Skip to content

chore(deps): update non-major github actions#109

Merged
abubnalitic-nbl merged 1 commit into
mainfrom
renovate/non-major-github-actions
Apr 20, 2026
Merged

chore(deps): update non-major github actions#109
abubnalitic-nbl merged 1 commit into
mainfrom
renovate/non-major-github-actions

Conversation

@nbl-renovate

@nbl-renovate nbl-renovate Bot commented Apr 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/upload-artifact action patch v7.0.0v7.0.1
astral-sh/setup-uv action minor v8.0.0v8.1.0
docker/build-push-action action minor v7.0.0v7.1.0
docker/login-action action minor v4.0.0v4.1.0
github/codeql-action action patch v4.35.1v4.35.2
python uses-with patch 3.14.33.14.4

Release Notes

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

astral-sh/setup-uv (astral-sh/setup-uv)

v8.1.0: 🌈 New input no-project

Compare Source

Changes

This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
docker/build-push-action (docker/build-push-action)

v7.1.0

Compare Source

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

docker/login-action (docker/login-action)

v4.1.0

Compare Source

Full Changelog: docker/login-action@v4.0.0...v4.1.0

github/codeql-action (github/codeql-action)

v4.35.2

Compare Source

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #​3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #​3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #​3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #​3807
  • Update default CodeQL bundle version to 2.25.2. #​3823
actions/python-versions (python)

v3.14.4: 3.14.4

Compare Source

Python 3.14.4


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • "before 4am on Monday,Tuesday,Wednesday,Thursday,Friday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@nbl-renovate nbl-renovate Bot added the dependencies Pull requests that update a dependency file label Apr 6, 2026
@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch from 287bf36 to 99be53e Compare April 13, 2026 00:29
@nbl-renovate nbl-renovate Bot changed the title chore(deps): update docker/login-action action to v4.1.0 chore(deps): update non-major github actions Apr 13, 2026
@github-actions

github-actions Bot commented Apr 13, 2026

Copy link
Copy Markdown
Contributor

Vulnerability Scan: Passed

Image: netbox-mcp-server:scan

Source Library CVE Severity Installed Fixed Title
Python Pygments CVE-2026-4539 ⚪ LOW 2.19.2 2.20.0 pygments: Pygments: Denial of Service via inefficient regular expression process
Python cryptography CVE-2026-39892 🟡 MEDIUM 46.0.6 46.0.7 cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API
Python python-multipart CVE-2026-40347 🟡 MEDIUM 0.0.22 0.0.26 python-multipart affected by Denial of Service via large multipart preamble or e

Commit: 609995b

@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch 2 times, most recently from f348bd8 to e8109f9 Compare April 16, 2026 12:27
@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch from e8109f9 to ee2b987 Compare April 20, 2026 00:28
@abubnalitic-nbl abubnalitic-nbl merged commit 480795f into main Apr 20, 2026
15 checks passed
@abubnalitic-nbl abubnalitic-nbl deleted the renovate/non-major-github-actions branch April 20, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant