Skip to content

fix(deps): bump the all-github-actions group across 1 directory with 3 updates#148

Merged
derrix060 merged 1 commit intomainfrom
dependabot/github_actions/all-github-actions-03848a9036
Apr 28, 2026
Merged

fix(deps): bump the all-github-actions group across 1 directory with 3 updates#148
derrix060 merged 1 commit intomainfrom
dependabot/github_actions/all-github-actions-03848a9036

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Bumps the all-github-actions group with 3 updates in the / directory: aquasecurity/trivy-action, marocchino/sticky-pull-request-comment and googleapis/release-please-action.

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 3.0.3 to 3.0.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.4

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.3...v3.0.4

Commits
  • 0ea0beb 📦️ Build
  • df6c1bd build(deps-dev): Bump @​biomejs/biome from 2.4.10 to 2.4.11 (#1681)
  • 3ad213f build(deps-dev): Bump vitest from 4.1.3 to 4.1.4 (#1682)
  • 58072e5 build(deps): Bump @​actions/github from 9.0.0 to 9.1.0 (#1683)
  • 313a938 build(deps-dev): Bump @​types/node from 25.5.2 to 25.6.0 (#1684)
  • 159c677 build(deps-dev): Bump vitest from 4.1.2 to 4.1.3 (#1680)
  • b37c1a1 build(deps-dev): Bump vite from 8.0.3 to 8.0.5 (#1679)
  • See full diff in compare view

Updates googleapis/release-please-action from 4.4.0 to 5.0.0

Release notes

Sourced from googleapis/release-please-action's releases.

v5.0.0

5.0.0 (2026-04-22)

⚠ BREAKING CHANGES

  • upgrade to node24 (#1188)

Features

Bug Fixes

  • bump release-please from 17.3.0 to 17.6.0 (#1199) (f533c26)

v4.4.1

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)
Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

5.0.0 (2026-04-22)

⚠ BREAKING CHANGES

  • upgrade to node24 (#1188)

Features

Bug Fixes

  • bump release-please from 17.3.0 to 17.6.0 (#1199) (f533c26)

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

4.2.0 (2025-03-07)

Features

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the all-github-actions group across 1 directory with …
5f6224d 
…3 updates

Bumps the all-github-actions group with 3 updates in the / directory: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action), [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) and [googleapis/release-please-action](https://github.com/googleapis/release-please-action).


Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

Updates `marocchino/sticky-pull-request-comment` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@d4d6b09...0ea0beb)

Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@16a9c90...45996ed)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-github-actions
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-github-actions
- dependency-name: googleapis/release-please-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 28, 2026
@derrix060 derrix060 merged commit 77a6b36 into main Apr 28, 2026
1 check passed
@derrix060 derrix060 deleted the dependabot/github_actions/all-github-actions-03848a9036 branch April 28, 2026 10:30
@github-actions github-actions Bot mentioned this pull request Apr 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@derrix060 derrix060 derrix060 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@derrix060