chore(deps): Bump the actions-deps group with 5 updates by dependabot[bot] · Pull Request #32 · opendaylight/aaa

dependabot · 2026-06-23T23:23:27Z

Bumps the actions-deps group with 5 updates:

Package	From	To
actions/checkout	`6`	`7`
lfreleng-actions/github2gerrit-action	`1.2.4`	`1.3.3`
im-open/workflow-conclusion	`2.2.5`	`3.0.0`
lfreleng-actions/maven-build-action	`0.2.1`	`0.2.2`
lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml	`0.6.0`	`0.6.1`

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

block checking out fork pr for pull_request_target and workflow_run by @aiqiaoy in actions/checkout#2454

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @dependabot[bot] in actions/checkout#2458

Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in actions/checkout#2460

Bump js-yaml from 4.1.0 to 4.2.0 by @dependabot[bot] in actions/checkout#2461

Bump @actions/core and @actions/tool-cache and Remove uuid by @dependabot[bot] in actions/checkout#2459

upgrade module to esm and update dependencies by @aiqiaoy in actions/checkout#2463

Bump the minor-npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in actions/checkout#2462

getting ready for checkout v7 release by @aiqiaoy in actions/checkout#2464

update error wording by @aiqiaoy in actions/checkout#2467

New Contributors

@aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Commits

9c091bb update error wording (#2467)
1044a6d getting ready for checkout v7 release (#2464)
f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
d914b26 upgrade module to esm and update dependencies (#2463)
537c7ef Bump @actions/core and @actions/tool-cache and Remove uuid (#2459)
130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
0f9f3aa Bump actions/publish-immutable-action (#2458)
f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
See full diff in compare view

Updates lfreleng-actions/github2gerrit-action from 1.2.4 to 1.3.3

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.3.3

🎓 Code Quality 🎓

Test: Address AI code-quality test findings @ModeSevenIndustrialSolutions (#291)

Links

Submit bugs/feature requests

v1.3.2

🔧 Maintenance 🔧

Chore: clear CodeQL code quality warnings @ModeSevenIndustrialSolutions (#287)

Links

Submit bugs/feature requests

v1.3.1

🔧 Maintenance 🔧

Chore: clear CodeQL code-quality warnings @ModeSevenIndustrialSolutions (#286)

Links

Submit bugs/feature requests

v1.3.0

✨ New Features ✨

Feat: anonymous fallback for supersession sweep @ModeSevenIndustrialSolutions (#285)

Links

Submit bugs/feature requests

Commits

f44c168 Merge pull request #291 from modeseven-lfreleng-actions/chore/test-quality-ai...
9cb7cbd Test: Address AI code-quality test findings
121b6b0 Merge pull request #287 from modeseven-lfreleng-actions/chore/codeql-code-qua...
5a157de Chore: clear CodeQL maintainability warnings
1dde219 Chore: clear CodeQL reliability warnings
d423c3a Merge pull request #286 from modeseven-lfreleng-actions/chore/code-quality-wa...
6d38c92 Chore: clear CodeQL code-quality warnings
192eb96 Merge pull request #285 from modeseven-lfreleng-actions/feat/anon-supersessio...
d4ba932 Feat: anonymous fallback for supersession sweep
See full diff in compare view

Updates im-open/workflow-conclusion from 2.2.5 to 3.0.0

Commits

8eac7f1 Merge pull request #29 from im-open/node24
c4d9654 Update to node 24
aa85805 Merge pull request #23 from im-open/dependabot/npm_and_yarn/multi-0f30d60bd3
40cf9b3 Merge branch 'main' into dependabot/npm_and_yarn/multi-0f30d60bd3
58125f7 Bump @octokit/plugin-paginate-rest and @actions/github
See full diff in compare view

Updates lfreleng-actions/maven-build-action from 0.2.1 to 0.2.2

Release notes

Sourced from lfreleng-actions/maven-build-action's releases.

v0.2.2

🔧 Maintenance 🔧

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.2.28 to 0.2.29 @dependabot[bot] (#49)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#50)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.2.29 to 0.3.0 @dependabot[bot] (#51)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#52)

Chore: Bump step-security/harden-runner from 2.16.0 to 2.16.1 @dependabot[bot] (#56)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#57)

Chore: Bump s4u/setup-maven-action from 1.19.0 to 1.20.0 @dependabot[bot] (#55)

Chore: Bump actions/setup-go from 6.3.0 to 6.4.0 @dependabot[bot] (#54)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.0 to 0.3.1 @dependabot[bot] (#53)

Chore: Bump step-security/harden-runner from 2.16.1 to 2.17.0 @dependabot[bot] (#59)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#60)

Chore: Bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#58)

Chore: Bump step-security/harden-runner from 2.17.0 to 2.18.0 @dependabot[bot] (#62)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.1 to 0.3.3 @dependabot[bot] (#64)

Chore: Bump lfreleng-actions/tag-validate-action from 1.0.1 to 1.0.2 @dependabot[bot] (#65)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#63)

Chore: Bump step-security/harden-runner from 2.18.0 to 2.19.0 @dependabot[bot] (#66)

Chore: Bump step-security/harden-runner from 2.19.0 to 2.19.1 @dependabot[bot] (#68)

Chore: Bump release-drafter/release-drafter from 7.2.0 to 7.2.1 @dependabot[bot] (#67)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#69)

Chore: Bump release-drafter/release-drafter from 7.2.1 to 7.3.0 @dependabot[bot] (#70)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#71)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.3 to 0.3.4 @dependabot[bot] (#72)

Chore: Bump step-security/harden-runner from 2.19.1 to 2.19.3 @dependabot[bot] (#73)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#74)

Chore: Bump step-security/harden-runner from 2.19.3 to 2.19.4 @dependabot[bot] (#75)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#76)

Chore: Bump release-drafter/release-drafter from 7.3.0 to 7.3.1 @dependabot[bot] (#77)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#78)

Chore: remove redundant workflow copies @ModeSevenIndustrialSolutions (#80)

Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#81)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#82)

Docs: Add SECURITY.md security policy @ModeSevenIndustrialSolutions (#84)

Chore: pre-commit autoupdate @pre-commit-ci[bot] (#85)

🎓 Code Quality 🎓

CI: update tag-push workflow from template @ModeSevenIndustrialSolutions (#61)

CI(dependabot): Add 7-day update cooldown @ModeSevenIndustrialSolutions (#83)

Links

Submit bugs/feature requests

Commits

c2ded37 Merge pull request #85 from lfreleng-actions/pre-commit-ci-update-config
c4dd46d Chore: pre-commit autoupdate
93a944d Merge pull request #84 from modeseven-lfreleng-actions/chore/add-security-md
7c981e7 Docs: Add SECURITY.md security policy
1ce7462 Merge pull request #83 from modeseven-lfreleng-actions/dependabot-cooldown
bd86f7e CI(dependabot): Add 7-day update cooldown
d81e19f Merge pull request #82 from lfreleng-actions/pre-commit-ci-update-config
c484e73 Chore: pre-commit autoupdate
10acea9 Merge pull request #81 from lfreleng-actions/dependabot/github_actions/action...
85cda65 Chore: Bump actions/checkout from 6.0.2 to 6.0.3
Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml from 0.6.0 to 0.6.1

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml's releases.

v0.6.1

🐛 Bug Fixes 🐛

Fix(rtdv3): Match tox Python to ReadTheDocs @ModeSevenIndustrialSolutions (#692)

🔧 Maintenance 🔧

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#687)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#690)

Chore: pre-commit linting updates @pre-commit-ci[bot] (#691)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#688)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#689)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#686)

Chore: Bump lfit/sigul-sign-action from 1.0.0 to 1.1.0 @dependabot[bot] (#685)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#684)

Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.5.0 to 0.6.0 @dependabot[bot] (#683)

Chore: Bump jordanconway/package-manager-hardening from 0.4.0 to 0.4.2 @dependabot[bot] (#682)

Chore: Bump lfreleng-actions/inject-issue-id-action from 0.1.1 to 0.1.2 @dependabot[bot] (#705)

Chore: Bump im-open/workflow-conclusion from 2.2.5 to 3.0.0 @dependabot[bot] (#706)

Chore: Bump lfreleng-actions/credential-load-action from 0.1.1 to 0.1.2 @dependabot[bot] (#704)

Chore: Bump lfreleng-actions/openssf-scorecard-summary-action from 0.1.0 to 0.1.1 @dependabot[bot] (#703)

Chore: Bump lfreleng-actions/checkout-gerrit-change-action from 1.0.1 to 1.0.2 @dependabot[bot] (#707)

Chore: Bump release-drafter/release-drafter from 7.3.1 to 7.4.0 @dependabot[bot] (#702)

Chore: Bump lfreleng-actions/draft-release-promote-action from 0.1.3 to 0.1.4 @dependabot[bot] (#701)

Chore: Bump lfreleng-actions/maven-build-action from 0.2.1 to 0.2.2 @dependabot[bot] (#700)

Chore: Bump actions/setup-java from 5.2.0 to 5.3.0 @dependabot[bot] (#699)

Chore: Bump jfrog/setup-jfrog-cli from 5.0.0 to 5.1.0 @dependabot[bot] (#698)

Chore: Bump actions/checkout from 6.0.3 to 7.0.0 @dependabot[bot] (#697)

Chore: Bump lfreleng-actions/node-build-action from 0.2.0 to 0.2.1 @dependabot[bot] (#696)

Chore: Bump lfreleng-actions/maven-make-build-action from 0.1.1 to 0.2.2 @dependabot[bot] (#695)

Chore: Bump lfreleng-actions/gradle-build-action from 0.4.0 to 0.4.1 @dependabot[bot] (#694)

Chore: Bump lfreleng-actions/tag-push-verify-action from 0.1.1 to 0.1.2 @dependabot[bot] (#693)

Chore: Bump lfreleng-actions/tox-run-action from 0.1.1 to 0.1.2 @dependabot[bot] (#708)

Chore: Bump lfreleng-actions/docker-save-images-action from 0.1.0 to 0.1.1 @dependabot[bot] (#709)

🎓 Code Quality 🎓

CI(harden-runner): Update allow-list to v0.3.0 @ModeSevenIndustrialSolutions (#710)

Links

Submit bugs/feature requests

Commits

50e324e Merge pull request #710 from modeseven-lfit/chore/update-allow-list-v0.3.0
338d0fe CI(harden-runner): Update allow-list to v0.3.0
b739d33 Merge pull request #709 from lfit/dependabot/github_actions/lfreleng-actions/...
f6a6cf5 Merge pull request #708 from lfit/dependabot/github_actions/lfreleng-actions/...
c966fc4 Chore: Bump lfreleng-actions/docker-save-images-action
9ceb575 Chore: Bump lfreleng-actions/tox-run-action from 0.1.1 to 0.1.2
97468be Merge pull request #693 from lfit/dependabot/github_actions/lfreleng-actions/...
0edb5e3 Merge pull request #694 from lfit/dependabot/github_actions/lfreleng-actions/...
21d564d Merge pull request #695 from lfit/dependabot/github_actions/lfreleng-actions/...
890ea5f Merge pull request #696 from lfit/dependabot/github_actions/lfreleng-actions/...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions-deps group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6` | `7` | | [lfreleng-actions/github2gerrit-action](https://github.com/lfreleng-actions/github2gerrit-action) | `1.2.4` | `1.3.3` | | [im-open/workflow-conclusion](https://github.com/im-open/workflow-conclusion) | `2.2.5` | `3.0.0` | | [lfreleng-actions/maven-build-action](https://github.com/lfreleng-actions/maven-build-action) | `0.2.1` | `0.2.2` | | [lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml](https://github.com/lfit/releng-reusable-workflows) | `0.6.0` | `0.6.1` | Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6...v7) Updates `lfreleng-actions/github2gerrit-action` from 1.2.4 to 1.3.3 - [Release notes](https://github.com/lfreleng-actions/github2gerrit-action/releases) - [Changelog](https://github.com/lfreleng-actions/github2gerrit-action/blob/main/docs/RELEASE-v0.2.0.md) - [Commits](lfreleng-actions/github2gerrit-action@806c001...f44c168) Updates `im-open/workflow-conclusion` from 2.2.5 to 3.0.0 - [Commits](im-open/workflow-conclusion@7b14694...8eac7f1) Updates `lfreleng-actions/maven-build-action` from 0.2.1 to 0.2.2 - [Release notes](https://github.com/lfreleng-actions/maven-build-action/releases) - [Commits](lfreleng-actions/maven-build-action@3e8765b...c2ded37) Updates `lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/lfit/releng-reusable-workflows/releases) - [Commits](lfit/releng-reusable-workflows@f43b219...50e324e) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: lfreleng-actions/github2gerrit-action dependency-version: 1.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: im-open/workflow-conclusion dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: lfreleng-actions/maven-build-action dependency-version: 0.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: lfit/releng-reusable-workflows/.github/workflows/composed-maven-sonar-cloud.yaml dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-23T23:24:10Z

PR: #32
Mode: squash
Topic: GH-aaa-32
Change-Ids:
If175680c1775b8bea55e387f81ca4358d40fbd7e
Digest: 9256967808dc
GitHub-Hash: a48332bfd0488eac

Note: This metadata is also included in the Gerrit commit message for reconciliation.

github-actions · 2026-06-23T23:24:15Z

Change raised in Gerrit by GitHub2Gerrit: https://git.opendaylight.org/gerrit/c/aaa/+/123687

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): Bump the actions-deps group with 5 updates#32

chore(deps): Bump the actions-deps group with 5 updates#32
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-deps-2ac4fad0e5

dependabot Bot commented on behalf of github Jun 23, 2026

Uh oh!

github-actions Bot commented Jun 23, 2026

Uh oh!

github-actions Bot commented Jun 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 23, 2026

v7.0.0

What's Changed

New Contributors

v6.0.3

What's Changed

New Contributors

v6.0.2

What's Changed

v6.0.1

What's Changed

v1.3.3

🎓 Code Quality 🎓

Links

v1.3.2

🔧 Maintenance 🔧

Links

v1.3.1

🔧 Maintenance 🔧

Links

v1.3.0

✨ New Features ✨

Links

v0.2.2

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

v0.6.1

🐛 Bug Fixes 🐛

🔧 Maintenance 🔧

🎓 Code Quality 🎓

Links

Uh oh!

github-actions Bot commented Jun 23, 2026

Uh oh!

github-actions Bot commented Jun 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

0 participants