Bump the "infra" group with 1 update across multiple ecosystems by dependabot[bot] · Pull Request #703 · cncf/gitvote

dependabot · 2026-04-02T00:41:22Z

Bumps the infra group with 5 updates:

Package	From	To
actions/checkout	`5`	`6`
azure/setup-helm	`4`	`5`
helm/chart-testing-action	`2.7.0`	`2.8.0`
helm/kind-action	`1.12.0`	`1.14.0`
docker/login-action	`3`	`4`

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
See full diff in compare view

Updates azure/setup-helm from 4 to 5

Release notes

Sourced from azure/setup-helm's releases.

v5.0.0

Changed

#259 Update Node.js runtime from node20 to node24

#263 Bump undici

#257 Bump undici and @actions/http-client

#256 Bump minimatch

#248 Bump the actions group with 2 updates

#247 Bump the actions group with 3 updates

#246 Bump @types/node from 25.0.2 to 25.0.3 in the actions group

#245 Bump the actions group with 3 updates

#243 Bump the actions group with 2 updates

#240 Bump prettier from 3.6.2 to 3.7.3 in the actions group

#229 Bump the actions group across 1 directory with 3 updates

#231 Bump js-yaml from 3.14.1 to 3.14.2

#234 Bump glob from 10.4.5 to 10.5.0

#225 Fix build error

#222 Bump @types/node from 24.7.2 to 24.8.1 in the actions group

#220 Bump the actions group across 1 directory with 4 updates

#216 Bump the actions group across 1 directory with 4 updates

#213 Bump the actions group with 2 updates

#211 Bump undici

#212 Bump jest from 30.0.5 to 30.1.2 in the actions group

#210 Bump @types/node from 24.2.1 to 24.3.0 in the actions group

v4.3.1

Changed

#167 Pinning Action Dependencies for Security and Reliability

#181 Fix types, and update node version.

#191 chore(tests): Mock arch to make tests pass on arm host

#192 chore: remove unnecessary prebuild script

#203 Update helm version retrieval to use JSON output for latest version

#207 ci(workflows): update helm version to v3.18.4 and add matrix for tests

Added

#197 Add pre-commit hook

v4.3.0

#152 feat: log when restoring from cache

#157 Dependencies Update

#137 Add dependabot

v4.2.0

#124 Fix OS detection and download OS-native archive extension

v4.1.0

#130 switches to use Helm published file to read latest version instead of using GitHub releases

Changelog

Sourced from azure/setup-helm's changelog.

[4.3.0] - 2025-02-15

#152 feat: log when restoring from cache

#157 Dependencies Update

#137 Add dependabot

[4.2.0] - 2024-04-15

#124 Fix OS detection and download OS-native archive extension

[4.1.0] - 2024-03-01

#130 switches to use Helm published file to read latest version instead of using GitHub releases

[4.0.0] - 2024-02-12

#121 update to node20 as node16 is deprecated

Commits

dda3372 build
3894c84 chore(release): v5.0.0 (#265)
ca66f38 Update Node.js runtime from node20 to node24 (#259)
316ed5a Bump undici (#263)
bc9bc0c Bump undici and @actions/http-client (#257)
16e3094 Bump minimatch (#256)
6e42753 Bump actions/stale in /.github/workflows in the actions group (#255)
9651d9d Bump actions/checkout in /.github/workflows in the actions group (#251)
658bff9 Bump the actions group with 2 updates (#248)
331c814 Bump the actions group with 3 updates (#247)
Additional commits viewable in compare view

Updates helm/chart-testing-action from 2.7.0 to 2.8.0

Release notes

Sourced from helm/chart-testing-action's releases.

v2.8.0

What's Changed

Bump the actions group across 1 directory with 4 updates by @dependabot[bot] in helm/chart-testing-action#171

Fix the broken link for GitHub Help Documentation by @subramani95 in helm/chart-testing-action#174

bump ct and yamale version by @cpanato in helm/chart-testing-action#178

Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in helm/chart-testing-action#181

Bump actions/setup-python from 5.4.0 to 6.0.0 by @dependabot[bot] in helm/chart-testing-action#179

Bump the actions group across 1 directory with 2 updates by @dependabot[bot] in helm/chart-testing-action#183

Use uv instead of python venv by @nikolaik in helm/chart-testing-action#172

Bump sigstore/cosign-installer from 3.8.1 to 4.0.0 by @dependabot[bot] in helm/chart-testing-action#184

New Contributors

@subramani95 made their first contribution in helm/chart-testing-action#174

@nikolaik made their first contribution in helm/chart-testing-action#172

Full Changelog: helm/chart-testing-action@v2...v2.8.0

Commits

6ec842c Bump sigstore/cosign-installer from 3.8.1 to 4.0.0 (#184)
4ea74f6 Use uv instead of python venv (#172)
b0c0606 Bump the actions group across 1 directory with 2 updates (#183)
0bfa5c0 Bump actions/setup-python from 5.4.0 to 6.0.0 (#179)
e27de75 Bump actions/checkout from 4.2.2 to 5.0.0 (#181)
2fe8321 bump ct and yamale version (#178)
0941a6b Fix the broken link for GitHub Help Documentation (#174)
c71c0c7 Bump the actions group across 1 directory with 4 updates (#171)
See full diff in compare view

Updates helm/kind-action from 1.12.0 to 1.14.0

Release notes

Sourced from helm/kind-action's releases.

v1.14.0

What's Changed

Bump actions/checkout from 5.0.0 to 6.0.1 by @dependabot[bot] in helm/kind-action#153

bump kind to v0.31.0 and k8s to v1.35.0 by @MrFreezeex in helm/kind-action#155

Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in helm/kind-action#156

New Contributors

@MrFreezeex made their first contribution in helm/kind-action#155

Full Changelog: helm/kind-action@v1...v1.14.0

v1.13.0

What's Changed

chore: verify sha256sum of kubectl by @felix-kaestner in helm/kind-action#134

Load GITHUB_PATH in PATH to use correct binaries when creating registry by @gotha in helm/kind-action#133

feat: Add cloud provider by @waltermity in helm/kind-action#135

chore: bump kind to v0.29.0 by @pmalek in helm/kind-action#144

Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in helm/kind-action#145

bug: respect 'install_only' action input value by @mszostok in helm/kind-action#147

bump kind and kubectl and also nodejs by @cpanato in helm/kind-action#150

New Contributors

@felix-kaestner made their first contribution in helm/kind-action#134

@gotha made their first contribution in helm/kind-action#133

@waltermity made their first contribution in helm/kind-action#135

@pmalek made their first contribution in helm/kind-action#144

@mszostok made their first contribution in helm/kind-action#147

Full Changelog: helm/kind-action@v1...v1.13.0

Commits

ef37e7f Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group (#156)
f5f117a bump kind to v0.31.0 and k8s to v1.35.0 (#155)
2cd8ada Bump actions/checkout from 5.0.0 to 6.0.1 (#153)
92086f6 bump kind and kubectl and also nodejs (#150)
7cd7463 bug: respect 'install_only' action input value (#147)
50ea670 Bump actions/checkout from 4.2.2 to 5.0.0 (#145)
b72c923 chore: bump kind to v0.29.0 (#144)
d4887be Add cloud provider (#135)
d730aaf Load GITHUB_PATH in PATH to use correct binaries when creating registry (#133)
a6dfd81 chore: verify sha256sum of kubectl (#134)
See full diff in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits

b45d80f Merge pull request #929 from crazy-max/node24
176cb9c node 24 as default runtime
cad8984 Merge pull request #920 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
92cbcb2 chore: update generated content
5a2d6a7 build(deps): bump the aws-sdk-dependencies group with 2 updates
44512b6 Merge pull request #928 from docker/dependabot/npm_and_yarn/docker/actions-to...
28737a5 chore: update generated content
dac0793 build(deps): bump @docker/actions-toolkit from 0.76.0 to 0.77.0
62029f3 Merge pull request #919 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
08c8f06 chore: update generated content
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the infra group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5` | `6` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4` | `5` | | [helm/chart-testing-action](https://github.com/helm/chart-testing-action) | `2.7.0` | `2.8.0` | | [helm/kind-action](https://github.com/helm/kind-action) | `1.12.0` | `1.14.0` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@v4...v5) Updates `helm/chart-testing-action` from 2.7.0 to 2.8.0 - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](helm/chart-testing-action@v2.7.0...v2.8.0) Updates `helm/kind-action` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](helm/kind-action@v1.12.0...v1.14.0) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: infra - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: infra - dependency-name: helm/chart-testing-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra - dependency-name: helm/kind-action dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: infra - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: infra ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the "infra" group with 1 update across multiple ecosystems#703

Bump the "infra" group with 1 update across multiple ecosystems#703
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/infra-98bc481430

dependabot bot commented on behalf of github Apr 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 2, 2026

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v5.0.0

Changed

v4.3.1

Changed

Added

v4.3.0

v4.2.0

v4.1.0

[4.3.0] - 2025-02-15

[4.2.0] - 2024-04-15

[4.1.0] - 2024-03-01

[4.0.0] - 2024-02-12

v2.8.0

What's Changed

New Contributors

v1.14.0

What's Changed

New Contributors

v1.13.0

What's Changed

New Contributors

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants