Latest Results
Bump the actions-non-major group across 1 directory with 7 updates (#291)
Bumps the actions-non-major group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
|
[actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain)
| `1.15.4` | `1.16.0` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) |
`2.68.29` | `2.75.17` |
| [CodSpeedHQ/action](https://github.com/codspeedhq/action) | `4.12.1` |
`4.13.1` |
|
[EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action)
| `2.0.15` | `2.0.17` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `7.0.0` | `7.0.1` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.35.1` | `4.35.2` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.45.0` |
`1.45.1` |
Updates `actions-rust-lang/setup-rust-toolchain` from 1.15.4 to 1.16.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/releases">actions-rust-lang/setup-rust-toolchain's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions/checkout to v6 on README by <a
href="https://github.com/ryuapp"><code>@ryuapp</code></a> in <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/pull/88">actions-rust-lang/setup-rust-toolchain#88</a></li>
<li>feat: add cache-save-if input to propagate save-if to
Swatinem/rust-cache by <a
href="https://github.com/ChanTsune"><code>@ChanTsune</code></a> in <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/pull/90">actions-rust-lang/setup-rust-toolchain#90</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ryuapp"><code>@ryuapp</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/pull/88">actions-rust-lang/setup-rust-toolchain#88</a></li>
<li><a href="https://github.com/ChanTsune"><code>@ChanTsune</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/pull/90">actions-rust-lang/setup-rust-toolchain#90</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/compare/v1.15.4...v1.16.0">https://github.com/actions-rust-lang/setup-rust-toolchain/compare/v1.15.4...v1.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md">actions-rust-lang/setup-rust-toolchain's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased]</h2>
<h2>[1.16.0] - 2026-04-13</h2>
<ul>
<li>Add new parameter <code>cache-save-if</code> that is propagated to
<code>Swatinem/rust-cache</code> as <code>save-if</code> (<a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/90">#90</a>
by <a
href="https://github.com/ChanTsune"><code>@ChanTsune</code></a>)</li>
</ul>
<h2>[1.15.4] - 2026-03-15</h2>
<ul>
<li>Bump Swatinem/rust-cache from 2.8.2 to 2.9.1 (<a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/87">#87</a>
by <a
href="https://github.com/hyperfinitism"><code>@hyperfinitism</code></a>)
This gets rid of the warnings about Node.js 20.</li>
</ul>
<h2>[1.15.3] - 2026-03-01</h2>
<ul>
<li>Bump Swatinem/rust-cache from 2.8.1 to 2.8.2</li>
</ul>
<h2>[1.15.2] - 2025-10-04</h2>
<ul>
<li>Fix: Run the version detection steps in the selected
<code>rust-src-dir</code> directory.
This should enable the version selection even without a default
toolchain installed.
Fixes <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/74">#74</a>.</li>
</ul>
<h2>[1.15.1] - 2025-09-23</h2>
<ul>
<li>Update <code>Swatinem/rust-cache</code> to v2.8.1</li>
</ul>
<h2>[1.15.0] - 2025-09-14</h2>
<ul>
<li>Add support for non-root source directory.
Accept source code and <code>rust-toolchain.toml</code> file in
subdirectories of the repository.
Adds a new parameter <code>rust-src-dir</code> that controls the lookup
for toolchain files and sets a default value for the
<code>cache-workspace</code> input. (<a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/69">#69</a>
by <a href="https://github.com/Kubaryt"><code>@Kubaryt</code></a>)</li>
</ul>
<h2>[1.14.1] - 2025-08-28</h2>
<ul>
<li>Pin <code>Swatinem/rust-cache</code> action to a full commit SHA (<a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/68">#68</a>
by <a
href="https://github.com/JohnTitor"><code>@JohnTitor</code></a>)</li>
</ul>
<h2>[1.14.0] - 2025-08-23</h2>
<ul>
<li>Add new parameters <code>cache-all-crates</code> and
<code>cache-workspace-crates</code> that are propagated to
<code>Swatinem/rust-cache</code> as <code>cache-all-crates</code> and
<code>cache-workspace-crates</code></li>
</ul>
<h2>[1.13.0] - 2025-06-16</h2>
<ul>
<li>Add new parameter <code>cache-provider</code> that is propagated to
<code>Swatinem/rust-cache</code> as <code>cache-provider</code> (<a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/65">#65</a>
by <a
href="https://github.com/mindrunner"><code>@mindrunner</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/commit/2b1f5e9b395427c92ee4e3331786ca3c37afe2d7"><code>2b1f5e9</code></a>
Update CHANGELOG for version 1.16.0</li>
<li><a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/commit/9030f3d7f5c3c13f6bd46c0e0cee9920ec9db523"><code>9030f3d</code></a>
Merge pull request <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/90">#90</a>
from ChanTsune/feat/cache-save-if</li>
<li><a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/commit/186b99ef06deaa18471fe4efa80002511ebb0617"><code>186b99e</code></a>
feat: add cache-save-if input to propagate save-if to
Swatinem/rust-cache</li>
<li><a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/commit/d197c158264056996cfba74a9c2d93886346edc3"><code>d197c15</code></a>
Merge pull request <a
href="https://redirect.github.com/actions-rust-lang/setup-rust-toolchain/issues/88">#88</a>
from ryuapp/chore/update-chekcout-v6-on-readme</li>
<li><a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/commit/fa057b45cfd520ccd3ca4d2ae31c5abdaa2e855d"><code>fa057b4</code></a>
Update actions/checkout to v6 on README</li>
<li>See full diff in <a
href="https://github.com/actions-rust-lang/setup-rust-toolchain/compare/150fca883cd4034361b621bd4e6a9d34e5143606...2b1f5e9b395427c92ee4e3331786ca3c37afe2d7">compare
view</a></li>
</ul>
</details>
<br />
Updates `taiki-e/install-action` from 2.68.29 to 2.75.17
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.75.17</h2>
<ul>
<li>
<p>Update <code>tombi@latest</code> to 0.9.18.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.15.</p>
</li>
</ul>
<h2>2.75.16</h2>
<ul>
<li>
<p>Update <code>uv@latest</code> to 0.11.7.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.14.</p>
</li>
<li>
<p>Update <code>vacuum@latest</code> to 0.25.9.</p>
</li>
<li>
<p>Update <code>cargo-machete@latest</code> to 0.9.2.</p>
</li>
<li>
<p>Update <code>cargo-deny@latest</code> to 0.19.4.</p>
</li>
</ul>
<h2>2.75.15</h2>
<ul>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.133.</p>
</li>
<li>
<p>Update <code>biome@latest</code> to 2.4.12.</p>
</li>
</ul>
<h2>2.75.14</h2>
<ul>
<li>
<p>Implement potential workaround for <a
href="https://redirect.github.com/actions/partner-runner-images/issues/169">windows-11-arm
runner bug</a> which sometimes causes installation failure.</p>
<p>The issue where this bug affected the startup of bash was addressed
in 2.71.2, but we received a report that the <a
href="https://redirect.github.com/taiki-e/install-action/pull/1657#issuecomment-4252717651">same
problem seems to occur when starting other commands as well</a>.</p>
</li>
<li>
<p>Update <code>cargo-deny@latest</code> to 0.19.2.</p>
</li>
</ul>
<h2>2.75.13</h2>
<ul>
<li>Update <code>zizmor@latest</code> to 1.24.1.</li>
</ul>
<h2>2.75.12</h2>
<ul>
<li>
<p>Update <code>typos@latest</code> to 1.45.1.</p>
</li>
<li>
<p>Update <code>cargo-xwin@latest</code> to 0.21.5.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.18.1.</p>
</li>
</ul>
<h2>2.75.11</h2>
<ul>
<li>
<p>Update <code>prek@latest</code> to 0.3.9.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.11.</p>
</li>
<li>
<p>Update <code>zizmor@latest</code> to 1.24.0.</p>
</li>
</ul>
<h2>2.75.10</h2>
<ul>
<li>
<p>Update <code>tombi@latest</code> to 0.9.17.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.10.</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<ul>
<li>
<p>Update <code>prek@latest</code> to 0.3.10.</p>
</li>
<li>
<p>Update <code>cargo-xwin@latest</code> to 0.22.0.</p>
</li>
</ul>
<h2>[2.75.19] - 2026-04-21</h2>
<ul>
<li>
<p>Update <code>wasmtime@latest</code> to 44.0.0.</p>
</li>
<li>
<p>Update <code>tombi@latest</code> to 0.9.20.</p>
</li>
<li>
<p>Update <code>martin@latest</code> to 1.6.0.</p>
</li>
<li>
<p>Update <code>just@latest</code> to 1.50.0.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.18.</p>
</li>
<li>
<p>Update <code>rclone@latest</code> to 1.73.5.</p>
</li>
</ul>
<h2>[2.75.18] - 2026-04-19</h2>
<ul>
<li>
<p>Update <code>vacuum@latest</code> to 0.26.1.</p>
</li>
<li>
<p>Update <code>wasm-tools@latest</code> to 1.247.0.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.16.</p>
</li>
<li>
<p>Update <code>espup@latest</code> to 0.17.1.</p>
</li>
<li>
<p>Update <code>trivy@latest</code> to 0.70.0.</p>
</li>
</ul>
<h2>[2.75.17] - 2026-04-17</h2>
<ul>
<li>
<p>Update <code>tombi@latest</code> to 0.9.18.</p>
</li>
<li>
<p>Update <code>mise@latest</code> to 2026.4.15.</p>
</li>
</ul>
<h2>[2.75.16] - 2026-04-17</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/taiki-e/install-action/commit/58e862542551f667fa44c8a2a4a1d64ad477c96a"><code>58e8625</code></a>
Release 2.75.17</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/b9e89d5f4e53672e69356dfc51b17c0f1f9fe81e"><code>b9e89d5</code></a>
Update vacuum manifest</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/97204a3065328b1356269718fb5c1c0aa53931f2"><code>97204a3</code></a>
ci: Update config</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/2bfe66531d7f9749eb0e4c5ea902d6b3b0ca727a"><code>2bfe665</code></a>
Update changelog</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/3f52e564036635f1f1a774e0bebd20c17917b1b3"><code>3f52e56</code></a>
Update wasm-tools manifest</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/2fd0ba806a006aacaa514705ca080898d157aa62"><code>2fd0ba8</code></a>
Update <code>tombi@latest</code> to 0.9.18</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/711af1aa187c2973060e7e75d3be1599e8305a7a"><code>711af1a</code></a>
Update <code>mise@latest</code> to 2026.4.15</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/c127aaa0fa8c555cbfb72bfa29b29a692d25d267"><code>c127aaa</code></a>
Update mise manifest</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/9479ae3764568bdfd64fbf290b14fc95cb99e14e"><code>9479ae3</code></a>
Update espup manifest</li>
<li><a
href="https://github.com/taiki-e/install-action/commit/6ac39c59e2aebc82840e8742534b705bf6cb56e2"><code>6ac39c5</code></a>
Update trivy manifest</li>
<li>Additional commits viewable in <a
href="https://github.com/taiki-e/install-action/compare/a888d8f01506d4d9870e4a94d8b2ff13cc956c2e...58e862542551f667fa44c8a2a4a1d64ad477c96a">compare
view</a></li>
</ul>
</details>
<br />
Updates `CodSpeedHQ/action` from 4.12.1 to 4.13.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codspeedhq/action/releases">CodSpeedHQ/action's
releases</a>.</em></p>
<blockquote>
<h2>v4.13.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps)!: update actions to Node.js 24 runtime by <a
href="https://github.com/shaanmajid"><code>@shaanmajid</code></a> in <a
href="https://redirect.github.com/CodSpeedHQ/action/pull/201">CodSpeedHQ/action#201</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/shaanmajid"><code>@shaanmajid</code></a> made
their first contribution in <a
href="https://redirect.github.com/CodSpeedHQ/action/pull/201">CodSpeedHQ/action#201</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/CodSpeedHQ/action/compare/v4.13.0...v4.13.1">https://github.com/CodSpeedHQ/action/compare/v4.13.0...v4.13.1</a></p>
<h2>v4.13.0</h2>
<h2>Release Notes</h2>
<p>We added support for a new experimental flag
<code>--experimental-fair-sched</code> to have valgrind use the
<code>--fair-sched</code> argument.</p>
<p>Usage in the action:</p>
<pre lang="yaml"><code> - name: Run the benchmarks
uses: CodSpeedHQ/action@v4
env:
CODSPEED_EXPERIMENTAL_FAIR_SCHED: "true"
with:
run: cargo codspeed run # Replace with your command
mode: simulation
</code></pre>
<p><strong>Full Runner Changelog</strong>: <a
href="https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md">https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/db35df748deb45fdef0960669f57d627c1956c30"><code>db35df7</code></a>
Release v4.13.1 🚀</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/bc1110745c91ab200c2a5a0b275a90c465e9c4dc"><code>bc11107</code></a>
feat: support action-only releases with explicit version argument</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/12a303dac2bc47c86fcd3fa75f49a83c2448eeba"><code>12a303d</code></a>
feat: fail release script if version already exists</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/6e1e277acad83ce8319b947dabb46c993da2ffaf"><code>6e1e277</code></a>
feat: add dry-run mode to release script</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/d2147274b1e3a6e10f9c95bfba8441a15ae4c61e"><code>d214727</code></a>
build(deps)!: update actions to Node.js 24 runtime (<a
href="https://redirect.github.com/codspeedhq/action/issues/201">#201</a>)</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/d872884a306dd4853acf0f584f4b706cf0cc72a2"><code>d872884</code></a>
Release v4.13.0 🚀</li>
<li><a
href="https://github.com/CodSpeedHQ/action/commit/c179ec8a32f11fb9d6e319aa931b619036f5d2a3"><code>c179ec8</code></a>
chore: bump runner version to 4.13.0 (<a
href="https://redirect.github.com/codspeedhq/action/issues/198">#198</a>)</li>
<li>See full diff in <a
href="https://github.com/codspeedhq/action/compare/1c8ae4843586d3ba879736b7f6b7b0c990757fab...db35df748deb45fdef0960669f57d627c1956c30">compare
view</a></li>
</ul>
</details>
<br />
Updates `EmbarkStudios/cargo-deny-action` from 2.0.15 to 2.0.17
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/EmbarkStudios/cargo-deny-action/commit/91bf2b620e09e18d6eb78b92e7861937469acedb"><code>91bf2b6</code></a>
Bump to 0.19.2</li>
<li><a
href="https://github.com/EmbarkStudios/cargo-deny-action/commit/175dc7fd4fb85ec8f46948fb98f44db001149081"><code>175dc7f</code></a>
Bump to 0.19.1</li>
<li>See full diff in <a
href="https://github.com/embarkstudios/cargo-deny-action/compare/3fd3802e88374d3fe9159b834c7714ec57d6c979...91bf2b620e09e18d6eb78b92e7861937469acedb">compare
view</a></li>
</ul>
</details>
<br />
Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the readme with direct upload details by <a
href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li>
<li>Readme: bump all the example versions to v7 by <a
href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li>
<li>Include changes in typespec/ts-http-runtime 0.3.5 by <a
href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"><code>043fb46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94"><code>634250c</code></a>
Include changes in typespec/ts-http-runtime 0.3.5</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8"><code>e454baa</code></a>
Readme: bump all the example versions to v7 (<a
href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e"><code>74fad66</code></a>
Update the readme with direct upload details (<a
href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a">compare
view</a></li>
</ul>
</details>
<br />
Updates `github/codeql-action` from 4.35.1 to 4.35.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.2</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
"True/false", then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a "Multi select" repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Once <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a> can be configured with OIDC-based authentication
for organizations, the CodeQL Action will now be able to accept such
configurations. <a
href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error "Response body object should not be disturbed
or locked". <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
<li>
<p>A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p>
</li>
</ul>
<h2>4.32.6 - 05 Mar 2026</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/95e58e9a2cdfd71adc6e0353d5c52f41a045d225"><code>95e58e9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3824">#3824</a>
from github/update-v4.35.2-d2e135a73</li>
<li><a
href="https://github.com/github/codeql-action/commit/6f31bfe060e817d81e938dbec767969d20031e25"><code>6f31bfe</code></a>
Update changelog for v4.35.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/d2e135a73a39154e3a231aeb49163c4661c5b8b1"><code>d2e135a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3823">#3823</a>
from github/update-bundle/codeql-bundle-v2.25.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/60abb65df09fcf213c398e064c8a80db1f15cdaf"><code>60abb65</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/5a0a562209255e956ad8aafcee303294e64eefa2"><code>5a0a562</code></a>
Update default bundle to codeql-bundle-v2.25.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/65216971a11ded447a6b76263d5a144519e5eee1"><code>6521697</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3820">#3820</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/3c45af2dd258e1623af1898da5c86545b514e028"><code>3c45af2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3821">#3821</a>
from github/dependabot/npm_and_yarn/npm-minor-345b93...</li>
<li><a
href="https://github.com/github/codeql-action/commit/f1c339364c12f922998186ed897e45e3b4ae8874"><code>f1c3393</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/1024fc496c87e944a93e98d8cf2c09e2c7602a30"><code>1024fc4</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/9dd4cfed96030ccdfe1af4daf7a7964322704fed"><code>9dd4cfe</code></a>
Bump the npm-minor group across 1 directory with 6 updates</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225">compare
view</a></li>
</ul>
</details>
<br />
Updates `crate-ci/typos` from 1.45.0 to 1.45.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.45.1</h2>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.45.1] - 2026-04-13</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Use a temp dir for caching</li>
</ul>
<h2>[1.45.0] - 2026-04-01</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1509">March
2026</a> changes</li>
</ul>
<h2>[1.44.0] - 2026-02-27</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1488">February
2026</a> changes</li>
</ul>
<h2>[1.43.5] - 2026-02-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(pypi)</em> Hopefully fix the sdist build</li>
</ul>
<h2>[1.43.4] - 2026-02-09</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>pincher</code></li>
</ul>
<h2>[1.43.3] - 2026-02-06</h2>
<h3>Fixes</h3>
<ul>
<li><em>(action)</em> Adjust how typos are reported to github</li>
</ul>
<h2>[1.43.2] - 2026-02-05</h2>
<h3>Fixes</h3>
<ul>
<li>Don't correct <code>certifi</code> in Python</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/cf5f1c29a8ac336af8568821ec41919923b05a83"><code>cf5f1c2</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/485d42553ebf5bd9c810c24c6521bf608d663e70"><code>485d425</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2fe77ce0ce53ef0ba47e9b371fef1a949baaff3a"><code>2fe77ce</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1539">#1539</a>
from epage/action</li>
<li><a
href="https://github.com/crate-ci/typos/commit/a9595eaf0cc3266bd7fa5c3b2ec7e2a5f3685d18"><code>a9595ea</code></a>
fix(action): Leave binary in temp dir</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/02ea592e44b3a53c302f697cddca7641cd051c3d...cf5f1c29a8ac336af8568821ec41919923b05a83">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Latest Branches
0%
dependabot/rust_toolchain/rust-toolchain-1.95.0 0%
dependabot/github_actions/actions-non-major-38ea60882d 0%
dependabot/github_actions/actions-non-major-932e07360d © 2026 CodSpeed Technology