From 2660329109510500011aa172ee6f09f10d65079f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 May 2026 19:48:39 +0000 Subject: [PATCH] Bump the actions group across 4 directories with 11 updates Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `2.7.0` | `6.0.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `b1ba699b304f2083b602164e06a89b868c84f076` | `7dc4d75b6aa91041857e522f1426c3d1ac5d13b6` | | [actions/github-script](https://github.com/actions/github-script) | `3.2.0` | `9.0.0` | | [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment) | `2.8.2` | `3.11.0` | | [tobyhs/codemention](https://github.com/tobyhs/codemention) | `1.4.0` | `1.5.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `2.5.2` | `6.4.0` | | [actions/stale](https://github.com/actions/stale) | `4.1.1` | `10.2.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `1.5.2` | `6.0.0` | Bumps the actions group with 1 update in the /.github/actions/setup-mise directory: [jdx/mise-action](https://github.com/jdx/mise-action). Bumps the actions group with 1 update in the /.github/internal-actions/notify-slack-on-fail-or-recover directory: [actions/github-script](https://github.com/actions/github-script). Bumps the actions group with 2 updates in the /.github/internal-actions/setup-gcloud directory: [google-github-actions/auth](https://github.com/google-github-actions/auth) and [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud). Updates `actions/checkout` from 2.7.0 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.7.0...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `tj-actions/changed-files` from b1ba699b304f2083b602164e06a89b868c84f076 to 7dc4d75b6aa91041857e522f1426c3d1ac5d13b6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/b1ba699b304f2083b602164e06a89b868c84f076...7dc4d75b6aa91041857e522f1426c3d1ac5d13b6) Updates `actions/github-script` from 3.2.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v3.2.0...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `mshick/add-pr-comment` from 2.8.2 to 3.11.0 - [Release notes](https://github.com/mshick/add-pr-comment/releases) - [Changelog](https://github.com/mshick/add-pr-comment/blob/main/CHANGELOG.md) - [Commits](https://github.com/mshick/add-pr-comment/compare/b8f338c590a895d50bcbfa6c5859251edc8952fc...8e4927817251f1ff60c001f04568532b38e0b4a0) Updates `tobyhs/codemention` from 1.4.0 to 1.5.2 - [Release notes](https://github.com/tobyhs/codemention/releases) - [Commits](https://github.com/tobyhs/codemention/compare/bb6bfb2c3ff1e6fee7ee37006bbee6d114057225...14c10ab8528ed556c3b92f205e7b5aa03e7b187c) Updates `actions/setup-node` from 2.5.2 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/7c12f8017d5436eb855f1ed4399f037a36fbd9e8...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `actions/stale` from 4.1.1 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/a20b814fb01b71def3bd6f56e7494d667ddf28da...b5d41d4e1d5dceea10e7104786b73624c18a190f) Updates `codecov/codecov-action` from 1.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/29386c70ef20e286228c72b668a06fd0e8399192...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) Updates `jdx/mise-action` from 3.5.1 to 4.0.1 - [Release notes](https://github.com/jdx/mise-action/releases) - [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/jdx/mise-action/compare/146a28175021df8ca24f8ee1828cc2a60f980bd5...1648a7812b9aeae629881980618f079932869151) Updates `actions/github-script` from 6.4.1 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v3.2.0...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `google-github-actions/auth` from 2.1.13 to 3.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/c200f3691d83b41bf9bbd8638997a462592937ed...7c6bc770dae815cd3e89ee6cdf493a5fab2cc093) Updates `google-github-actions/setup-gcloud` from 2.2.1 to 3.0.1 - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/setup-gcloud/compare/e427ad8a34f8676edf47cf7d7925499adf3eb74f...aa5489c8933f4cc7a4f7d45035b3b1440c9c10db) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: tj-actions/changed-files dependency-version: 7dc4d75b6aa91041857e522f1426c3d1ac5d13b6 dependency-type: direct:production dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: mshick/add-pr-comment dependency-version: 3.11.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: tobyhs/codemention dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: jdx/mise-action dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: google-github-actions/auth dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: google-github-actions/setup-gcloud dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/actions/setup-mise/action.yml | 2 +- .../notify-slack-on-fail-or-recover/action.yml | 2 +- .github/internal-actions/setup-gcloud/action.yml | 4 ++-- .github/workflows/build-and-deploy-worker.yml | 2 +- .github/workflows/changelog.yml | 8 ++++---- .github/workflows/codemention.yml | 2 +- .github/workflows/issue-triage.yml | 10 +++++----- .github/workflows/move-eas-build-tag.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/stale-issues.yml | 2 +- .github/workflows/test-graphql.yml | 2 +- .github/workflows/test-scripts.yml | 2 +- .github/workflows/test.yml | 6 +++--- .github/workflows/trigger-release.yml | 2 +- .github/workflows/worker-system-tests.yml | 2 +- .github/workflows/worker.yml | 4 ++-- 16 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/actions/setup-mise/action.yml b/.github/actions/setup-mise/action.yml index b1dadb4299..e58f6db5d9 100644 --- a/.github/actions/setup-mise/action.yml +++ b/.github/actions/setup-mise/action.yml @@ -4,7 +4,7 @@ description: Install tools via mise runs: using: "composite" steps: - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: install: true cache: true diff --git a/.github/internal-actions/notify-slack-on-fail-or-recover/action.yml b/.github/internal-actions/notify-slack-on-fail-or-recover/action.yml index 3396653f33..d02ef3126a 100644 --- a/.github/internal-actions/notify-slack-on-fail-or-recover/action.yml +++ b/.github/internal-actions/notify-slack-on-fail-or-recover/action.yml @@ -12,7 +12,7 @@ runs: using: 'composite' steps: - name: Get previous workflow run status - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: run-status with: script: | diff --git a/.github/internal-actions/setup-gcloud/action.yml b/.github/internal-actions/setup-gcloud/action.yml index 426133e807..388d378535 100644 --- a/.github/internal-actions/setup-gcloud/action.yml +++ b/.github/internal-actions/setup-gcloud/action.yml @@ -4,13 +4,13 @@ runs: using: "composite" steps: - name: Auth gcloud - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: workload_identity_provider: 'projects/321830142373/locations/global/workloadIdentityPools/github/providers/expo' project_id: exponentjs - name: Setup gcloud - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 with: version: 548.0.0 project_id: exponentjs diff --git a/.github/workflows/build-and-deploy-worker.yml b/.github/workflows/build-and-deploy-worker.yml index 87b4ef90c4..cebcb0c4f0 100644 --- a/.github/workflows/build-and-deploy-worker.yml +++ b/.github/workflows/build-and-deploy-worker.yml @@ -23,7 +23,7 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - uses: ./.github/actions/setup-mise diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 64662326a4..3176797a95 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -18,19 +18,19 @@ jobs: name: Check CHANGELOG.md updated runs-on: ubuntu-latest steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check if CHANGELOG.md was updated id: changelog-updated - uses: tj-actions/changed-files@b1ba699b304f2083b602164e06a89b868c84f076 + uses: tj-actions/changed-files@7dc4d75b6aa91041857e522f1426c3d1ac5d13b6 with: files: CHANGELOG.md - name: Fail if CHANGELOG.md was not updated and the "no changelog" label is absent if: steps.changelog-updated.outputs.any_changed == 'false' && !contains(github.event.pull_request.labels.*.name, 'no changelog') - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | core.setFailed('Please add a changelog entry!') - - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2 + - uses: mshick/add-pr-comment@8e4927817251f1ff60c001f04568532b38e0b4a0 # v3.11.0 if: always() with: message-id: changelog-entry-check diff --git a/.github/workflows/codemention.yml b/.github/workflows/codemention.yml index 230f808a46..61f503960d 100644 --- a/.github/workflows/codemention.yml +++ b/.github/workflows/codemention.yml @@ -15,6 +15,6 @@ jobs: # Pinned to a commit SHA (not the v1.4.0 tag) because this runs under # pull_request_target with a write-scoped token — a re-pointed tag from # a compromised upstream account would give the attacker repo write access. - - uses: tobyhs/codemention@bb6bfb2c3ff1e6fee7ee37006bbee6d114057225 # v1.4.0 + - uses: tobyhs/codemention@14c10ab8528ed556c3b92f205e7b5aa03e7b187c # v1.5.2 with: githubToken: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/issue-triage.yml b/.github/workflows/issue-triage.yml index d7f27bdb0e..fe415bd80e 100644 --- a/.github/workflows/issue-triage.yml +++ b/.github/workflows/issue-triage.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-20.04 if: "${{ contains(github.event.label.name, 'incomplete issue: missing or invalid repro') }}" steps: - - uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.EXPO_BOT_GITHUB_TOKEN }} script: | @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-20.04 if: "${{ contains(github.event.label.name, 'incomplete issue: missing info') }}" steps: - - uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.EXPO_BOT_GITHUB_TOKEN }} script: | @@ -81,7 +81,7 @@ jobs: runs-on: ubuntu-20.04 if: github.event.label.name == 'issue accepted' steps: - - uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.EXPO_BOT_GITHUB_TOKEN }} script: | @@ -98,7 +98,7 @@ jobs: runs-on: ubuntu-20.04 if: "${{ contains(github.event.label.name, 'invalid issue: question') }}" steps: - - uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.EXPO_BOT_GITHUB_TOKEN }} script: | @@ -126,7 +126,7 @@ jobs: runs-on: ubuntu-20.04 if: "${{ contains(github.event.label.name, 'invalid issue: feature request') }}" steps: - - uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.EXPO_BOT_GITHUB_TOKEN }} script: | diff --git a/.github/workflows/move-eas-build-tag.yml b/.github/workflows/move-eas-build-tag.yml index 43cf6d3973..43e0634cff 100644 --- a/.github/workflows/move-eas-build-tag.yml +++ b/.github/workflows/move-eas-build-tag.yml @@ -29,7 +29,7 @@ jobs: INPUT_DRY_RUN: ${{ github.event.inputs.dry_run }} INPUT_STAGING_ONLY: ${{ github.event.inputs.staging_only }} steps: - - uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: registry-url: "https://registry.npmjs.org/" scope: "expo" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fcabad17ca..1357378929 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: ./.github/actions/setup-mise - name: Install dependencies run: yarn install --immutable @@ -58,7 +58,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.EXPO_BOT_PAT }} - uses: ./.github/actions/setup-mise diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index 110e8c1f1b..5b6b8718c9 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -8,7 +8,7 @@ jobs: close-issues: runs-on: ubuntu-latest steps: - - uses: actions/stale@a20b814fb01b71def3bd6f56e7494d667ddf28da # v4 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: ascending: false operations-per-run: 300 diff --git a/.github/workflows/test-graphql.yml b/.github/workflows/test-graphql.yml index 38800d27bd..2cf339858f 100644 --- a/.github/workflows/test-graphql.yml +++ b/.github/workflows/test-graphql.yml @@ -17,7 +17,7 @@ jobs: name: Ensure GraphQL schema and generated code is up-to-date runs-on: ubuntu-latest steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup tools uses: ./.github/actions/setup-mise - run: yarn install --immutable diff --git a/.github/workflows/test-scripts.yml b/.github/workflows/test-scripts.yml index 42c7a8aac8..7eb038067c 100644 --- a/.github/workflows/test-scripts.yml +++ b/.github/workflows/test-scripts.yml @@ -21,7 +21,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup tools uses: ./.github/actions/setup-mise - run: yarn install --immutable diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a4458e79c3..464620d72b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: coverage: true name: Test with Node ${{ matrix.node }} steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup tools uses: ./.github/actions/setup-mise env: @@ -66,7 +66,7 @@ jobs: working-directory: ./scripts env: YARN_ENABLE_HARDENED_MODE: ${{ matrix.coverage == true && '1' || '0' }} - - uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # v1 + - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 if: ${{ matrix.coverage }} with: token: ${{ secrets.CODECOV_TOKEN }} @@ -79,7 +79,7 @@ jobs: name: Notify Slack if: ${{ github.ref == 'refs/heads/main' && always() }} steps: - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Notify Slack uses: ./.github/internal-actions/notify-slack-on-fail-or-recover with: diff --git a/.github/workflows/trigger-release.yml b/.github/workflows/trigger-release.yml index 09ff440525..50117c286f 100644 --- a/.github/workflows/trigger-release.yml +++ b/.github/workflows/trigger-release.yml @@ -22,7 +22,7 @@ jobs: INPUT_VERSION: ${{ github.event.inputs.version }} INPUT_DRY_RUN: ${{ github.event.inputs.dry_run }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 diff --git a/.github/workflows/worker-system-tests.yml b/.github/workflows/worker-system-tests.yml index 4e04b98c0c..095efbbfe4 100644 --- a/.github/workflows/worker-system-tests.yml +++ b/.github/workflows/worker-system-tests.yml @@ -11,7 +11,7 @@ jobs: EXPO_TOKEN: ${{ secrets.STAGING_EXPO_DEV_EXPO_SERVICES_GITHUB_ROBOT_ACCESS_TOKEN }} EXPO_STAGING: "1" steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - uses: ./.github/actions/setup-mise diff --git a/.github/workflows/worker.yml b/.github/workflows/worker.yml index 7a2f5f065f..efb2406b96 100644 --- a/.github/workflows/worker.yml +++ b/.github/workflows/worker.yml @@ -24,7 +24,7 @@ jobs: worker-checks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - uses: ./.github/actions/setup-mise @@ -71,7 +71,7 @@ jobs: - deploy-worker-production if: github.ref == 'refs/heads/main' && always() && !cancelled() steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Notify Slack uses: ./.github/internal-actions/notify-slack-on-fail-or-recover