In scope of this release, the filter was removed within the cache-save step by @dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.
The default values for author and committer have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.
On completion, the action now removes the temporary git remote configuration it adds when using push-to-fork. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.
What's new
Updated runtime to Node.js 20
The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.
The default value for author has been changed to ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>. The change adds the ${{ github.actor_id }}+ prefix to the email address to align with GitHub's standard format for the author email address.
The default value for committer has been changed to github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>. This is to align with the default GitHub Actions bot user account.
Adds input git-token, the Personal Access Token (PAT) that the action will use for git operations. This input defaults to the value of token. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.
push-to-fork now supports pushing to sibling repositories in the same network.
Previously, when using push-to-fork, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.
If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...[Pull request body truncated]" to indicate that the body has been truncated.
The action now uses --unshallow only when necessary, rather than as a default argument of git fetch. This should improve performance, particularly for large git repositories with extensive commit history.
The action can now be executed on one GitHub server and create pull requests on a different GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 6 updates:
1.6.0
2.0.0
3
4
3
4
5
6
3
4
3
4
Updates
dependabot/fetch-metadata
from 1.6.0 to 2.0.0Release notes
Sourced from dependabot/fetch-metadata's releases.
... (truncated)
Commits
0fb2170
v2.0.0 (#508)dc2c459
v2
is the new tracking tag (#506)f2f0ad1
Upgrade from node16 to node20 (#443)8348ea7
v1.7.0 (#505)e21c9fb
Switch to the official action for managing app tokens (#504)3e1bcb9
Scope app token to only this repo for security (#501)7187f39
Merge pull request #442 from dependabot/dependabot/github_actions/tibdex/gith...f9af96f
Bump tibdex/github-app-token from 1.8.2 to 2.1.09977d7b
Merge pull request #497 from dependabot/dependabot/npm_and_yarn/dev-dependenc...4e1067b
run npm buildUpdates
actions/checkout
from 3 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
b4ffde6
Link to release page from what's new section (#1514)8530928
Correct link to GitHub Docs (#1511)7cdaf2f
Update CODEOWNERS to Launch team (#1510)8ade135
Prepare 4.1.0 release (#1496)c533a0a
Add support for partial checkout filters (#1396)72f2cec
Update README.md for V4 (#1452)3df4ab1
Release 4.0.0 (#1447)8b5e8b7
Support fetching without the --progress option (#1067)97a652b
Update default runtime to node20 (#1436)Updates
actions/setup-node
from 3 to 4Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
60edb5d
Add support for arm64 Windows (#927)d86ebcd
Add support forvolta.extends
(#921)b39b52d
Fix node-version-file interprets entire package.json as a version (#865)7247617
Addpackage.json
tonode-version-file
list of examples. (#879)f3ec4ca
Fix README.md (#898)ec97f37
Add fix for cache (#917)5ef044f
Update reusable workflows to use Node.js v20 (#889)c45882a
update to setup-node@v4 in docs (#884)ee36e8b
Ignore engines check in Yarn 1 e2e-cache tests (#882)8f152de
Update actions/checkout for documentation and yaml (#876)Updates
peter-evans/create-pull-request
from 5 to 6Release notes
Sourced from peter-evans/create-pull-request's releases.
Commits
70a41ab
perf: shallow fetch the actual base when rebasing from working base (#2816)57a1014
build(deps-dev): bump@types/node
from 18.19.21 to 18.19.23 (#2811)b3a2c5d
build(deps-dev): bump@types/node
from 18.19.18 to 18.19.21 (#2798)02c7da5
build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)bac6da8
docs: update description of delete-brancha4f52f8
fix: list pulls using the correct head format (#2792)853c071
build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2781)d2c126e
build(deps-dev): bump@types/node
from 18.19.17 to 18.19.18 (#2780)43d39c6
build(deps-dev): bump@types/node
from 18.19.15 to 18.19.17 (#2768)5a9d206
build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 (#2769)Updates
actions/upload-artifact
from 3 to 4Release notes
Sourced from actions/upload-artifact's releases.
Commits
5d5d22a
Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1f1e993d
update artifact license4881bfd
updating dist:a30777e
@eggyhead
3a80482
Merge pull request #511 from actions/robherley/migration-docs-typo9d63e3f
Merge branch 'main' into robherley/migration-docs-typodfa1ab2
fix typo with v3 artifact downloads in migration guided00351b
Merge pull request #509 from markmssd/patch-1707f5a7
Update limitation of10
artifacts upload to500
26f96df
Merge pull request #505 from actions/robherley/merge-artifactsUpdates
actions/download-artifact
from 3 to 4Release notes
Sourced from actions/download-artifact's releases.
Commits
c850b93
Merge pull request #307 from bethanyj28/main6fd111f
update@actions/artifact
87c5514
Merge pull request #303 from bethanyj28/main47f9ce6
update@actions/artifact
127824d
Merge pull request #299 from bethanyj28/main6dd49bf
licensed only artifactf71c0e3
Revert "licensed"7c63dfd
licensed67d37cd
Update toolkit3487549
Update release-new-action-version.yml (#292)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show