Skip to content

chore(deps): bump the third-party-actions group with 6 updates #7125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tisonkun merged 3 commits into from
Jan 1, 2026
Merged

chore(deps): bump the third-party-actions group with 6 updates #7125

tisonkun merged 3 commits into from
Jan 1, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026
edited
Loading

Bumps the third-party-actions group with 6 updates:

Package From To
golangci/golangci-lint-action 8 9
swift-actions/setup-swift 2 3
mlugg/setup-zig 2.0.5 2.1.0
crate-ci/typos 1.38.1 1.41.0
burnett01/rsync-deployments 5.2 8
rust-lang/crates-io-auth-action 1.0.1 1.0.3

Updates golangci/golangci-lint-action from 8 to 9

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.0.0

In the scope of this release, we change Nodejs runtime from node20 to node24 (https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/).

What's Changed

Changes

Full Changelog: golangci/golangci-lint-action@v8.0.0...v9.0.0

Commits

Updates swift-actions/setup-swift from 2 to 3

Release notes

Sourced from swift-actions/setup-swift's releases.

3.0.0 Beta 1

Beta 1 of using Swiftly to setup Swift

  • Now uses Swiftly to set up Swift
  • Added flag skip-verify-signature to disable GPG verification checks

Features

  • Setup Swift more Swiftly 🚀 (setup-swift 3.0) (#710) @​fwal

2.4.0

Features

Fixes

2.3.0

Features

2.2.0

2.1.0

Features

Dependencies

Commits

Updates mlugg/setup-zig from 2.0.5 to 2.1.0

Release notes

Sourced from mlugg/setup-zig's releases.

v2.1.0

  • Support Forgejo Actions
  • Support recent Zig versions on ARM
  • Progress towards better OS support
  • Redirect Zig caches to working directory to avoid sharing the cache on self-hosted runners
Commits
  • fa65c40 github: add separate README
  • a76d6ba handle netbsd in tarball names
  • 33b3467 map sunos to illumos rather than solaris in tarball names
  • 2abe1dd remove aix tarball name handling
  • 274ad33 set Zig cache directories to the workspace-local .zig-cache
  • 9ffc387 Update ARM architecture name
  • 6235aa8 Use correct file extension everywhere
  • 244f44e Fix missing extension in temporary tarball path
  • a45b642 forgejo: add basic workflow to test setup-zig
  • 9715a6f README.md: make Forgejo Actions support explicit
  • See full diff in compare view

Updates crate-ci/typos from 1.38.1 to 1.41.0

Release notes

Sourced from crate-ci/typos's releases.

v1.41.0

[1.41.0] - 2025-12-31

Features

v1.40.1

[1.40.1] - 2025-12-29

Fixes

  • Treat incrementer and incrementor the same for now

Fixes

  • Don't correct ITerm2

v1.40.0

[1.40.0] - 2025-11-26

Features

v1.39.2

[1.39.2] - 2025-11-13

Fixes

  • Don't offer entry as a correction for entrys

v1.39.1

[1.39.1] - 2025-11-12

Features

  • Make --help more vibrant

v1.39.0

[1.39.0] - 2025-10-31

Features

Fixes

  • When a typo is pluralized, prefer pluralized corrections
Changelog

Sourced from crate-ci/typos's changelog.

[1.41.0] - 2025-12-31

Features

[1.40.1] - 2025-12-29

Fixes

  • Treat incrementer and incrementor the same for now

Fixes

  • Don't correct ITerm2

[1.40.0] - 2025-11-26

Features

[1.39.2] - 2025-11-13

Fixes

  • Don't offer entry as a correction for entrys

[1.39.1] - 2025-11-12

Features

  • Make --help more vibrant

[1.39.0] - 2025-10-31

Features

Fixes

  • When a typo is pluralized, prefer pluralized corrections
Commits

Updates burnett01/rsync-deployments from 5.2 to 8

Release notes

Sourced from burnett01/rsync-deployments's releases.

v8

v8-release-banner

What's Changed

Version v8 (8.0.2) offers the following features:

  • feat: latest Alpine 3.23.0
  • feat: latest Rsync 3.4.1-r1
  • feat: integrate rsync-docker 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
    • backported:
      • agent-start
      • agent-stop
      • agent-askpass
      • agent-add
      • hosts-add
      • hosts-clear
    • new added:
      • ssh-init
      • hosts-init
    • improved:
      • stricter permissions on .ssh/ folder (700) and known_hosts (600)
      • use set -eu in all scipts
  • feat: new strict_host_keys option to enable support for strict host key verification. Default: false (to keep backward compatibility)
  • feat: new debug option to see the commands executed (-x) by this action
  • feat: this action is now scanned for vulnerabilities by Snyk
  • feat; this action is now scanned by CodeQL for Q/A
  • feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
  • fix: various shell syntax for robustness
  • fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
  • refactor: use $HOME instead of tilde ~ for robustness
  • feat: cross-platform support
  • chore: Deprecate 7.0.2
  • chore: EOL 7.0.0 & 7.0.1

New release channels:

From now on you can use @v8 instead of manually pinning to a version like 8.0.2.

The benefit of using v8 is that you will receive future MINOR+PATCH updates automatically, since v8 is a pointer to 8.x.x.

However, of course you are free to use the regular format like 8.0.2 directly.

Full Changelog: Burnett01/rsync-deployments@7.1.0...8.0.2

Contributors:

7.1.0

... (truncated)

Commits
  • 0c90252 Release/8.0.2 (#93)
  • 68d1fd5 chore: 8.0.1
  • 2c22263 fix: regression - using echo instead of printf again #90
  • 8a39558 feat: add README for SSH agent and known_hosts management scripts
  • 0f1cb79 fix: permissions of docker-rsync scripts
  • 05a269a v8 - 8.0.0 (#88)
  • 92961b5 feat: always force-upgrade alpine openssl
  • 96abc27 fix: snyk-docker-vulnerability-scan sarif
  • 7e729bf fix: snyk-docker-vulnerability-scan sarif
  • c23b68a chore: snyk output sarif file content
  • Additional commits viewable in compare view

Updates rust-lang/crates-io-auth-action from 1.0.1 to 1.0.3

Release notes

Sourced from rust-lang/crates-io-auth-action's releases.

v1.0.3

What's Changed

Full Changelog: rust-lang/crates-io-auth-action@v1.0.2...v1.0.3

v1.0.2

What's Changed

New Contributors

Full Changelog: rust-lang/crates-io-auth-action@v1.0.1...v1.0.2

Commits
  • b7e9a28 Merge pull request #95 from rust-lang/renovate/lock-file-maintenance
  • 7ac4f7f chore(deps): lock file maintenance
  • eeaaca0 Merge pull request #100 from rust-lang/update-tsdown-to-version-0-16
  • 9002361 update tsdown to version 0.16
  • a06c97a Merge pull request #91 from rust-lang/renovate/major-vitest-monorepo
  • 2d6d193 chore(deps): update dependency vitest to v4
  • 5c091fa Merge pull request #93 from rust-lang/renovate/eslint-monorepo
  • 14c1413 chore(deps): update dependency eslint to v9.39.1
  • 8a0dbdb Merge pull request #94 from rust-lang/renovate/github-actions
  • 2c172cf Merge pull request #96 from rust-lang/renovate/globals-16.x-lockfile
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@dependabot dependabot bot requested review from Xuanwo and tisonkun as code owners January 1, 2026 01:02
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@dosubot dosubot bot added size:S This PR changes 10-29 lines, ignoring generated files. releases-note/chore The PR has a title that begins with "chore" or changes other small things that hard to tell labels Jan 1, 2026
@dependabot
chore(deps): bump the third-party-actions group with 6 updates
c006030 
Bumps the third-party-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8` | `9` |
| [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) | `2` | `3` |
| [mlugg/setup-zig](https://github.com/mlugg/setup-zig) | `2.0.5` | `2.1.0` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.38.1` | `1.41.0` |
| [burnett01/rsync-deployments](https://github.com/burnett01/rsync-deployments) | `5.2` | `8` |
| [rust-lang/crates-io-auth-action](https://github.com/rust-lang/crates-io-auth-action) | `1.0.1` | `1.0.3` |


Updates `golangci/golangci-lint-action` from 8 to 9
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v8...v9)

Updates `swift-actions/setup-swift` from 2 to 3
- [Release notes](https://github.com/swift-actions/setup-swift/releases)
- [Commits](swift-actions/setup-swift@v2...v3)

Updates `mlugg/setup-zig` from 2.0.5 to 2.1.0
- [Release notes](https://github.com/mlugg/setup-zig/releases)
- [Commits](mlugg/setup-zig@8d6198c...fa65c40)

Updates `crate-ci/typos` from 1.38.1 to 1.41.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](crate-ci/typos@v1.38.1...v1.41.0)

Updates `burnett01/rsync-deployments` from 5.2 to 8
- [Release notes](https://github.com/burnett01/rsync-deployments/releases)
- [Commits](Burnett01/rsync-deployments@0dc935c...0c90252)

Updates `rust-lang/crates-io-auth-action` from 1.0.1 to 1.0.3
- [Release notes](https://github.com/rust-lang/crates-io-auth-action/releases)
- [Commits](rust-lang/crates-io-auth-action@e919bc7...b7e9a28)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: third-party-actions
- dependency-name: swift-actions/setup-swift
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: third-party-actions
- dependency-name: mlugg/setup-zig
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: third-party-actions
- dependency-name: crate-ci/typos
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: third-party-actions
- dependency-name: burnett01/rsync-deployments
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: third-party-actions
- dependency-name: rust-lang/crates-io-auth-action
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: third-party-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/third-party-actions-b352362f68 branch from 8c1529e to c006030 Compare January 1, 2026 02:58
@tisonkun
Merge branch 'main' into dependabot/github_actions/third-party-action…
bd9366d 
…s-b352362f68
@tisonkun
fix typo
fe68d89 
Signed-off-by: tison <wander4096@gmail.com>
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jan 1, 2026
@tisonkun tisonkun merged commit 97f4e94 into main Jan 1, 2026
69 of 71 checks passed
@tisonkun tisonkun deleted the dependabot/github_actions/third-party-actions-b352362f68 branch January 1, 2026 04:45
@tisonkun
Copy link
Member

tisonkun commented Jan 1, 2026

dry run failed because we're yet to publish factored out crates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tisonkun tisonkun tisonkun approved these changes

@Xuanwo Xuanwo Awaiting requested review from Xuanwo Xuanwo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code lgtm This PR has been approved by a maintainer releases-note/chore The PR has a title that begins with "chore" or changes other small things that hard to tell size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tisonkun