Bump the all group across 1 directory with 4 updates

[dependabot]

Bumps the all group with 4 updates in the / directory: actions/cache, actions/create-github-app-token, marocchino/sticky-pull-request-comment and rojopolis/spellcheck-github-actions.

Updates actions/cache from 5.0.3 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

• feat!: node 24 support (#275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

• f8d387b build(release): 3.0.0 [skip ci]
• d2129bd style: remove extra blank line in release workflow
• 77b94ef build: refresh generated artifacts
• 3ab4c66 chore: move undici to devDependencies
• 739cf66 docs: update README action versions
• db40289 build(deps): bump actions versions in test.yml
• 496a7ac test: migrate from AVA to Node.js native test runner (#346)
• 3870dc3 Rename end-to-end proxy job in test workflow
• 4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
• dce0ab0 fix: remove custom proxy handling (#143)
• Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.2

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.2

What's Changed

• Add comprehensive tests for main.ts covering all branches by @​Copilot in marocchino/sticky-pull-request-comment#1660
• Don't create a comment with hide: true by @​marocchino in marocchino/sticky-pull-request-comment#1661

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.1...v3.0.2

v3.0.1

What's Changed

• Update deps
• Change build system from ncc to rollup
• Use pull_request trigger in github action

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.0...v3.0.1

v3.0.0

What's Changed

• Update node to 24
• Update deps

New Contributors

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.4...v3.0.0

Commits

• 70d2764 📦️ Build
• 308b2fd Don't create a comment with hide: true (#1661)
• 3bbec31 Add comprehensive tests for main.ts covering all branches (#1660)
• aaf6178 🔖 Version bump (#1658)
• 7d67ef6 👷 Use pull_request
• 1ed3d7b ⬆️ Update deps
• 46a16ec build(deps-dev): Bump @​types/node from 24.5.2 to 25.0.3 (#1646)
• 0a36b9e build(deps): Bump @​actions/core from 1.11.1 to 2.0.2 (#1649)
• 74297c9 build(deps-dev): Bump @​vercel/ncc from 0.38.3 to 0.38.4 (#1592)
• e736d73 📦️ Build
• Additional commits viewable in compare view

Updates rojopolis/spellcheck-github-actions from 0.59.0 to 0.60.0

Release notes

Sourced from rojopolis/spellcheck-github-actions's releases.

0.60.0

What's Changed

• Bump rojopolis/spellcheck-github-actions from 0.58.0 to 0.59.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#327
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#326
• Bump docker/metadata-action from 5.10.0 to 6.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#332
• Bump docker/login-action from 3.7.0 to 4.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#333
• Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#329
• Bump docker/build-push-action from 6.19.2 to 7.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#330
• Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#331
• Bump python from 486b809 to 6a27522 by @​dependabot[bot] in rojopolis/spellcheck-github-actions#325
• More correct error message, issue #328 by @​jonasbn in rojopolis/spellcheck-github-actions#334
• Preparing release 0.60.0 by @​jonasbn in rojopolis/spellcheck-github-actions#335

Full Changelog: rojopolis/spellcheck-github-actions@0.59.0...0.60.0

Changelog

Sourced from rojopolis/spellcheck-github-actions's changelog.

Change Log for spellcheck-github-actions

0.60, 2026-03-14, minor feature release, update not required

• Docker based image updated for Python 3.14.3 slim trixie via PR #325 from Dependabot.

• Cleaned up the error messaging, to address issue #328 from @​akohout-hai, the error message is now more correct, but not improved in general

0.59.0, 2026-03-02, feature release, update recommended

• Improvements have been added to the docker entrypoint, based on a PR from @​akohout-hai which fixes an issue with handling of spaces in files names and directories, see PR #322 for details. This is his first contribution to the project and I want to thank him for his contribution, which is highly appreciated.

• Docker based image updated to Python 3.14.3 slim trixie via PR #320 from Dependabot.

0.58.0, 2026-01-20, security release, update not required

• A minor security issue in the dependency: pymdown-extensions, which is used by the core component PySpelling
  • GHSA-r6h4-mm7h-8pmq
  • Original issue: facelessuser/pymdown-extensions#2716

0.57.0, 2026-01-14, maintenance release, update not required

• Docker based image updated to Python 3.14.2 slim trixie via PR #310 from Dependabot. The version is the same, the image has had updates.

0.56.0, 2025-12-27, feature and maintenance release, update not required

• Support for Portuguese (Portugal and Brazil) for both Hunspell and Aspell, requested by: @​mdiazgoncalves via issue #298
• Docker image updated to Python 3.14.2 trixie slim Release notes for Python 3.14.2

0.55.0, 2025-11-27, maintenance release, update not required

• Via an issue #293 from @​shoverbj, an update to the core component PySpelling from version 2.12.0 to version 2.12.1 was made, this allows for use of large dictionaries with Aspell

0.54.0, 2025-11-05, feature release, update not required

• PySpelling the core component has been updated to version 2.12.0, which introduces support for maximum available cores. The feature is described in the release notes for PySpelling 2.12.0. See the documentation for PySpelling.

• The flag was introduced with release 2.10 of PySpelling, which was adopted in release 0.36.0 of this action.

0.53.0, 2025-10-25, maintenance release, update not required

• Docker image updated to Python 3.14.0 trixie slim Release notes for Python 3.14.0, this originated from the PR mentioned below, however updated to Trixie from Bookworm and as always the slim variant is used

• Bumped the requirement for cython to 3.0.11 or above, addressing a build issue with lxml, located when testing the PR : #274 from @​dependabot, the above update of Python

• In general the Docker build file had a few updates since the above changes required some tweaking of the Dockerfile

  • Order of installation of dependencies adjusted to ensure that lxml can build correctly
  • Installation of:
    • build-essential
    • pkg-config

... (truncated)

Commits

• e3cd8e9 Merge pull request #335 from rojopolis/release_candidate_0.60.0
• 1d3820d Preparing release 0.60.0
• bafc7d3 More correct error message, issue #328 (#334)
• df486cb Added update of Docker base image
• 6d6eb52 Bump python from 486b809 to 6a27522 (#325)
• 631e4a7 Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#331)
• ebefb9d Bump docker/build-push-action from 6.19.2 to 7.0.0 (#330)
• b3b2580 Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#329)
• dc29b58 Bump docker/login-action from 3.7.0 to 4.0.0 (#333)
• 5d55413 Bump docker/metadata-action from 5.10.0 to 6.0.0 (#332)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Static Web App Preview

Environment	Deployment
pr84	View workflow run

Deployed from commit 94afbed9dbaac858724115e50e86baa8a8162fc2 via the publisher workflow.