ci(deps): bump the github-actions group across 1 directory with 12 updates by dependabot[bot] · Pull Request #82 · LerianStudio/github-actions-shared-workflows

dependabot · 2026-02-23T21:21:39Z

Bumps the github-actions group with 12 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
actions/setup-node	`4`	`6`
actions/upload-artifact	`4`	`6`
actions/download-artifact	`4`	`7`
actions/github-script	`7`	`8`
actions/setup-go	`5`	`6`
securego/gosec	`2.22.11`	`2.23.0`
github/codeql-action	`3`	`4`
goreleaser/goreleaser-action	`6`	`7`
actions/create-github-app-token	`1`	`2`
slackapi/slack-github-action	`1.24.0`	`2.1.1`
aquasecurity/trivy-action	`0.33.1`	`0.34.1`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in actions/setup-node#1227

Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345

New Contributors

@priya-kinthali made their first contribution in actions/setup-node#1348

@salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
621ac41 README.md: bump to latest released checkout version v6 (#1446)
2951748 Bump @actions/cache to v5.0.1 (#1449)
21ddc7b Correct mirror option typos (#1442)
65d868f Update Documentation for Lockfile (#1454)
395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
b9b25d4 Remove always-auth configuration handling from action (#1436)
633bb92 Bump @actions/cache from 4.0.3 to 4.1.0 (#1384)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 6

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @salmanmkc in actions/upload-artifact#685

New Contributors

@salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

... (truncated)

Commits

b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
ddc45ed docs: update README to correct action name for Node.js 24 support
615b319 chore: release v6.0.0 for Node.js 24 support
017748b Merge pull request #744 from actions/fix-storage-blob
38d4c79 chore: rebuild dist
7d27270 chore: add missing license cache files for @actions/core, @actions/io, and mi...
5f643d3 chore: update license files for @actions/artifact@5.0.1 dependencies
1df1684 chore: update package-lock.json with @actions/artifact@5.0.1
b5b1a91 fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix
Additional commits viewable in compare view

Updates actions/download-artifact from 4 to 7

Release notes

Sourced from actions/download-artifact's releases.

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/download-artifact#440

Download Artifact Node24 support by @salmanmkc in actions/download-artifact#415

fix: update @actions/artifact to fix Node.js 24 punycode deprecation by @salmanmkc in actions/download-artifact#451

prepare release v7.0.0 for Node.js 24 support by @salmanmkc in actions/download-artifact#452

New Contributors

@patrikpolyak made their first contribution in actions/download-artifact#440

@salmanmkc made their first contribution in actions/download-artifact#415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README for download-artifact v5 changes by @yacaovsnc in actions/download-artifact#417

Update README with artifact extraction details by @yacaovsnc in actions/download-artifact#424

Readme: spell out the first use of GHES by @danwkennedy in actions/download-artifact#431

Bump @actions/artifact to v4.0.0

Prepare v6.0.0 by @danwkennedy in actions/download-artifact#438

New Contributors

@danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

What's Changed

Update README.md by @nebuk89 in actions/download-artifact#407

BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

... (truncated)

Commits

37930b1 Merge pull request #452 from actions/download-artifact-v7-release
72582b9 doc: update readme
0d2ec9d chore: release v7.0.0 for Node.js 24 support
fd7ae8f Merge pull request #451 from actions/fix-storage-blob
d484700 chore: restore minimatch.dep.yml license file
03a8080 chore: remove obsolete dependency license files
56fe6d9 chore: update @actions/artifact license file to 5.0.1
8e3ebc4 chore: update package-lock.json with @actions/artifact@5.0.1
1e3c4b4 fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix
458627d chore: use local @actions/artifact package for Node.js 24 testing
Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472

Define permissions in workflows and update actions by @joshmgross in actions/github-script#531

chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in actions/github-script#532

chore: Remove .vscode settings by @nschonni in actions/github-script#533

ci: Use github/setup-licensed by @nschonni in actions/github-script#473

make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in actions/github-script#508

Remove octokit README updates for v7 by @joshmgross in actions/github-script#557

docs: add "exec" usage examples by @neilime in actions/github-script#546

Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in actions/github-script#563

Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in actions/github-script#575

Clearly document passing inputs to the script by @joshmgross in actions/github-script#603

Update README.md by @nebuk89 in actions/github-script#610

New Contributors

@benelan made their first contribution in actions/github-script#482

@Jcambass made their first contribution in actions/github-script#485

@timotk made their first contribution in actions/github-script#478

@iamstarkov made their first contribution in actions/github-script#508

@neilime made their first contribution in actions/github-script#546

@nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
2dc352e Bold minimum Actions Runner version in README
01e118c Update README for Node 24 runtime requirements
8b222ac Apply suggestion from @salmanmkc
adc0eea README for updating actions/github-script from v7 to v8
20fe497 Merge pull request #637 from actions/node24
e7b7f22 update licenses
2c81ba0 Update Node.js version support to 24.x
See full diff in compare view

Updates actions/setup-go from 5 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.6.0

What's Changed

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @aparnajyothi-y in actions/setup-go#689

Full Changelog: actions/setup-go@v5...v5.6.0

v5.5.0

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in actions/setup-go#556

Add manifest validation and improve error handling by @priyagupta108 in actions/setup-go#586

Update template link by @jsoref in actions/setup-go#527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-go#574

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-go#573

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-go#582

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in actions/setup-go#537

New Contributors

@jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

... (truncated)

Commits

7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
bf7446a Bump js-yaml from 3.14.1 to 3.14.2 (#682)
02aadfe Fix Node.js version in action.yml (#691)
4aaadf4 Example for restore-only cache in documentation (#696)
4dc6199 Bump semver and @types/semver (#652)
f3787be Add comprehensive breaking changes documentation for v6 (#674)
3a0c2c8 Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)
Additional commits viewable in compare view

Updates securego/gosec from 2.22.11 to 2.23.0

Release notes

Sourced from securego/gosec's releases.

v2.23.0

Changelog

398ad549bbf1a51dc978fd966169f660c59774de feat: Support for adding taint analysis engine (#1486)

6eacd5c058e929180e2c0ec9fbe082de28f4315c chore(deps): update all dependencies (#1494)

181a7cb0729c8a7c98a7728ba8d4b3ef035a98ab chore(deps): update all dependencies (#1494)

e2fa6ab0ba09771b9205dd0cafa997a2f730f582 chore(deps): update all dependencies (#1488)

eb252ba8d7359d599064283465f7f734f4c92171 Fix G602 analyzer panic that kills gosec process (#1491)

20d71a0cc140e43b344c37da33bb841a52f6edcd update go version to 1.25.7 (#1492)

a631af86ec6d2557e40dac102293f15209794a75 Fix URL regexp and remove redundant Google regex patterns (#1485)

89685023f949d40cd8b86e6fde63e2d8c82bd860 feat: implement global cache usage in rules (#1480)

04f729ce53e715e228022751c40482ac98db60a5 chore(deps): update module google.golang.org/genai to v1.43.0 (#1484)

ade0e8f43211688a78923300c495e4f42f156608 refactor: optimize nosec parsing and reduce allocations (#1478)

d24bbf7d14cead8c469093165b19e320f7b61955 Fix SARIF artifactChanges null validation error (#1483)

15cba7fae1b53a2dc6bb4092232f9a84033d121a feat: optimize GetCallInfo with per-package sync.Pool caching (#1481)

5288673473e8ff116915e2f440190030f33ce22d feat: implement entropy pre-filtering to optimize secret detection (#1479)

d9a9bcd45ca91ba1a6f539397eddef0487e4b9f1 feat: ensure GoVersion is cached using sync.Once (#1477)

516260af4e7c8fd9a86905d83ddfafde5454c070 Fix #1240: nosec comments now work with trailing open brackets (#1475)

be0fd6dcfd8716291bc769f9a21a55ede2576cbd Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476)

b579523bf6dbd3baf523a778c1a5d1f5c66e97fd Update the go version to 1.25.6 and 1.24.12 (#1474)

bd3c738bf0a8e570b93e4c65bac0d49d0267f5a9 G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470)

6897b3661cdd347788be81437db09c5edf754284 chore(deps): update all dependencies (#1473)

9f202122a731425dfa2ee978fd0e4ba2d9d8e1dc feat: support path-based rule exclusions via exclude-rules (#1465)

726d847c79d4ea7582376aec0ad94fcbec11fa50 Optimize analyzer with parallel package processing (#1466)

3150b28fc404263fd89ab466247b2bf0235be619 feat: add goanalysis package for nogo (#1449)

7284e15230ad0bc56e2fdd518ce5f2c5b6610ce2 Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464)

7a4ccefd8880ecced95e2947fb7a4088d66a221c Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463)

833d7919e0f1eaf793b5cc4e97050435faee92d1 refactor(g115): improve coverage (#1462)

0cc9e01a9d6b650d90c9ad6a5ffa73ba30ca99c8 Refine G407 to improve detection and coverage of hardcoded nonces (#1460)

303f84d11141cecd48eeb3a01cd8c6de982c0f29 chore(deps): update all dependencies (#1461)

7387d225921a2efbcf1613bdb32f490285f9af65 Refactor rules to use callListRule base structure (#1458)

52f5dbf4d42f41d4eb6e83e2b408a227eb61cf40 feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457)

649e2c8da416b29f67a6119dc5ee2149b514872f remove deprecated ast.Object (#1455)

35a92b49d5b5c963b8acb81944e56bb66a444680 feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454)

bc9d2bc879d1e246d48cf4b9e18a975c67e1712b feat(rules): enhance subprocess variable checks (#1453)

8a5404eabf56aa8ca2fb9e4e8eb526da0a5a8c48 feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452)

0f6f21cb3fc1d640b7e0f8b47b48f367beb1eddc feat: add secrets serialization G117 (#1451)

717706e8159c4124c2576a0defc0078493655936 feat(rules): add support for detecting high entropy strings in composite literals (#1447)

082deb6cee063d5b8ce740fbee614460d2c2211b whitelist crypto/rand Read from error checks (#1446)

095d529a906cabaf1adbea5e85fc13acce092a53 chore(deps): update all dependencies (#1443)

c073629009897d89e03229bc81232c7375892086 Improve slice bound check (#1442)

538a05cc5d6eb7bb41624e48f6e5019cccb1a2b8 docs: add documentation for using gosec with private modules (#1441)

25804378cd3eb8715e79649ea5266b811713b6ee chore(deps): update all dependencies (#1440)

872b33106ce4ba9253328009b63c4157b48d6867 docs: add G116 rule description to README (#1439)

dcf93a8b8ba2a90270e0ce35291cca8f7a4a90be Update GitHub action to gosec 2.22.11 (#1438)

Commits

398ad54 feat: Support for adding taint analysis engine (#1486)
6eacd5c chore(deps): update all dependencies (#1494)
181a7cb chore(deps): update all dependencies (#1494)
e2fa6ab chore(deps): update all dependencies (#1488)
eb252ba Fix G602 analyzer panic that kills gosec process (#1491)
20d71a0 update go version to 1.25.7 (#1492)
a631af8 Fix URL regexp and remove redundant Google regex patterns (#1485)
8968502 feat: implement global cache usage in rules (#1480)
04f729c chore(deps): update module google.golang.org/genai to v1.43.0 (#1484)
ade0e8f refactor: optimize nosec parsing and reduce allocations (#1478)
Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.32.4

Update default CodeQL bundle version to

…dates Bumps the github-actions group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `7` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [securego/gosec](https://github.com/securego/gosec) | `2.22.11` | `2.23.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6` | `7` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1` | `2` | | [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `1.24.0` | `2.1.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.34.1` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) Updates `actions/upload-artifact` from 4 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v6) Updates `actions/download-artifact` from 4 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v7) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) Updates `securego/gosec` from 2.22.11 to 2.23.0 - [Release notes](https://github.com/securego/gosec/releases) - [Commits](securego/gosec@v2.22.11...v2.23.0) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) Updates `goreleaser/goreleaser-action` from 6 to 7 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v6...v7) Updates `actions/create-github-app-token` from 1 to 2 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@v1...v2) Updates `slackapi/slack-github-action` from 1.24.0 to 2.1.1 - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](slackapi/slack-github-action@v1.24.0...v2.1.1) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: securego/gosec dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: slackapi/slack-github-action dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-23T21:21:40Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

ci(deps): bump the github-actions group across 1 directory with 12 updates#82

ci(deps): bump the github-actions group across 1 directory with 12 updates#82
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/github_actions/develop/github-actions-cecfe88a25

dependabot bot commented on behalf of github Feb 23, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 23, 2026

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.0.0

What's Changed

v5.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v4.4.0

v6.0.0

v6 - What's new

Node.js 24

What's Changed

v5.0.0

What's Changed

New Contributors

v4.6.2

What's Changed

New Contributors

v4.6.1

What's Changed

v7.0.0

v7 - What's new

Node.js 24

What's Changed

New Contributors

v6.0.0

What's Changed

New Contributors

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

What Changed

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

New Contributors

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Bug fixes:

Dependency updates: