github-actions/auth/compare/v2.1.12...v2.1.13
google-github-actions/get-secretmanager-secrets (google-github-actions/get-secretmanager-secrets)
v3.0.0
What's Changed
- Bump to Node 24 by @sethvargo in #324
- Release: v3.0.0 by @google-github-actions-bot in #325
Full Changelog: https://github.com/google-github-actions/get-secretmanager-secrets/compare/v2...v3.0.0
v2.2.5
What's Changed
- Update deps by @sethvargo in #322
- Release: v2.2.5 by @google-github-actions-bot in #323
Full Changelog: https://github.com/google-github-actions/get-secretmanager-secrets/compare/v2.2.4...v2.2.5
actions/node-versions (node)
v24.11.1: 24.11.1
Node.js 24.11.1
v24.11.0: 24.11.0
Node.js 24.11.0
v24.10.0: 24.10.0
Node.js 24.10.0
v24.9.0: 24.9.0
Node.js 24.9.0
v24.8.0: 24.8.0
Node.js 24.8.0
v24.7.0: 24.7.0
Node.js 24.7.0
v24.6.0: 24.6.0
Node.js 24.6.0
v24.5.0: 24.5.0
Node.js 24.5.0
v24.4.1: 24.4.1
Node.js 24.4.1
v24.4.0: 24.4.0
Node.js 24.4.0
v24.3.0: 24.3.0
Node.js 24.3.0
v24.2.0: 24.2.0
Node.js 24.2.0
v24.1.0: 24.1.0
Node.js 24.1.0
v24.0.2: 24.0.2
Node.js 24.0.2
v24.0.1: 24.0.1
Node.js 24.0.1
v24.0.0: 24.0.0
Node.js 24.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
