chore(deps): bump the github-actions group across 1 directory with 2 updates by dependabot[bot] · Pull Request #763 · bounded-systems/prx

dependabot · 2026-06-27T22:05:27Z

Bumps the github-actions group with 2 updates in the / directory: actions/attest-build-provenance and softprops/action-gh-release.

Updates actions/attest-build-provenance from 4.1.0 to 4.1.1

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.1

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Update actions/attest to v4.1.1 by @bdehamer in actions/attest-build-provenance#858

Full Changelog: actions/attest-build-provenance@v4.1.0...v4.1.1

Commits

0f67c3f Bump actions/checkout from 6.0.3 to 7.0.0 (#857)
21b787d Update actions/attest to v4.1.1 (#858)
f14352a add dependabot cooldown (#851)
2c04a00 Bump actions/checkout from 6.0.2 to 6.0.3 in the actions-minor group (#850)
10334b5 remove badges from README (#840)
c5efebd remove prober workflows (#837)
See full diff in compare view

Updates softprops/action-gh-release from 3.0.0 to 3.0.1

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.1

3.0.1

maintenance release with updated dependencies

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.1

maintenance release with updated dependencies

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

Move the action runtime and bundle target to Node 24

Update @types/node to the Node 24 line and allow future Dependabot updates

Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @dependabot[bot] in softprops/action-gh-release#775

chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @dependabot[bot] in softprops/action-gh-release#777

chore(deps): bump vite from 8.0.0 to 8.0.5 by @dependabot[bot] in softprops/action-gh-release#781

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

... (truncated)

Commits

718ea10 release 3.0.1
f1a938b chore(deps): bump esbuild from 0.28.0 to 0.28.1 (#802)
0066ead chore(deps): bump vite from 8.0.14 to 8.0.16 (#806)
dc643ca chore(deps): bump the npm group with 3 updates (#805)
85ee99b chore(deps): bump actions/checkout in the github-actions group (#804)
9ed3cf9 chore(deps): bump the npm group with 2 updates (#800)
3efcac8 chore(deps): bump the npm group with 3 updates (#798)
05d6b91 chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (#797)
403a524 chore(deps): bump @types/node from 24.12.2 to 24.12.3 in the npm group (#796)
437e073 chore(deps): bump the npm group with 4 updates (#792)
Additional commits viewable in compare view

github-code-quality · 2026-06-27T22:06:55Z

Code Coverage Overview

Languages: TypeScript

TypeScript / unit

The overall coverage remains at 88%, unchanged from the main branch.

_{Updated June 29, 2026 02:32 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

…updates Bumps the github-actions group with 2 updates in the / directory: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f) Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@b430933...718ea10) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 27, 2026

dependabot Bot requested a review from a team as a code owner June 27, 2026 22:05

dependabot Bot force-pushed the dependabot/github_actions/github-actions-2cf96d54d7 branch 2 times, most recently from 6777d46 to df2192e Compare June 28, 2026 21:16

dependabot Bot force-pushed the dependabot/github_actions/github-actions-2cf96d54d7 branch from df2192e to 610bddd Compare June 29, 2026 02:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the github-actions group across 1 directory with 2 updates#763

chore(deps): bump the github-actions group across 1 directory with 2 updates#763
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-2cf96d54d7

dependabot Bot commented on behalf of github Jun 27, 2026 •

edited

Loading

Uh oh!

github-code-quality Bot commented Jun 27, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.1.1

What's Changed

v3.0.1

3.0.1

3.0.1

3.0.0

What's Changed

Other Changes 🔄

2.6.2

What's Changed

Other Changes 🔄

2.6.1

What's Changed

Bug fixes 🐛

2.6.0

Uh oh!

github-code-quality Bot commented Jun 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Code Coverage Overview

TypeScript / unit

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 27, 2026 •

edited

Loading

github-code-quality Bot commented Jun 27, 2026 •

edited

Loading