Skip to content

chore(deps): bump the github-actions group across 1 directory with 3 updates#199

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a23f993541
Open

chore(deps): bump the github-actions group across 1 directory with 3 updates#199
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a23f993541

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the github-actions group with 3 updates in the / directory: github/gh-aw, taiki-e/install-action and sigstore/cosign-installer.

Updates github/gh-aw from 0.61.2 to 0.65.0

Release notes

Sourced from github/gh-aw's releases.

v0.64.4

🌟 Release Highlights

This release delivers safe-output tooling improvements, sibling import resolution, and enhanced runner flexibility — driven largely by community feedback from @j-srodka.

✨ What's New

  • runs-on-slim for compile-stable jobs — Override the runner for compile-stable framework jobs using the new runs-on-slim key, giving you precise control over job execution environments (#23490)
  • Compile-time validation of safe-output job ordering — The compiler now validates needs: ordering on custom safe-output jobs at compile time, catching dependency misconfigurations before they reach runtime (#23486)
  • DIFC proxy feature flag — The new difc-proxy feature flag gates DIFC proxy emission, enabling opt-in integrity enforcement for supported environments (#23471)

🐛 Bug Fixes & Improvements

  • Sibling nested imports resolved correctly./file.md imports now resolve relative to the parent file's directory, fixing broken modular workflow imports (#23475)
  • Custom tools included in <safe-output-tools> prompt — Custom jobs, scripts, and actions are now surfaced in the <safe-output-tools> prompt block so agents are aware of all available safe-output mechanisms (#23487)
  • Repo-memory concurrency scope tightened — Push concurrency keys are now scoped to the actual branch target, eliminating unnecessary serialization across unrelated branches (#23489)
  • MCP error message clarity — Docker-unavailable error messages now use correct parameter syntax for MCP compatibility (#23515)

📚 Documentation

  • MemoryOps guide streamlined for better readability (#23506)
  • Broken anchor link in safe-outputs specification fixed (#23474)

🌍 Community Contributions

@j-srodka

For complete details, see CHANGELOG.

Generated by Release

What's Changed

... (truncated)

Commits
  • 89ae1c2 Fix argument injection in npm/pip/docker package validators (#23374)
  • eefc97d Bump MCP gateway default version to v0.2.8 (#23372)
  • 4549e7b Fix DIFC proxy GH_HOST mismatch for user-defined setup steps (#23367)
  • 531594a Security: exclude all secret-bearing env vars from agent container via AWF --...
  • 8f8f67b Apply DIFC integrity filtering to the main agent job (post-activation only) (...
  • 0962ba0 fix: propagate assign-to-agent failure to status comment (#23362)
  • 89bb63b Add item_type, item_number, and comment_id to aw_context for current item res...
  • 4abbaff refactor: semantic function clustering — consolidate, move, rename, and split...
  • 06e7339 Apply progressive disclosure to agent failure issues (#23361)
  • 21e679c Fix update-discussion API error logging for explicit discussion_number (#23340)
  • Additional commits viewable in compare view

Updates taiki-e/install-action from 2.68.36 to 2.70.2

Release notes

Sourced from taiki-e/install-action's releases.

2.70.2

  • Update vacuum@latest to 0.25.3.

  • Update tombi@latest to 0.9.11.

2.70.1

  • Update cargo-insta@latest to 1.47.1.

  • Update cargo-binstall@latest to 1.17.9.

  • Update tombi@latest to 0.9.10.

2.70.0

  • Install uv, uvw (Windows-only), and uvx binaries when installing uv. Previously, only uv binary was installed. (#1632)

2.69.14

  • Update just@latest to 1.48.1.

  • Update wasm-bindgen@latest to 0.2.115.

2.69.13

  • Update mise@latest to 2026.3.17.

  • Update cargo-insta@latest to 1.47.0.

2.69.12

  • Update uv@latest to 0.11.2.

2.69.11

  • Update dprint@latest to 0.53.1.

  • Update mise@latest to 2026.3.16.

2.69.10

  • Update biome@latest to 2.4.9.

  • Update mise@latest to 2026.3.15.

2.69.9

  • Update uv@latest to 0.11.1.

  • Update osv-scanner@latest to 2.3.5.

  • Update mise@latest to 2026.3.14.

2.69.8

  • Update just@latest to 1.48.0.

  • Update uv@latest to 0.11.0.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.70.2] - 2026-03-30

  • Update vacuum@latest to 0.25.3.

  • Update tombi@latest to 0.9.11.

[2.70.1] - 2026-03-29

  • Update cargo-insta@latest to 1.47.1.

  • Update cargo-binstall@latest to 1.17.9.

  • Update tombi@latest to 0.9.10.

[2.70.0] - 2026-03-28

  • Install uv, uvw (Windows-only), and uvx binaries when installing uv. Previously, only uv binary was installed. (#1632)

[2.69.14] - 2026-03-28

  • Update just@latest to 1.48.1.

  • Update wasm-bindgen@latest to 0.2.115.

[2.69.13] - 2026-03-27

  • Update mise@latest to 2026.3.17.

  • Update cargo-insta@latest to 1.47.0.

[2.69.12] - 2026-03-27

  • Update uv@latest to 0.11.2.

[2.69.11] - 2026-03-26

  • Update dprint@latest to 0.53.1.

... (truncated)

Commits

Updates sigstore/cosign-installer from 4.1.0 to 4.1.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the github-actions group across 1 directory with 3 …
5fb3a0d 
…updates

Bumps the github-actions group with 3 updates in the / directory: [github/gh-aw](https://github.com/github/gh-aw), [taiki-e/install-action](https://github.com/taiki-e/install-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer).


Updates `github/gh-aw` from 0.61.2 to 0.65.0
- [Release notes](https://github.com/github/gh-aw/releases)
- [Commits](github/gh-aw@v0.61.2...v0.65.0)

Updates `taiki-e/install-action` from 2.68.36 to 2.70.2
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@3a91142...e9e8e03)

Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@ba7bc0a...cad07c2)

---
updated-dependencies:
- dependency-name: github/gh-aw
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.70.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from zircote as a code owner March 30, 2026 15:43
@dependabot dependabot bot deployed to copilot March 30, 2026 15:43 Active
@github-actions github-actions bot enabled auto-merge (squash) March 30, 2026 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@zircote zircote Awaiting requested review from zircote zircote is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants