Skip to content

ci(deps): bump the actions group with 2 updates#89

Merged
vineethkrishnan merged 1 commit into
mainfrom
dependabot/github_actions/actions-6b68fe4b44
Jun 2, 2026
Merged

ci(deps): bump the actions group with 2 updates#89
vineethkrishnan merged 1 commit into
mainfrom
dependabot/github_actions/actions-6b68fe4b44

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the actions group with 2 updates: cloudflare/wrangler-action and actions/dependency-review-action.

Updates cloudflare/wrangler-action from 3 to 4

Release notes

Sourced from cloudflare/wrangler-action's releases.

v4.0.0

Major Changes

  • #412 1029e90 Thanks @​ericclemmons! - Update default Wrangler version to v4 (latest). The action now installs Wrangler v4 by default when no wranglerVersion input is specified. Users can still pin to v3 by setting wranglerVersion: "3.90.0" explicitly.

v3.15.0

Minor Changes

  • #426 febbda6 Thanks @​WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

v3.14.1

Patch Changes

v3.14.0

Minor Changes

Patch Changes

v3.13.1

Patch Changes

v3.13.0

Minor Changes

v3.12.1

Patch Changes

v3.12.0

Minor Changes

  • #312 122ee5cf5b66847e0b6cfa67ecd9e03e38a67a42 Thanks @​Maximo-Guk! - This reapplies 303 add parity with pages-action for pages deploy outputs. Thanks @​courtney-sims! - Support pages-deployment-id, pages-environment, pages-deployment-alias-url and deployment-url outputs for Pages deploys when wrangler version is >=3.81.0. deployment-alias-url was also deprecated in favour of pages-deployment-alias.

v3.11.0

Minor Changes

... (truncated)

Changelog

Sourced from cloudflare/wrangler-action's changelog.

Changelog

4.0.0

Major Changes

  • #412 1029e90 Thanks @​ericclemmons! - Update default Wrangler version to v4 (latest). The action now installs Wrangler v4 by default when no wranglerVersion input is specified. Users can still pin to v3 by setting wranglerVersion: "3.90.0" explicitly.

3.15.0

Minor Changes

  • #426 febbda6 Thanks @​WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

3.14.1

Patch Changes

3.14.0

Minor Changes

Patch Changes

3.13.1

Patch Changes

3.13.0

Minor Changes

3.12.1

Patch Changes

... (truncated)

Commits
  • ebbaa15 Automatic compilation
  • a61fbea Merge pull request #429 from cloudflare/changeset-release/main
  • e804ea3 Version Packages
  • 8d0324a fix: update release workflow to v5 actions and regenerate lockfile
  • 2f18b18 Merge pull request #431 from cloudflare/fix/semgrep-blocking-findings
  • 622ff0d fix: upgrade checkout and setup-node to v5 for Node 24 runtime
  • f501f05 fix: force GitHub actions to run on Node 24 via env var
  • f990691 fix: resolve npm audit vulnerabilities via undici override and vitest v3
  • 652762d fix: migrate action runtime from node20 to node24
  • bd3f4f0 fix: add retry support to worker health check using better-result
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4 to 5

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

... (truncated)

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci(deps): bump the actions group with 2 updates
5ba9ed2 
Bumps the actions group with 2 updates: [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `cloudflare/wrangler-action` from 3 to 4
- [Release notes](https://github.com/cloudflare/wrangler-action/releases)
- [Changelog](https://github.com/cloudflare/wrangler-action/blob/main/CHANGELOG.md)
- [Commits](cloudflare/wrangler-action@v3...v4)

Updates `actions/dependency-review-action` from 4 to 5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@v4...v5)

---
updated-dependencies:
- dependency-name: cloudflare/wrangler-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/dependency-review-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 2, 2026

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from vineethkrishnan as a code owner June 2, 2026 03:46
@vineethkrishnan vineethkrishnan merged commit 36f610d into main Jun 2, 2026
12 checks passed
@vineethkrishnan vineethkrishnan deleted the dependabot/github_actions/actions-6b68fe4b44 branch June 2, 2026 12:51
@vinelabs-release-manager vinelabs-release-manager Bot mentioned this pull request Jun 2, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vineethkrishnan vineethkrishnan Awaiting requested review from vineethkrishnan vineethkrishnan is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vineethkrishnan