Bump the actions group across 1 directory with 10 updates

[dependabot]

Bumps the actions group with 10 updates in the / directory:

Package	From	To
actions/upload-artifact	7.0.0	7.0.1
actions/download-artifact	8.0.0	8.0.1
pypa/cibuildwheel	3.4.0	3.4.1
github/codeql-action	4.32.6	4.35.2
actions/cache	5.0.3	5.0.5
j178/prek-action	1.1.1	2.0.2
scientific-python/upload-nightly-action	0.6.3	0.6.4
plbstl/first-contribution	4.2.0	4.3.0
codecov/codecov-action	5.5.2	6.0.0
imjohnbo/issue-bot	3.4.4	3.4.5

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• See full diff in compare view

Updates pypa/cibuildwheel from 3.4.0 to 3.4.1

Release notes

Sourced from pypa/cibuildwheel's releases.

v3.4.1

• ⚠️ Building for the experimental CPython 3.13 free-threading variant is now deprecated. That functionality will be removed in the next minor release. The enable option cpython-freethreading is therefore also deprecated. Builds specifying enable = "all" no longer select cpython-freethreading. CPython 3.14 free-threading support remains available without the enable flag. (#2787)
• 🐛 iOS builds will no longer skip repair-wheel-command if it's defined in config (#2761)
• 🐛 Fix bug causing uv to fail when environments define PYTHON_VERSION or UV_PYTHON, conflicting with our venvs (#2795)
• ✨ cibuildwheel prints the selected build identifiers at the start of the build. (#2785)
• 🔐 The GitHub Action now references other actions with a full SHA (#2744)

Changelog

Sourced from pypa/cibuildwheel's changelog.

---

title: Changelog

Changelog

v3.4.1

2 April 2026

• ⚠️ Building for the experimental CPython 3.13 free-threading variant is now deprecated. That functionality will be removed in the next minor release. The enable option cpython-freethreading is therefore also deprecated. Builds specifying enable = "all" no longer select cpython-freethreading. CPython 3.14 free-threading support remains available without the enable flag. (#2787)
• 🐛 iOS builds will no longer skip repair-wheel-command if it's defined in config (#2761)
• 🐛 Fix bug causing uv to fail when environments define PYTHON_VERSION or UV_PYTHON, conflicting with our venvs (#2795)
• ✨ cibuildwheel prints the selected build identifiers at the start of the build. (#2785)
• 🔐 The GitHub Action now references other actions with a full SHA (#2744)

v3.4.0

5 March 2026

• 🌟 You can now build wheels using uv as a build frontend. This should improve performance, especially if your project has lots of build dependencies. To use, set build-frontend to uv. (#2322)
• ⚠️ We no longer support running on Travis CI. It may continue working but we don't run tests there anymore so we can't be sure. (#2682)
• ✨ Improvements to building rust wheels on Android (#2650)
• 🛠 Update Pyodide to 0.29.3 (#2719, #2733)
• 🐛 Fix bug with the GitHub Action on Windows, where PATH was getting unnecessarily changed, causing issues with meson builds. (#2723)
• ✨ Add support for quiet setting on build and uv from the cibuildwheel build-verbosity setting. (#2737)
• 📚 Docs updates, including guidance on using Meson on Windows (#2718)

v3.3.1

5 January 2026

• 🛠 Update dependencies and container pins, including updating to CPython 3.14.2. (#2708)

v3.3.0

12 November 2025

• 🐛 Fix an incompatibility with Docker v29 (#2660)
• ✨ Adds test-runtime option, to customise how tests on simulated/emulated environments are run (#2636)
• ✨ Adds support for new manylinux_2_35 images on 32-bit ARM armv7l, offering better C++20 compatibility (#2656)
• ✨ build[uv] is now supported on Android (#2587)
• ✨ You can now install extras (such as uv) with a simple option on the GitHub Action (#2630)
• ✨ {project} and {package} placeholders are now supported in repair-wheel-command (#2589)
• 🛠 The versions set with dependency-versions no longer constrain packages specified by your build-system.requires. Previously, on platforms other than Linux, the constraints in this option would remain in the environment during the build. This has been tidied up make behaviour more consistent between platforms, and to prevent version conflicts. (#2583)
• 🛠 Improve the handling of test-command on Android, enabling more options to be passed (#2590)
• 📚 Docs improvements (#2618)

v3.2.1

... (truncated)

Commits

• 8d2b08b Bump version: v3.4.1
• 54b8a01 deprecation: cp313t (#2787)
• 097806b tests: fully type the test suite (#2794)
• 643b30c fix: avoid PYTHON_VERSION breaking uv if set (#2795)
• fffe2ca chore(deps): bump j178/prek-action from 1.1.1 to 2.0.0 in the actions group (...
• 6111948 fix: zizmor "code injection via template expansion" (#2784)
• e478767 chore: remove some string types (#2798)
• caf433b [Bot] Update dependencies (#2789)
• a257a3f chore: remove remaining future annotations (#2799)
• 6df84da chore: some cleanup and checks (#2792)
• Additional commits viewable in compare view

Updates github/codeql-action from 4.32.6 to 4.35.2

Release notes

Sourced from github/codeql-action's releases.

v4.35.2

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

v4.35.1

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

v4.35.0

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

v4.34.1

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v4.34.0

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
• Update default CodeQL bundle version to 2.25.0. #3585

v4.33.0

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.35.2 - 15 Apr 2026

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
• Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

... (truncated)

Commits

• 95e58e9 Merge pull request #3824 from github/update-v4.35.2-d2e135a73
• 6f31bfe Update changelog for v4.35.2
• d2e135a Merge pull request #3823 from github/update-bundle/codeql-bundle-v2.25.2
• 60abb65 Add changelog note
• 5a0a562 Update default bundle to codeql-bundle-v2.25.2
• 6521697 Merge pull request #3820 from github/dependabot/github_actions/dot-github/wor...
• 3c45af2 Merge pull request #3821 from github/dependabot/npm_and_yarn/npm-minor-345b93...
• f1c3393 Rebuild
• 1024fc4 Rebuild
• 9dd4cfe Bump the npm-minor group across 1 directory with 6 updates
• Additional commits viewable in compare view

Updates actions/cache from 5.0.3 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
• f280785 licensed changes
• 619aeb1 npm run build generated dist files
• bcf16c2 Update ts-http-runtime to 0.3.5
• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• Additional commits viewable in compare view

Updates j178/prek-action from 1.1.1 to 2.0.2

Release notes

Sourced from j178/prek-action's releases.

v2.0.2

What's Changed

• Reduce missing checksum log noise by @​j178 in j178/prek-action#117
• Update zizmorcore/zizmor-action action to v0.5.2 by @​renovate[bot] in j178/prek-action#118
• Update known versions for prek 0.3.9 by @​j178 in j178/prek-action#119

Full Changelog: j178/prek-action@v2...v2.0.2

v2.0.1

What's Changed

• Remove redundant show-verbose-logs empty-string guard by @​shaanmajid in j178/prek-action#112
• Rename action.yaml to action.yml by @​shaanmajid in j178/prek-action#113
• Update known versions for prek 0.3.8 by @​j178 in j178/prek-action#114
• Remove update-known-versions job by @​j178 in j178/prek-action#115

Full Changelog: j178/prek-action@v2...v2.0.1

v2.0.0

What's Changed

• Completely rewritten in TypeScript for a more maintainable and modern implementation (#76)
• prek-version now supports semver ranges such as 0.3.x, with faster and more reliable version resolution (#81, #80, #92, #94, #100)
• Downloaded prek archives are now validated against known checksums before install (#83)
• Added show-verbose-logs to control whether verbose prek logs are printed after the run (#78)
• Improved caching behavior with an explicit cache input, a new cache-hit output, corrected cache path resolution, and fixes for redundant cache saves (#91, #102, #110, #111)
• Improved Windows install performance by optimizing ZIP extraction (#96)

Full Changelog: j178/prek-action@v1...v2.0.0

v2.0.0-beta.6

What's Changed

• Migrate formatting to Biome by @​j178 in j178/prek-action#103
• Modernize ESM build and test workflow by @​j178 in j178/prek-action#107
• Migrate tests to Vitest by @​j178 in j178/prek-action#109
• Update dependency esbuild to ^0.27.0 by @​renovate[bot] in j178/prek-action#108

Full Changelog: j178/prek-action@v2.0.0-beta.5...v2.0.0-beta.6

v2.0.0-beta.5

What's Changed

• Add version manifest file by @​j178 in j178/prek-action#101
• Move version manifest out of bundle by @​j178 in j178/prek-action#100
• Fix cache path resolution to match prek's own behavior by @​shaanmajid in j178/prek-action#102

Full Changelog: j178/prek-action@v2.0.0-beta.4...v2.0.0-beta.5

... (truncated)

Commits

• cbc2f23 Update known versions for prek 0.3.9 (#119)
• 4fd49c1 Update zizmorcore/zizmor-action action to v0.5.2 (#118)
• 380f81e Reduce missing checksum log noise (#117)
• 53276d8 Remove update-known-versions job (#115)
• 3056648 Update known versions for prek 0.3.8 (#114)
• 1925043 Rename action.yaml to action.yml (#113)
• dc795aa Remove redundant show-verbose-logs empty-string guard (#112)
• 79f7655 Use prek-action@v2 in README (#99)
• b42be1f Add explicit cache input to enable/disable caching (#111)
• 7774ba8 Action interface cleanup: deprecate inputs, add cache-hit output, fix extra-a...
• Additional commits viewable in compare view

Updates scientific-python/upload-nightly-action from 0.6.3 to 0.6.4

Release notes

Sourced from scientific-python/upload-nightly-action's releases.

0.6.4

What's Changed

• ENH: Add month cooldown window for new package uploads by @​matthewfeickert in scientific-python/upload-nightly-action#162
• MNT: Update anaconda-client to v1.14.1 by @​matthewfeickert in scientific-python/upload-nightly-action#162

Full Changelog: scientific-python/upload-nightly-action@0.6.3...0.6.4

Commits

• e76cfec ENH: Add month cooldown window for new package uploads (#162)
• 61dd7ed Build(deps): Bump the actions group with 3 updates (#160)
• 3485ac9 Build(deps): Bump astral-sh/setup-uv in the actions group (#159)
• 90d38cd Build(deps): Bump the actions group with 4 updates (#157)
• 10c7394 ci: Update 'Remove old wheels' workflow anaconda-client to v1.14.0 (#156)
• f20bce6 Build(deps): Bump the actions group with 2 updates (#154)
• f7b24c6 DOC: Update action commit SHA to the 0.6.3 tag (#153)
• See full diff in compare view

Updates plbstl/first-contribution from 4.2.0 to 4.3.0

Release notes

Sourced from plbstl/first-contribution's releases.

v4.3.0

What's Changed

• feat: add option to skip internal contributors by @​plbstl in plbstl/first-contribution#94
• improved logs

Full Changelog: plbstl/first-contribution@v4.2.0...v4.3.0

Commits

• 7c31f41 update package.json version from 4.2.0 to 4.3.0
• 0ac597e regenerate pnpm lock file
• 05c2ecb add readme section for skipping internal contributors
• c6306b0 regenerate reports
• f6b0e53 fix author variables in tests
• a82a529 remove extra logging of action inputs
• d44b4b0 consistently use author as variable name
• ad90c0b feat: add option to skip internal contributors (#94)
• 9a901fd remove unnecessary trims
• fda9f6c better log output for comment body
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in codecov/codecov-action#1929
• Th/6.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in codecov/codecov-action#1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in codecov/codecov-action#1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 57e3a13 Th/6.0.0 (#1928)
• f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
• 75cd116 chore(release): 5.5.4 (#1927)
• 87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
• 1af5884 chore(release): bump to 5.5.3 (#1922)
• c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
• See full diff in compare view

Updates imjohnbo/issue-bot from 3.4.4 to 3.4.5

Release notes

Sourced from imjohnbo/issue-bot's releases.

v3.4.5 – fix README example, update dependencies

What's Changed

• Fixed the README simple usage example, which included pinned: true without the required labels field — causing Error: Invalid inputs for anyone copying it verbatim. (#104)
• Bumped @​actions/github (^6→^8) and @​actions/core (^1→^2) to resolve three undici security advisories: GHSA-g9mf-h72j-4rw9, GHSA-2mjp-6q6p-2qxm, Description has been truncated