Skip to content

Bump the github-actions group across 1 directory with 4 updates#2498

Merged
Eliah Kagan (EliahKagan) merged 1 commit intomainfrom
dependabot/github_actions/github-actions-27b3a642ea
Apr 1, 2026
Merged

Bump the github-actions group across 1 directory with 4 updates#2498
Eliah Kagan (EliahKagan) merged 1 commit intomainfrom
dependabot/github_actions/github-actions-27b3a642ea

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the github-actions group with 4 updates in the / directory: Swatinem/rust-cache, actions/upload-artifact, msys2/setup-msys2 and zizmorcore/zizmor-action.

Updates Swatinem/rust-cache from 2.8.2 to 2.9.1

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.9.1

Fix regression in hash calculation

Full Changelog: Swatinem/rust-cache@v2.9.0...v2.9.1

v2.9.0

What's Changed

New Contributors

Full Changelog: Swatinem/rust-cache@v2.8.2...v2.9.0

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.9.1

  • Fix regression in hash calculation

2.9.0

  • Update to node24
  • Support running from within a nix shell
  • Consider all installed toolchains for cache key
  • Use case-insensitive comparison to determine exact cache hit

2.8.2

  • Don't overwrite env for cargo-metadata call

2.8.1

  • Set empty CARGO_ENCODED_RUSTFLAGS when retrieving metadata
  • Various dependency updates

2.8.0

  • Add support for warpbuild cache provider
  • Add new cache-workspace-crates feature

2.7.8

  • Include CPU arch in the cache key

2.7.7

  • Also cache cargo install metadata

2.7.6

  • Allow opting out of caching $CARGO_HOME/bin
  • Add runner OS in cache key
  • Adds an option to do lookup-only of the cache

2.7.5

  • Support Cargo.lock format cargo-lock v4
  • Only run macOsWorkaround() on macOS

2.7.3

  • Work around upstream problem that causes cache saving to hang for minutes.

... (truncated)

Commits

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Updates msys2/setup-msys2 from 2.30.0 to 2.31.0

Release notes

Sourced from msys2/setup-msys2's releases.

v2.31.0

  • Update base distribution to 20260322. [#597]
  • Update dependencies
  • Move to node24 from node20
Changelog

Sourced from msys2/setup-msys2's changelog.

Changelog

2.31.0

  • Update base distribution to 20260322. [#597]
  • Update dependencies
  • Move to node24 from node20

2.30.0

  • Update base distribution to 20251213. [#565]
  • Remove folder-hash dependency [#555]
  • Update dependencies

2.29.0

  • Allow installation to C:\msys64 if it doesn't exist already. Like with the new windows-11-arm image, for example. [#542]
  • Update base distribution to 20250830. [#548]
  • Update dependencies

2.28.0

  • Update base distribution to 20250622. [#518]
  • Update dependencies

2.27.0

  • Update base distribution to 20250221. [#480]
  • Update dependencies
  • Drop support for CLANG32

2.26.0

2.25.0

2.24.1

  • Added a new action output msys2-location to get the path to the MSYS2 installation directory. [#404]

2.24.0

... (truncated)

Commits

Updates zizmorcore/zizmor-action from 0.5.0 to 0.5.2

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.2

What's Changed

  • zizmor 1.23.1 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.1...v0.5.2

v0.5.1

What's Changed

  • zizmor 1.23.0 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.0...v0.5.1

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates pinned GitHub Actions used in this repository’s CI/security/release workflows to newer upstream versions, keeping the workflow supply chain current and aligned with upstream Node runtime migrations.

Changes:

  • Bump Swatinem/rust-cache pins from v2.8.2 to v2.9.1 in CI and cron workflows.
  • Bump actions/upload-artifact pin from v6.0.0 to v7.0.0 in CIFuzz workflow.
  • Bump msys2/setup-msys2 (v2.30.0 → v2.31.0) and zizmorcore/zizmor-action (v0.5.0 → v0.5.2) pins.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/workflows/zizmor.yml Updates zizmor action pin to v0.5.2 for workflow security analysis.
.github/workflows/release.yml Updates MSYS2 setup action pin to v2.31.0 for Windows installation/release job.
.github/workflows/cron.yml Updates rust-cache action pin to v2.9.1 for scheduled stress job caching.
.github/workflows/cifuzz.yml Updates upload-artifact action pin to v7.0.0 for crash artifact uploads.
.github/workflows/ci.yml Updates rust-cache action pin to v2.9.1 across CI jobs.

@EliahKagan
Copy link
Copy Markdown
Member

Eliah Kagan (EliahKagan) commented Apr 1, 2026

Dependabot (@dependabot) rebase

@dependabot
Bump the github-actions group with 4 updates
5ac5b38 
Bumps the github-actions group with 4 updates: [Swatinem/rust-cache](https://github.com/swatinem/rust-cache), [actions/upload-artifact](https://github.com/actions/upload-artifact), [msys2/setup-msys2](https://github.com/msys2/setup-msys2) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `Swatinem/rust-cache` from 2.8.2 to 2.9.1
- [Release notes](https://github.com/swatinem/rust-cache/releases)
- [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md)
- [Commits](Swatinem/rust-cache@779680d...c193711)

Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

Updates `msys2/setup-msys2` from 2.30.0 to 2.31.0
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](msys2/setup-msys2@4f806de...cafece8)

Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@0dce257...71321a2)

---
updated-dependencies:
- dependency-name: Swatinem/rust-cache
  dependency-version: 2.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: msys2/setup-msys2
  dependency-version: 2.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title Bump the github-actions group with 4 updates Bump the github-actions group across 1 directory with 4 updates Apr 1, 2026
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-27b3a642ea branch from 3a53eb7 to 5ac5b38 Compare April 1, 2026 14:51
Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

@EliahKagan Eliah Kagan (EliahKagan) merged commit ed1e75b into main Apr 1, 2026
36 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-27b3a642ea branch April 1, 2026 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@EliahKagan