build(deps): bump the github-owned group with 3 updates #735

dependabot · 2025-09-08T13:09:28Z

Bumps the github-owned group with 3 updates: github/codeql-action, actions/setup-go and actions/stale.

Updates github/codeql-action from 3.30.0 to 3.30.1

Release notes

Sourced from github/codeql-action's releases.

v3.30.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

Update default CodeQL bundle version to 2.23.0. #3077

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.1 - 05 Sep 2025

Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

Fix an issue where the Action would autodetect unsupported languages such as HTML. #3015

3.29.7 - 07 Aug 2025

This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.

3.29.6 - 07 Aug 2025

The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #2999

Update default CodeQL bundle version to 2.22.3. #3000

3.29.5 - 29 Jul 2025

Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

... (truncated)

Commits

f1f6e5f Merge pull request #3081 from github/update-v3.30.1-2d2f57ed3
5dd2164 Update changelog for v3.30.1
2d2f57e Merge pull request #3079 from github/mbg/proxy/accept-git-source
b364f99 Merge pull request #3077 from github/update-bundle/codeql-bundle-v2.23.0
5b8860a Merge branch 'main' into update-bundle/codeql-bundle-v2.23.0
8fe8b24 Add git_source as supported registry type for Go
6242bcb Allow multiple registry types in LANGUAGE_TO_REGISTRY_TYPE
dfb741d Merge pull request #3075 from github/mbg/remove-augmentation-properties
920bba1 Add unit tests for createInitWithConfigStatusReport
37ddb03 Add createInitWithConfigStatusReport function
Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.0.0

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

Commits

4469467 Bump actions/checkout from 4 to 5 (#631)
e093d1e Node 24 upgrade (#624)
1d76b95 Improve toolchain handling (#460)
e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
8e57b58 Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)
7c0b336 Bump typescript from 5.4.2 to 5.8.3 (#538)
6f26dcc Bump undici from 5.28.5 to 5.29.0 (#594)
8d4083a Bump @typescript-eslint/parser from 5.62.0 to 8.32.0 (#590)
fa96338 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591)
4de67c0 Bump @types/jest from 29.5.12 to 29.5.14 (#589)
See full diff in compare view

Updates actions/stale from 9.1.0 to 10.0.0

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/stale#1279 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Enhancement

Introducing sort-by option by @suyashgaonkar in actions/stale#1254

Dependency Upgrades

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in actions/stale#1186

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/stale#1201

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/stale#1226

Upgrade @action/cache from 4.0.2 to 4.0.3 by @suyashgaonkar in actions/stale#1233

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/stale#1251

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/stale#1277

Documentation changes

Changelog update for recent releases by @suyashgaonkar in actions/stale#1224

Permissions update in Readme by @ghadimir in actions/stale#1248

New Contributors

@suyashgaonkar made their first contribution in actions/stale#1224

@GhadimiR made their first contribution in actions/stale#1248

@gowridurgad made their first contribution in actions/stale#1277

@salmanmkc made their first contribution in actions/stale#1279

Full Changelog: actions/stale@v9...v10.0.0

Commits

3a9db7e Upgrade to node 24 (#1279)
8f717f0 Bumps form-data (#1277)
a92fd57 build(deps): bump undici from 5.28.5 to 5.29.0 (#1251)
128b2c8 Introducing sort-by option (#1254)
f78de97 Update README.md (#1248)
816d9db Upgrade @action/cache from 4.0.2 to 4.0.3 (#1233)
ba23c1c upgrade actions/cache from 4.0.0 to 4.0.2 (#1226)
a65e88a build(deps): bump undici from 5.28.4 to 5.28.5 (#1201)
d4df79c Updates to CHANGELOG.MD for recent releases (#1224)
ee7ef89 build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1186)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-owned group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/setup-go](https://github.com/actions/setup-go) and [actions/stale](https://github.com/actions/stale). Updates `github/codeql-action` from 3.30.0 to 3.30.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@2d92b76...f1f6e5f) Updates `actions/setup-go` from 5.5.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@d35c59a...4469467) Updates `actions/stale` from 9.1.0 to 10.0.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5bef64f...3a9db7e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.30.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-owned - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-owned - dependency-name: actions/stale dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-owned ... Signed-off-by: dependabot[bot] <[email protected]>

justaugustus

@dependabot merge

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Sep 8, 2025

dependabot bot requested a review from a team as a code owner September 8, 2025 13:09

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 8, 2025

github-project-automation bot added this to OpenSSF Scorecard Sep 8, 2025

dependabot bot added the github_actions Pull requests that update Github_actions code label Sep 8, 2025

justaugustus approved these changes Sep 13, 2025

View reviewed changes

dependabot bot merged commit 11abc9b into main Sep 13, 2025
7 checks passed

dependabot bot deleted the dependabot/github_actions/github-owned-f4a23ebb2e branch September 13, 2025 02:57

github-project-automation bot moved this to Done in OpenSSF Scorecard Sep 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the github-owned group with 3 updates #735

build(deps): bump the github-owned group with 3 updates #735

dependabot bot commented on behalf of github Sep 8, 2025

Uh oh!

justaugustus left a comment

Uh oh!

Uh oh!

Uh oh!

build(deps): bump the github-owned group with 3 updates #735

build(deps): bump the github-owned group with 3 updates #735

Conversation

dependabot bot commented on behalf of github Sep 8, 2025

v3.30.1

CodeQL Action Changelog

3.30.1 - 05 Sep 2025

CodeQL Action Changelog

[UNRELEASED]

3.30.1 - 05 Sep 2025

3.30.0 - 01 Sep 2025

3.29.11 - 21 Aug 2025

3.29.10 - 18 Aug 2025

3.29.9 - 12 Aug 2025

3.29.8 - 08 Aug 2025

3.29.7 - 07 Aug 2025

3.29.6 - 07 Aug 2025

3.29.5 - 29 Jul 2025

3.29.4 - 23 Jul 2025

3.29.3 - 21 Jul 2025

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Uh oh!

justaugustus left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!