Skip to content

Bump the actions group across 1 directory with 2 updates#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-debadda92a
Open

Bump the actions group across 1 directory with 2 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-debadda92a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the actions group with 2 updates in the / directory: actions-rust-lang/setup-rust-toolchain and sigstore/cosign-installer.

Updates actions-rust-lang/setup-rust-toolchain from 1.10.1 to 1.16.1

Release notes

Sourced from actions-rust-lang/setup-rust-toolchain's releases.

v1.16.1

What's Changed

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.16.0...v1.16.1

v1.16.0

What's Changed

New Contributors

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.4...v1.16.0

v1.15.4

What's Changed

New Contributors

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.3...v1.15.4

v1.15.3

What's Changed

New Contributors

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.2...v1.15.3

v1.15.2

Fix: Run the version detection steps in the selected rust-src-dir directory. This should enable the version selection even without a default toolchain installed. Fixes #74.

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.1...v1.15.2

v1.15.1

What's Changed

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.0...v1.15.1

... (truncated)

Changelog

Sourced from actions-rust-lang/setup-rust-toolchain's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.16.1] - 2026-05-08

  • Renamed internally used variable to avoid clashes with globally existing variables. This fixes the interference of the TOOLCHAIN variable as reported in #91.

[1.16.0] - 2026-04-13

  • Add new parameter cache-save-if that is propagated to Swatinem/rust-cache as save-if (#90 by @​ChanTsune)

[1.15.4] - 2026-03-15

  • Bump Swatinem/rust-cache from 2.8.2 to 2.9.1 (#87 by @​hyperfinitism) This gets rid of the warnings about Node.js 20.

[1.15.3] - 2026-03-01

  • Bump Swatinem/rust-cache from 2.8.1 to 2.8.2

[1.15.2] - 2025-10-04

  • Fix: Run the version detection steps in the selected rust-src-dir directory. This should enable the version selection even without a default toolchain installed. Fixes #74.

[1.15.1] - 2025-09-23

  • Update Swatinem/rust-cache to v2.8.1

[1.15.0] - 2025-09-14

  • Add support for non-root source directory. Accept source code and rust-toolchain.toml file in subdirectories of the repository. Adds a new parameter rust-src-dir that controls the lookup for toolchain files and sets a default value for the cache-workspace input. (#69 by @​Kubaryt)

[1.14.1] - 2025-08-28

[1.14.0] - 2025-08-23

  • Add new parameters cache-all-crates and cache-workspace-crates that are propagated to Swatinem/rust-cache as cache-all-crates and cache-workspace-crates

... (truncated)

Commits
  • 46268bd Merge pull request #92 from actions-rust-lang/rename-local-variables
  • 826365c Update changelog
  • 4f937ac Rename local variables to avoid conflicts with global variables
  • 2b1f5e9 Update CHANGELOG for version 1.16.0
  • 9030f3d Merge pull request #90 from ChanTsune/feat/cache-save-if
  • 186b99e feat: add cache-save-if input to propagate save-if to Swatinem/rust-cache
  • d197c15 Merge pull request #88 from ryuapp/chore/update-chekcout-v6-on-readme
  • fa057b4 Update actions/checkout to v6 on README
  • 150fca8 Update CHANGELOG for version 1.15.4
  • aa63f57 Merge pull request #87 from hyperfinitism/deps/bump-rust-cache
  • Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.10.0 to 4.1.2

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.2

What's Changed

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)
Commits

@dependabot @github

dependabot Bot commented on behalf of github Jun 7, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
Bump the actions group across 1 directory with 2 updates
b30f617 
Bumps the actions group with 2 updates in the / directory: [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).


Updates `actions-rust-lang/setup-rust-toolchain` from 1.10.1 to 1.16.1
- [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases)
- [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md)
- [Commits](actions-rust-lang/setup-rust-toolchain@11df97a...46268bd)

Updates `sigstore/cosign-installer` from 3.10.0 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@d7543c9...6f9f177)

---
updated-dependencies:
- dependency-name: actions-rust-lang/setup-rust-toolchain
  dependency-version: 1.16.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the actions group with 2 updates Bump the actions group across 1 directory with 2 updates Jun 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-debadda92a branch from 813781e to b30f617 Compare June 8, 2026 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants