Bump the github-actions group across 1 directory with 5 updates by dependabot[bot] · Pull Request #82 · conda/schemas

dependabot · 2025-10-01T23:19:04Z

Bumps the github-actions group with 5 updates in the /.github/workflows directory:

Package	From	To
conda/actions	`25.3.1`	`25.9.2`
actions/checkout	`4.2.2`	`5.0.0`
actions/setup-python	`5.6.0`	`6.0.0`
actions/upload-pages-artifact	`3.0.1`	`4.0.0`
actions/stale	`9.1.0`	`10.0.0`

Updates conda/actions from 25.3.1 to 25.9.2

Release notes

Sourced from conda/actions's releases.

v25.9.2

What's Changed

Remove anaconda-auth and update anaconda-client installation by @jezdez in conda/actions#332

Full Changelog: conda/actions@v25.9.1...v25.9.2

v25.9.1

What's Changed

Bump the workflows group in /.github/workflows with 3 updates by @dependabot[bot] in conda/actions#323

Bump actions/github-script from 7.0.1 to 8.0.0 in /set-commit-status by @dependabot[bot] in conda/actions#322

Bump actions/github-script from 7.0.1 to 8.0.0 in /read-yaml by @dependabot[bot] in conda/actions#321

Bump actions/setup-node from 4.4.0 to 5.0.0 in /read-yaml by @dependabot[bot] in conda/actions#320

Bump actions/github-script from 7.0.1 to 8.0.0 in /check-cla by @dependabot[bot] in conda/actions#319

🤖 Update infrastructure file(s) by @conda-bot in conda/actions#328

Update anaconda-client version and environment variable by @jezdez in conda/actions#329

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#327

Bump conda/actions from 25.3.1 to 25.9.0 in /check-cla by @dependabot[bot] in conda/actions#325

Bump conda/actions from 25.3.1 to 25.9.0 in /.github/workflows in the workflows group by @dependabot[bot] in conda/actions#326

Full Changelog: conda/actions@v25.9.0...v25.9.1

v25.9.0

What's Changed

Bump actions/setup-node from 4.2.0 to 4.3.0 in /read-yaml by @dependabot[bot] in conda/actions#282

🤖 Update infrastructure file(s) by @conda-bot in conda/actions#285

Bump conda/actions from 25.3.0 to 25.3.1 in /check-cla by @dependabot[bot] in conda/actions#281

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#284

Bump actions/cache from 4.2.2 to 4.2.3 in /.github/workflows in the workflows group across 1 directory by @dependabot[bot] in conda/actions#287

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#288

Bump marocchino/sticky-pull-request-comment from 2.9.1 to 2.9.2 in /check-cla by @dependabot[bot] in conda/actions#292

🤖 Update infrastructure file(s) by @conda-bot in conda/actions#291

Bump the workflows group across 1 directory with 2 updates by @dependabot[bot] in conda/actions#293

Bump actions/setup-node from 4.3.0 to 4.4.0 in /read-yaml by @dependabot[bot] in conda/actions#294

Bump marocchino/sticky-pull-request-comment from 2.9.1 to 2.9.2 in /canary-release by @dependabot[bot] in conda/actions#295

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#290

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#297

Bump marocchino/sticky-pull-request-comment from 2.9.2 to 2.9.4 in /canary-release by @dependabot[bot] in conda/actions#308

Bump the workflows group across 1 directory with 5 updates by @dependabot[bot] in conda/actions#309

Bump marocchino/sticky-pull-request-comment from 2.9.2 to 2.9.4 in /check-cla by @dependabot[bot] in conda/actions#307

Bump requests from 2.32.3 to 2.32.4 by @dependabot[bot] in conda/actions#302

Bump requests from 2.32.3 to 2.32.4 in /read-file in the pip group across 1 directory by @dependabot[bot] in conda/actions#301

Bump conda-incubator/setup-miniconda from 3.1.1 to 3.2.0 in /canary-release by @dependabot[bot] in conda/actions#300

Allow conditional uploads in canary releases by @jaimergp in conda/actions#306

🤖 Update infrastructure file(s) by @conda-bot in conda/actions#310

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#298

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in conda/actions#313

Bump actions/checkout from 4.3.0 to 5.0.0 in /.github/workflows in the workflows group by @dependabot[bot] in conda/actions#312

Bump actions/checkout from 4.2.2 to 5.0.0 in /check-cla by @dependabot[bot] in conda/actions#311

... (truncated)

Commits

f05161c Remove anaconda-auth and update anaconda-client installation (#332)
ba6881e Bump conda/actions in /.github/workflows in the workflows group (#326)
55f54ea Bump conda/actions from 25.3.1 to 25.9.0 in /check-cla (#325)
73c57bb [pre-commit.ci] pre-commit autoupdate (#327)
eb13490 Update anaconda-client version and environment variable (#329)
b574435 🤖 updated file(s) (#328)
4e5a1f7 Bump actions/github-script from 7.0.1 to 8.0.0 in /check-cla (#319)
fefde1e Bump actions/setup-node from 4.4.0 to 5.0.0 in /read-yaml (#320)
36f0b3e Bump actions/github-script from 7.0.1 to 8.0.0 in /read-yaml (#321)
6f6cc40 Bump actions/github-script from 7.0.1 to 8.0.0 in /set-commit-status (#322)
Additional commits viewable in compare view

Updates actions/checkout from 4.2.2 to 5.0.0

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
08eba0b Prepare release v4.3.0 (#2237)
631c7dc Update package dependencies (#2236)
8edcb1b Update CODEOWNERS for actions (#2224)
09d2aca Update README.md (#2194)
85e6279 Adjust positioning of user email note and permissions heading (#2044)
009b9ae Documentation update - add recommended permissions to Readme (#2043)
cbb7224 Update README.md (#1977)
3b9b8c8 docs: update README.md (#1971)
See full diff in compare view

Updates actions/setup-python from 5.6.0 to 6.0.0

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3.0.1 to 4.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation

Pin actions/upload-artifact to SHA by @heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

Commits

7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
4cc19c7 Pin actions/upload-artifact to SHA
2d163be Merge pull request #107 from KittyChiu/main
c704843 fix: linted README
9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
e59cdfe Update README.md
a2d6704 doc: updated usage section in readme
984864e Merge pull request #105 from actions/Jcambass-patch-1
45dc788 Add workflow file for publishing releases to immutable action package
efaad07 Merge pull request #102 from actions/hidden-files
Additional commits viewable in compare view

Updates actions/stale from 9.1.0 to 10.0.0

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/stale#1279 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Enhancement

Introducing sort-by option by @suyashgaonkar in actions/stale#1254

Dependency Upgrades

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in actions/stale#1186

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/stale#1201

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/stale#1226

Upgrade @action/cache from 4.0.2 to 4.0.3 by @suyashgaonkar in actions/stale#1233

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/stale#1251

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/stale#1277

Documentation changes

Changelog update for recent releases by @suyashgaonkar in actions/stale#1224

Permissions update in Readme by @ghadimir in actions/stale#1248

New Contributors

@suyashgaonkar made their first contribution in actions/stale#1224

@GhadimiR made their first contribution in actions/stale#1248

@gowridurgad made their first contribution in actions/stale#1277

@salmanmkc made their first contribution in actions/stale#1279

Full Changelog: actions/stale@v9...v10.0.0

Commits

3a9db7e Upgrade to node 24 (#1279)
8f717f0 Bumps form-data (#1277)
a92fd57 build(deps): bump undici from 5.28.5 to 5.29.0 (#1251)
128b2c8 Introducing sort-by option (#1254)
f78de97 Update README.md (#1248)
816d9db Upgrade @action/cache from 4.0.2 to 4.0.3 (#1233)
ba23c1c upgrade actions/cache from 4.0.0 to 4.0.2 (#1226)
a65e88a build(deps): bump undici from 5.28.4 to 5.28.5 (#1201)
d4df79c Updates to CHANGELOG.MD for recent releases (#1224)
ee7ef89 build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1186)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 5 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [conda/actions](https://github.com/conda/actions) | `25.3.1` | `25.9.2` | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `5.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `4.0.0` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0` | Updates `conda/actions` from 25.3.1 to 25.9.2 - [Release notes](https://github.com/conda/actions/releases) - [Commits](conda/actions@eb545bb...f05161c) Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.2.2...08c6903) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...e797f83) Updates `actions/upload-pages-artifact` from 3.0.1 to 4.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@56afc60...7b1f4a7) Updates `actions/stale` from 9.1.0 to 10.0.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5bef64f...3a9db7e) --- updated-dependencies: - dependency-name: conda/actions dependency-version: 25.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-pages-artifact dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-11-01T23:17:03Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies [bot] PRs that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2025

conda-bot added this to 🔎 Review Oct 1, 2025

github-project-automation Bot moved this to 🆕 New in 🔎 Review Oct 1, 2025

conda-bot added the cla-signed [bot] added once the contributor has signed the CLA label Oct 1, 2025

dependabot Bot closed this Nov 1, 2025

dependabot Bot deleted the dependabot/github_actions/dot-github/workflows/github-actions-ae5332270c branch November 1, 2025 23:17

github-project-automation Bot moved this from 🆕 New to 🏁 Done in 🔎 Review Nov 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 5 updates#82

Bump the github-actions group across 1 directory with 5 updates#82
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-ae5332270c

dependabot Bot commented on behalf of github Oct 1, 2025 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Oct 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v25.9.2

What's Changed

v25.9.1

What's Changed

v25.9.0

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v4.0.0

What's Changed

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Uh oh!

dependabot Bot commented on behalf of github Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Oct 1, 2025 •

edited

Loading