chore(deps): bump the github-actions group with 9 updates

[dependabot]

Bumps the github-actions group with 9 updates:

Package	From	To
actions/checkout	6.0.0	6.0.1
actions/setup-java	5.0.0	5.1.0
graalvm/setup-graalvm	1.4.3	1.4.4
softprops/action-gh-release	2.4.2	2.5.0
github/codeql-action	4.31.5	4.31.7
peter-evans/create-pull-request	7.0.9	7.0.11
ruby/setup-ruby	1.268.0	1.269.0
updatecli/updatecli-action	2.96.0	2.97.0
actions/setup-node	6.0.0	6.1.0

Updates actions/checkout from 6.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• See full diff in compare view

Updates actions/setup-java from 5.0.0 to 5.1.0

Release notes

Sourced from actions/setup-java's releases.

v5.1.0

What's Changed

New Features

• Add support for .sdkmanrc file in java-version-file parameter by @​guicamest in actions/setup-java#736
• Add support for Microsoft OpenJDK 25 builds by @​the-mod in actions/setup-java#927

Bug Fixes & Improvements

• Update Regex to Support All ASDF Versions for the supported distributions in tool-versions File by @​aparnajyothi-y in actions/setup-java#767
• Enhance error logging for network failures to include endpoint/IP details, add retry mechanism and update workflows to use macos-15-intel by @​priya-kinthali in actions/setup-java#946
• Update SapMachine URLs by @​RealCLanger in actions/setup-java#955
• Add GitHub Token Support for GraalVM and Refactor Code by @​mahabaleshwars in actions/setup-java#849

Documentation changes

• Update documentation to use checkout and Java v5 by @​lmvysakh in actions/setup-java#903
• Clarify JAVA_HOME and PATH setup in README by @​chiranjib-swain in actions/setup-java#841

Dependency updates

• Upgrade prettier from 2.8.8 to 3.6.2 and document breaking changes in v5 by @​dependabot in actions/setup-java#873
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/setup-java#912

New Contributors

• @​lmvysakh made their first contribution in actions/setup-java#903
• @​chiranjib-swain made their first contribution in actions/setup-java#841
• @​the-mod made their first contribution in actions/setup-java#927
• @​priya-kinthali made their first contribution in actions/setup-java#946
• @​guicamest made their first contribution in actions/setup-java#736

Full Changelog: actions/setup-java@v5...v5.1.0

Commits

• f2beeb2 Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)
• 4e7e684 feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
• 46c56d6 Add GitHub Token Support for GraalVM and Refactor Code (#849)
• 66b9457 Update SapMachine URLs (#955)
• 6ba5449 Enhance error logging for network failures to include endpoint/IP details, ad...
• de5a937 adds microsoft openjdk25 builds (#927)
• ead9eaa Update Regex to Support All ASDF Versions for the supported distributions in ...
• 8c57fa3 Clarify JAVA_HOME and PATH setup in README (#841)
• a7ab372 Bump prettier from 2.8.8 to 3.6.2 (#873)
• d0351b4 Update documentation to use checkout and Java v5 (#903)
• See full diff in compare view

Updates graalvm/setup-graalvm from 1.4.3 to 1.4.4

Release notes

Sourced from graalvm/setup-graalvm's releases.

v1.4.4

What's Changed

• Bump actions/checkout from 5.0.0 to 6.0.0 in the github-actions-updates group by @​dependabot[bot] in graalvm/setup-graalvm#198
• Bump the npm-updates group with 10 updates by @​dependabot[bot] in graalvm/setup-graalvm#197

Full Changelog: graalvm/setup-graalvm@v1.4.3...v1.4.4

Commits

• 790e289 Bump version to 1.4.4.
• 434a92b Update dist files.
• fe4a6b3 Update dependencies
• d8578a7 Bump the npm-updates group with 10 updates
• 98e485c Bump actions/checkout in the github-actions-updates group
• See full diff in compare view

Updates softprops/action-gh-release from 2.4.2 to 2.5.0

Release notes

Sourced from softprops/action-gh-release's releases.

v2.5.0

What's Changed

Exciting New Features 🎉

• feat: mark release as draft until all artifacts are uploaded by @​dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

• chore(deps): bump the npm group across 1 directory with 5 updates by @​dependabot[bot] in softprops/action-gh-release#697
• chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by @​dependabot[bot] in softprops/action-gh-release#689

New Contributors

• @​dumbmoron made their first contribution in softprops/action-gh-release#692

Full Changelog: softprops/action-gh-release@v2.4.2...v2.5.0

Changelog

Sourced from softprops/action-gh-release's changelog.

2.5.0

What's Changed

Exciting New Features 🎉

• feat: mark release as draft until all artifacts are uploaded by @​dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

• dependency updates

2.4.2

What's Changed

Exciting New Features 🎉

• feat: Ensure generated release notes cannot be over 125000 characters by @​BeryJu in softprops/action-gh-release#684

Other Changes 🔄

• dependency updates

2.4.1

What's Changed

Other Changes 🔄

• fix(util): support brace expansion globs containing commas in parseInputFiles by @​Copilot in softprops/action-gh-release#672
• fix: gracefully fallback to body when body_path cannot be read by @​Copilot in softprops/action-gh-release#671

2.4.0

What's Changed

Exciting New Features 🎉

• feat(action): respect working_directory for files globs by @​stephenway in softprops/action-gh-release#667

2.3.4

What's Changed

Bug fixes 🐛

• fix(action): handle 422 already_exists race condition by @​stephenway in softprops/action-gh-release#665

Other Changes 🔄

... (truncated)

Commits

• a06a81a release 2.5.0
• 7da8983 feat: mark release as draft until all artifacts are uploaded (#692)
• 8797328 chore(deps): bump actions/checkout in the github-actions group (#689)
• 1bfc62a chore(deps): bump the npm group across 1 directory with 5 updates (#697)
• See full diff in compare view

Updates github/codeql-action from 4.31.5 to 4.31.7

Release notes

Sourced from github/codeql-action's releases.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

• Update default CodeQL bundle version to 2.23.3. #3205
• Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

... (truncated)

Commits

• cf1bb45 Merge pull request #3344 from github/update-v4.31.7-f5c63fadd
• f4ebe95 Update changelog for v4.31.7
• f5c63fa Merge pull request #3343 from github/update-bundle/codeql-bundle-v2.23.7
• a2c01e7 Add changelog note
• ac34c13 Update default bundle to codeql-bundle-v2.23.7
• 267c467 Merge pull request #3339 from github/dependabot/npm_and_yarn/npm-minor-77d264...
• aeabef7 Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-77d26487b0
• 78357d3 Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-tests
• d61a6fa Update CLI config test to account for overlay db changes on PRs
• ce27e95 Rebuild
• Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.9 to 7.0.11

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.11

What's Changed

• fix: restrict remote prune to self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4235
• build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @​dependabot[bot] in peter-evans/create-pull-request#4240
• fix: provider list pulls fallback for multi fork same owner by @​peter-evans in peter-evans/create-pull-request#4245

New Contributors

• @​obnyis made their first contribution in peter-evans/create-pull-request#4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

Commits

• 22a9089 fix: restrict remote prune to self-hosted runners (#4250)
• d4f3be6 fix: provider list pulls fallback for multi fork same owner (#4245)
• bc8a47f build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (#4240)
• a67ef28 build(deps): bump the github-actions group with 2 updates (#4235)
• See full diff in compare view

Updates ruby/setup-ruby from 1.268.0 to 1.269.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.269.0

What's Changed

• Account for Bundler 4 by @​eregon in ruby/setup-ruby#832

Full Changelog: ruby/setup-ruby@v1.268.0...v1.269.0

Commits

• d697be2 Account for Bundler 4
• See full diff in compare view

Updates updatecli/updatecli-action from 2.96.0 to 2.97.0

Release notes

Sourced from updatecli/updatecli-action's releases.

v2.97.0 🌈

Changes

• deps: update updatecli version to v0.111.0 @updateclibot[bot] (#986)
• deps(updatecli/policies): bump all policies @updateclibot[bot] (#985)

🧰 Maintenance

• deps: bump Updatecli GH action to v2.96.0 @updateclibot[bot] (#982)

Contributors

@​updateclibot[bot] and updateclibot[bot]

Commits

• 9a21b69 deps: update updatecli version to v0.111.0 (#986)
• afc5668 deps(updatecli/policies): bump all policies (#985)
• 613ad53 deps: bump Updatecli GH action to v2.96.0 (#982)
• See full diff in compare view

Updates actions/setup-node from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-node's releases.

v6.1.0

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in actions/setup-node#1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in actions/setup-node#1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in actions/setup-node#1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in actions/setup-node#1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-node#1419

Full Changelog: actions/setup-node@v6...v6.1.0

Commits

• 395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
• a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
• b9b25d4 Remove always-auth configuration handling from action (#1436)
• 633bb92 Bump @​actions/cache from 4.0.3 to 4.1.0 (#1384)
• dda4788 Add example for restore-only cache in documentation (#1419)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 66d7ba4.

🟢 All jobs passed!

But CI Insights is watching 👀