In scope of this release, the filter was removed within the cache-save step by @dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.
The default values for author and committer have changed. See "What's new" below for details. If you are overriding the default values you will not be affected by this change.
On completion, the action now removes the temporary git remote configuration it adds when using push-to-fork. This should not affect you unless you were using the temporary configuration for some other purpose after the action completes.
What's new
Updated runtime to Node.js 20
The action now requires a minimum version of v2.308.0 for the Actions runner. Update self-hosted runners to v2.308.0 or later to ensure compatibility.
The default value for author has been changed to ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>. The change adds the ${{ github.actor_id }}+ prefix to the email address to align with GitHub's standard format for the author email address.
The default value for committer has been changed to github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>. This is to align with the default GitHub Actions bot user account.
Adds input git-token, the Personal Access Token (PAT) that the action will use for git operations. This input defaults to the value of token. Use this input if you would like the action to use a different token for git operations than the one used for the GitHub API.
push-to-fork now supports pushing to sibling repositories in the same network.
Previously, when using push-to-fork, the action did not remove temporary git remote configuration it adds during execution. This has been fixed and the configuration is now removed when the action completes.
If the pull request body is truncated due to exceeding the maximum length, the action will now suffix the body with the message "...[Pull request body truncated]" to indicate that the body has been truncated.
The action now uses --unshallow only when necessary, rather than as a default argument of git fetch. This should improve performance, particularly for large git repositories with extensive commit history.
The action can now be executed on one GitHub server and create pull requests on a different GitHub server. Server products include GitHub hosted (github.com), GitHub Enterprise Server (GHES), and GitHub Enterprise Cloud (GHEC). For example, the action can be executed on GitHub hosted and create pull requests on a GHES or GHEC instance.
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.
ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.
Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 6 updates:
1.6.02.0.03434563434Updates
dependabot/fetch-metadatafrom 1.6.0 to 2.0.0Release notes
Sourced from dependabot/fetch-metadata's releases.
... (truncated)
Commits
0fb2170v2.0.0 (#508)dc2c459v2is the new tracking tag (#506)f2f0ad1Upgrade from node16 to node20 (#443)8348ea7v1.7.0 (#505)e21c9fbSwitch to the official action for managing app tokens (#504)3e1bcb9Scope app token to only this repo for security (#501)7187f39Merge pull request #442 from dependabot/dependabot/github_actions/tibdex/gith...f9af96fBump tibdex/github-app-token from 1.8.2 to 2.1.09977d7bMerge pull request #497 from dependabot/dependabot/npm_and_yarn/dev-dependenc...4e1067brun npm buildUpdates
actions/checkoutfrom 3 to 4Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
b4ffde6Link to release page from what's new section (#1514)8530928Correct link to GitHub Docs (#1511)7cdaf2fUpdate CODEOWNERS to Launch team (#1510)8ade135Prepare 4.1.0 release (#1496)c533a0aAdd support for partial checkout filters (#1396)72f2cecUpdate README.md for V4 (#1452)3df4ab1Release 4.0.0 (#1447)8b5e8b7Support fetching without the --progress option (#1067)97a652bUpdate default runtime to node20 (#1436)Updates
actions/setup-nodefrom 3 to 4Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
60edb5dAdd support for arm64 Windows (#927)d86ebcdAdd support forvolta.extends(#921)b39b52dFix node-version-file interprets entire package.json as a version (#865)7247617Addpackage.jsontonode-version-filelist of examples. (#879)f3ec4caFix README.md (#898)ec97f37Add fix for cache (#917)5ef044fUpdate reusable workflows to use Node.js v20 (#889)c45882aupdate to setup-node@v4 in docs (#884)ee36e8bIgnore engines check in Yarn 1 e2e-cache tests (#882)8f152deUpdate actions/checkout for documentation and yaml (#876)Updates
peter-evans/create-pull-requestfrom 5 to 6Release notes
Sourced from peter-evans/create-pull-request's releases.
Commits
70a41abperf: shallow fetch the actual base when rebasing from working base (#2816)57a1014build(deps-dev): bump@types/nodefrom 18.19.21 to 18.19.23 (#2811)b3a2c5dbuild(deps-dev): bump@types/nodefrom 18.19.18 to 18.19.21 (#2798)02c7da5build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)bac6da8docs: update description of delete-brancha4f52f8fix: list pulls using the correct head format (#2792)853c071build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2781)d2c126ebuild(deps-dev): bump@types/nodefrom 18.19.17 to 18.19.18 (#2780)43d39c6build(deps-dev): bump@types/nodefrom 18.19.15 to 18.19.17 (#2768)5a9d206build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 (#2769)Updates
actions/upload-artifactfrom 3 to 4Release notes
Sourced from actions/upload-artifact's releases.
Commits
5d5d22aMerge pull request #515 from actions/eggyhead/update-artifact-v2.1.1f1e993dupdate artifact license4881bfdupdating dist:a30777e@eggyhead3a80482Merge pull request #511 from actions/robherley/migration-docs-typo9d63e3fMerge branch 'main' into robherley/migration-docs-typodfa1ab2fix typo with v3 artifact downloads in migration guided00351bMerge pull request #509 from markmssd/patch-1707f5a7Update limitation of10artifacts upload to50026f96dfMerge pull request #505 from actions/robherley/merge-artifactsUpdates
actions/download-artifactfrom 3 to 4Release notes
Sourced from actions/download-artifact's releases.
Commits
c850b93Merge pull request #307 from bethanyj28/main6fd111fupdate@actions/artifact87c5514Merge pull request #303 from bethanyj28/main47f9ce6update@actions/artifact127824dMerge pull request #299 from bethanyj28/main6dd49bflicensed only artifactf71c0e3Revert "licensed"7c63dfdlicensed67d37cdUpdate toolkit3487549Update release-new-action-version.yml (#292)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show