Bump the actions group across 1 directory with 4 updates by dependabot[bot] · Pull Request #288 · unslothai/notebooks

dependabot · 2026-06-11T10:05:27Z

Bumps the actions group with 4 updates in the / directory: step-security/harden-runner, actions/checkout, trufflesecurity/trufflehog and actions/stale.

Updates step-security/harden-runner from 2.19.1 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Default to audit mode when api-key missing with use-policy-store by @varunsh-coder in step-security/harden-runner#665

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

Commits

9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
485dce8 Update agent to v1.8.6
ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
ec41b78 Default to audit mode when api-key missing with use-policy-store
9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
1dee3df Update agent to v1.8.5
See full diff in compare view

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

Block checking out fork PR for pull_request_target and workflow_run by @aiqiaoy in actions/checkout#2454

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in actions/checkout#2458

Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in actions/checkout#2460

Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in actions/checkout#2461

Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in actions/checkout#2459

upgrade module to esm and update dependencies by @aiqiaoy in actions/checkout#2463

Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in actions/checkout#2462

v6.0.3

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
See full diff in compare view

Updates trufflesecurity/trufflehog from 3.95.2 to 3.95.5

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.5

What's Changed

[INS-461] Add test to ensure new detectors are registered in defaults.go by @mustansir14 in trufflesecurity/trufflehog#4915

[INS-455] Unify common logic in Atlassian Data Center detectors by @mustansir14 in trufflesecurity/trufflehog#4907

fix(github): cache repo info under original URL on redirect by @kashifkhan0771 in trufflesecurity/trufflehog#4958

Added GitLab OAuth Detector by @shahzadhaider1 in trufflesecurity/trufflehog#4729

Box Detector: Extract Subject ID for Analyzer Integration by @shahzadhaider1 in trufflesecurity/trufflehog#4761

[INS-346] SpectralOps Personal API Key Detector by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4770

[INS-335] Added AWS Appsync Detector by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4803

fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @kashifkhan0771 in trufflesecurity/trufflehog#4954

Automate corpora testing in CI by @mustansir14 in trufflesecurity/trufflehog#4927

Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @amanfcp in trufflesecurity/trufflehog#4924

feat: add host, db and username to ExtraData for database detectors by @mariocj89 in trufflesecurity/trufflehog#4849

Remove over speculation from Corpora CI workflow by @mustansir14 in trufflesecurity/trufflehog#4974

Fix line numbers for duplicate secrets within a chunk by @amanfcp in trufflesecurity/trufflehog#4910

Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @camgunz in trufflesecurity/trufflehog#4961

Update Go security dependencies by @cursor[bot] in trufflesecurity/trufflehog#4986

Pin GitHub Actions to SHA digests by @bryanbeverly in trufflesecurity/trufflehog#4985

Update CODEOWNERS: replace 5 slugs with scanning + integrations by @bryanbeverly in trufflesecurity/trufflehog#4983

Added source config flags to sharepoint proto by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4972

[SCAN-795] HTML decoder: ASPX and entity-encoded HTML support by @mustansir14 in trufflesecurity/trufflehog#4981

adds some debugging info for APKs and fixes issues parsing obfuscated APKs by @johannestaas-trufflesec in trufflesecurity/trufflehog#4991

New Contributors

@mariocj89 made their first contribution in trufflesecurity/trufflehog#4849

@cursor[bot] made their first contribution in trufflesecurity/trufflehog#4986

@johannestaas-trufflesec made their first contribution in trufflesecurity/trufflehog#4991

Full Changelog: trufflesecurity/trufflehog@v3.95.3...v3.95.5

v3.95.4

What's Changed

[INS-461] Add test to ensure new detectors are registered in defaults.go by @mustansir14 in trufflesecurity/trufflehog#4915

[INS-455] Unify common logic in Atlassian Data Center detectors by @mustansir14 in trufflesecurity/trufflehog#4907

fix(github): cache repo info under original URL on redirect by @kashifkhan0771 in trufflesecurity/trufflehog#4958

Added GitLab OAuth Detector by @shahzadhaider1 in trufflesecurity/trufflehog#4729

Box Detector: Extract Subject ID for Analyzer Integration by @shahzadhaider1 in trufflesecurity/trufflehog#4761

[INS-346] SpectralOps Personal API Key Detector by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4770

[INS-335] Added AWS Appsync Detector by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4803

fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @kashifkhan0771 in trufflesecurity/trufflehog#4954

Automate corpora testing in CI by @mustansir14 in trufflesecurity/trufflehog#4927

Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @amanfcp in trufflesecurity/trufflehog#4924

feat: add host, db and username to ExtraData for database detectors by @mariocj89 in trufflesecurity/trufflehog#4849

Remove over speculation from Corpora CI workflow by @mustansir14 in trufflesecurity/trufflehog#4974

Fix line numbers for duplicate secrets within a chunk by @amanfcp in trufflesecurity/trufflehog#4910

Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @camgunz in trufflesecurity/trufflehog#4961

Update Go security dependencies by @cursor[bot] in trufflesecurity/trufflehog#4986

Pin GitHub Actions to SHA digests by @bryanbeverly in trufflesecurity/trufflehog#4985

Update CODEOWNERS: replace 5 slugs with scanning + integrations by @bryanbeverly in trufflesecurity/trufflehog#4983

Added source config flags to sharepoint proto by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4972

... (truncated)

Commits

d411fff feat(apk): adds some debugging info for APKs and fixes issues parsing obfusca...
26eae1f [SCAN-795] HTML decoder: ASPX and entity-encoded HTML support (#4981)
6c8f640 Added source config flags to sharepoint proto (#4972)
9f0b97f Update CODEOWNERS: replace 5 slugs with scanning + integrations (#4983)
36f6f69 Pin GitHub Actions to SHA digests (#4985)
52ebebb Update Go security dependencies (#4986)
ec67ff2 Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors (#4961)
0ec3634 Fix line numbers for duplicate secrets within a chunk (#4910)
79acbf4 Remove over speculation from Corpora CI workflow (#4974)
d86254e feat: add host, db and username to ExtraData for database detectors (#4849)
Additional commits viewable in compare view

Updates actions/stale from 10.2.0 to 10.3.0

Release notes

Sourced from actions/stale's releases.

v10.3.0

What's Changed

Bug Fix

Enhancement: ignore stale labeling events by @shamoon in actions/stale#1311

Dependency Updates

Upgrade dependencies (@actions/core, @octokit/plugin-retry, @typescript-eslint) by @Copilot in actions/stale#1335

New Contributors

@shamoon made their first contribution in actions/stale#1311

Full Changelog: actions/stale@v10...v10.3.0

Commits

eb5cf3a chore: upgrade dependencies and bump version to 10.3.0 (#1335)
db5d06a Enhancement: ignore stale labeling events (#1311)
See full diff in compare view

Bumps the actions group with 4 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/checkout](https://github.com/actions/checkout), [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) and [actions/stale](https://github.com/actions/stale). Updates `step-security/harden-runner` from 2.19.1 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@a5ad31d...9af89fc) Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) Updates `trufflesecurity/trufflehog` from 3.95.2 to 3.95.5 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@17456f8...d411fff) Updates `actions/stale` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@b5d41d4...eb5cf3a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/stale dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

chatgpt-codex-connector · 2026-06-18T12:18:06Z

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Repo admins can enable using credits for code reviews in their settings.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 11, 2026

dependabot Bot requested a review from danielhanchen as a code owner June 11, 2026 10:05

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 11, 2026

dependabot Bot force-pushed the dependabot/github_actions/actions-d42f05ef18 branch from 5481689 to 91b9211 Compare June 18, 2026 12:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 1 directory with 4 updates#288

Bump the actions group across 1 directory with 4 updates#288
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-d42f05ef18

dependabot Bot commented on behalf of github Jun 11, 2026 •

edited

Loading

Uh oh!

chatgpt-codex-connector Bot commented Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.19.4

What's Changed

v2.19.3

What's Changed

v2.19.2

What's Changed

v6.0.3

What's Changed

New Contributors

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v3.95.5

What's Changed

New Contributors

v3.95.4

What's Changed

v10.3.0

What's Changed

Bug Fix

Dependency Updates

New Contributors

Uh oh!

chatgpt-codex-connector Bot commented Jun 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 11, 2026 •

edited

Loading