Bump the github-actions group across 1 directory with 3 updates by dependabot[bot] · Pull Request #838 · pendulum-project/statime

dependabot · 2026-06-08T10:13:56Z

Bumps the github-actions group with 3 updates in the / directory: actions/add-to-project, actions/checkout and codecov/codecov-action.

Updates actions/add-to-project from 1.0.2 to 2.0.0

Release notes

Sourced from actions/add-to-project's releases.

v2

What's Changed

Update instructions for fine grained PAT by @talune in actions/add-to-project#596

build(deps-dev): bump prettier from 3.2.5 to 3.3.2 by @dependabot[bot] in actions/add-to-project#594

build(deps-dev): bump eslint-plugin-github from 4.10.2 to 5.0.1 by @dependabot[bot] in actions/add-to-project#593

Resolve Regular Expression syntax checking errors by @talune in actions/add-to-project#598

build(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @dependabot[bot] in actions/add-to-project#595

build(deps-dev): bump ts-jest from 29.1.5 to 29.3.0 by @dependabot[bot] in actions/add-to-project#675

Batch updating some dependencies for vulns by @TylerDixon in actions/add-to-project#679

build(deps): bump undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/add-to-project#662

build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.5 by @dependabot[bot] in actions/add-to-project#682

Have dependabot also run builds as another commit when creating PRs by @TylerDixon in actions/add-to-project#684

build(deps): bump @octokit/request-error from 5.1.1 to 6.1.7 by @dependabot[bot] in actions/add-to-project#683

build(deps): bump @octokit/request from 8.4.1 to 9.2.2 by @dependabot[bot] in actions/add-to-project#681

Bump eslint-plugin-jest from 28.6.0 to 28.11.0 by @dependabot[bot] in actions/add-to-project#685

Bump @types/node from 16.18.101 to 22.13.14 by @dependabot[bot] in actions/add-to-project#686

Bump @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/add-to-project#687

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot[bot] in actions/add-to-project#688

Bump ts-jest from 29.3.0 to 29.3.2 by @dependabot[bot] in actions/add-to-project#694

chore: removes sourcemap-register from build step by @andrialexandrou in actions/add-to-project#696

Bump @octokit/plugin-paginate-rest from 9.2.2 to 13.0.1 by @dependabot[bot] in actions/add-to-project#699

Bump ts-jest from 29.3.2 to 29.4.0 by @dependabot[bot] in actions/add-to-project#703

Bump @types/node from 22.13.14 to 24.0.12 by @dependabot[bot] in actions/add-to-project#709

Potential fix for code scanning alert no. 6: Workflow does not contain permissions by @wiinci in actions/add-to-project#715

Potential fix for code scanning alert no. 5: Workflow does not contain permissions by @wiinci in actions/add-to-project#716

Potential fix for code scanning alert no. 7: Workflow does not contain permissions by @wiinci in actions/add-to-project#717

Fix code scanning alert:missing regex anchor by @wiinci in actions/add-to-project#719

Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in actions/add-to-project#710

Bump @octokit/request from 9.2.2 to 10.0.3 by @dependabot[bot] in actions/add-to-project#705

Bump concurrently from 8.2.2 to 9.2.0 by @dependabot[bot] in actions/add-to-project#707

Bump prettier from 3.3.2 to 3.6.2 by @dependabot[bot] in actions/add-to-project#721

Bump concurrently from 9.2.0 to 9.2.1 by @dependabot[bot] in actions/add-to-project#722

Bump @types/node from 24.0.12 to 24.5.2 by @dependabot[bot] in actions/add-to-project#730

Bump actions/checkout from 4 to 5 by @dependabot[bot] in actions/add-to-project#714

Bump actions/setup-node from 4 to 5 by @dependabot[bot] in actions/add-to-project#726

build(deps-dev): bump @typescript-eslint/parser from 7.14.1 to 7.18.0 by @dependabot[bot] in actions/add-to-project#616

Bump ts-jest from 29.4.1 to 29.4.5 by @dependabot[bot] in actions/add-to-project#742

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in actions/add-to-project#750

Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in actions/add-to-project#748

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in actions/add-to-project#741

Bump jest and @types/jest by @dependabot[bot] in actions/add-to-project#743

Bump actions/setup-node from 5 to 6 by @dependabot[bot] in actions/add-to-project#744

Consolidate ESLint 9 and TypeScript ESLint 8 dependency updates by @Copilot in actions/add-to-project#751

Bump @octokit/request-error from 6.1.8 to 7.1.0 by @dependabot[bot] in actions/add-to-project#757

Bump globals from 15.15.0 to 16.5.0 by @dependabot[bot] in actions/add-to-project#756

Bump @octokit/plugin-paginate-rest from 13.1.1 to 14.0.0 by @dependabot[bot] in actions/add-to-project#754

Bump @vercel/ncc from 0.38.3 to 0.38.4 by @dependabot[bot] in actions/add-to-project#753

Bump actions/checkout from 5 to 6 by @dependabot[bot] in actions/add-to-project#752

Bump eslint from 9.39.1 to 9.39.2 by @dependabot[bot] in actions/add-to-project#759

Bump ts-jest from 29.4.5 to 29.4.6 by @dependabot[bot] in actions/add-to-project#760

... (truncated)

Commits

5afcf98 Merge pull request #712 from salmanmkc/node24
ffed68f Merge main and update action runtime to Node 24
27022a1 Merge pull request #777 from actions/dependabot/npm_and_yarn/types/node-25.5.0
cc89d2e Merge pull request #778 from actions/dependabot/npm_and_yarn/globals-17.4.0
ef8e6ff Merge pull request #779 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
eb406b3 Merge pull request #780 from actions/dependabot/npm_and_yarn/handlebars-4.7.9
bb8d4d7 Bump handlebars from 4.7.8 to 4.7.9
a6fcf8b Bump eslint-plugin-jest from 29.12.1 to 29.15.1
b35f5d3 Bump globals from 17.0.0 to 17.4.0
036fea0 Bump @types/node from 25.0.3 to 25.5.0
Additional commits viewable in compare view

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
See full diff in compare view

Updates codecov/codecov-action from 6.0.0 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

ci: remove Enforce License Compliance workflow by @thomasrockhu-codecov in codecov/codecov-action#1950

chore(release): 7.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

ci: remove Enforce License Compliance workflow by @thomasrockhu-codecov in codecov/codecov-action#1950

chore(release): 7.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1957

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

fix: prevent template injection in run: steps (VULN-1652) by @thomasrockhu-codecov in codecov/codecov-action#1947

chore(release): 6.0.1 by @thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 3 updates in the / directory: [actions/add-to-project](https://github.com/actions/add-to-project), [actions/checkout](https://github.com/actions/checkout) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `actions/add-to-project` from 1.0.2 to 2.0.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](actions/add-to-project@244f685...5afcf98) Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6.0.2...v6.0.3) Updates `codecov/codecov-action` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Commits](codecov/codecov-action@v6...v7) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026

davidv1992 approved these changes Jun 10, 2026

View reviewed changes

davidv1992 added this pull request to the merge queue Jun 10, 2026

Merged via the queue into main with commit 9ce6055 Jun 10, 2026
5 checks passed

davidv1992 deleted the dependabot/github_actions/github-actions-7a4bc72502 branch June 10, 2026 11:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 3 updates#838

Bump the github-actions group across 1 directory with 3 updates#838
davidv1992 merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-7a4bc72502

dependabot Bot commented on behalf of github Jun 8, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 8, 2026

v2

What's Changed

v6.0.3

What's Changed

New Contributors

v7.0.0

What's Changed

v6.0.2

What's Changed

v6.0.1

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant