Bump the gh-major group with 8 updates

[dependabot]

Bumps the gh-major group with 8 updates:

Package	From	To
actions/setup-go	4.1.0	5.0.1
tj-actions/branch-names	7.0.5	8.0.1
actions/setup-python	4.7.0	5.1.0
actions/cache	3.3.2	4.0.2
azure/setup-helm	3.5	4
actions/upload-artifact	3.1.3	4.3.3
github/codeql-action	2.21.7	3.25.7
fossa-contrib/fossa-action	2.0.0	3.0.0

Updates actions/setup-go from 4.1.0 to 5.0.1

Release notes

Sourced from actions/setup-go's releases.

v5.0.1

What's Changed

• Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @​dependabot , @​HarithaVattikuti in actions/setup-go#465
• Update documentation with latest V5 release notes by @​ab in actions/setup-go#459
• Update version documentation by @​178inaba in actions/setup-go#458
• Documentation update of actions/setup-go to v5 by @​chenrui333 in actions/setup-go#449

New Contributors

• @​ab made their first contribution in actions/setup-go#459

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

• Fix hosted tool cache usage on windows by @​galargh in actions/setup-go#411
• Improve documentation regarding dependencies caching by @​artemgavrilov in actions/setup-go#417

New Contributors

• @​galargh made their first contribution in actions/setup-go#411
• @​artemgavrilov made their first contribution in actions/setup-go#417
• @​chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: actions/setup-go@v4...v5.0.0

Commits

• cdcb360 Remove the description of the old go.mod specification (#458)
• 99176a8 Update README.md with V5 release notes (#459)
• be1aa11 Bump undici from 5.28.2 to 5.28.3 (#465)
• 6c1fd22 docs: bump actions/setup-go to v5 (#449)
• 0c52d54 Update dependencies for node20 (#445)
• bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
• 3d65fa5 feat: bump to use actions/checkout@v4
• 8a505c9 feat: bump to use node20 runtime
• 883490d Merge pull request #417 from artemgavrilov/main
• d45ebba Rephrase sentence
• Additional commits viewable in compare view

Updates tj-actions/branch-names from 7.0.5 to 8.0.1

Release notes

Sourced from tj-actions/branch-names's releases.

v8.0.1

What's Changed

• Upgraded to v8 by @​tj-actions-bot in tj-actions/branch-names#275
• chore(deps): update github/codeql-action action to v3 by @​renovate in tj-actions/branch-names#276
• chore(deps): update tj-actions/verify-changed-files action to v17 by @​renovate in tj-actions/branch-names#277
• Updated README.md by @​tj-actions-bot in tj-actions/branch-names#278
• Bump peter-evans/create-pull-request from 5 to 6 by @​dependabot in tj-actions/branch-names#279
• chore(deps): update tj-actions/verify-changed-files action to v18 by @​renovate in tj-actions/branch-names#281
• chore: update test.yml by @​jackton1 in tj-actions/branch-names#282

Full Changelog: tj-actions/branch-names@v8...v8.0.1

v8.0.0

Major version to prevent errors with dependabot upgrades.

What's Changed

• Upgraded to v7.0.7 by @​tj-actions-bot in tj-actions/branch-names#273
• chore: Create SECURITY.md by @​jackton1 in tj-actions/branch-names#274

Full Changelog: tj-actions/branch-names@v7...v8.0.0

v8

Changes in v8.0.1

What's Changed

• Upgraded to v8 by @​tj-actions-bot in tj-actions/branch-names#275
• chore(deps): update github/codeql-action action to v3 by @​renovate in tj-actions/branch-names#276
• chore(deps): update tj-actions/verify-changed-files action to v17 by @​renovate in tj-actions/branch-names#277
• Updated README.md by @​tj-actions-bot in tj-actions/branch-names#278
• Bump peter-evans/create-pull-request from 5 to 6 by @​dependabot in tj-actions/branch-names#279
• chore(deps): update tj-actions/verify-changed-files action to v18 by @​renovate in tj-actions/branch-names#281
• chore: update test.yml by @​jackton1 in tj-actions/branch-names#282

Full Changelog: tj-actions/branch-names@v8...v8.0.1

---

Changes in v8.0.0

Major version to prevent errors with dependabot upgrades.

What's Changed

• Upgraded to v7.0.7 by @​tj-actions-bot in tj-actions/branch-names#273
• chore: Create SECURITY.md by @​jackton1 in tj-actions/branch-names#274

Full Changelog: tj-actions/branch-names@v7...v8.0.0

---

... (truncated)

Changelog

Sourced from tj-actions/branch-names's changelog.

Changelog

8.0.1 - (2024-02-07)

📦 Bumps

• Bump peter-evans/create-pull-request from 5 to 6

Bumps peter-evans/create-pull-request from 5 to 6.

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] [email protected] (d7e1c12) - (dependabot[bot])

🔄 Update

• Updated README.md (331c645) - (jackton1)
• Update README.md (1dd881b) - (Tonye Jack)
• Update README.md (df61b49) - (Tonye Jack)

📝 Other

• PR #282: update test.yml (6871f53) - (repo-ranger[bot])
• PR #281: update tj-actions/verify-changed-files action to v18 (b08a65c) - (repo-ranger[bot])
• PR #279: peter-evans/create-pull-request from 5 to 6 (daaa308) - (repo-ranger[bot])
• PR #278: README.md (e6d7f60) - (repo-ranger[bot])
• PR #277: update tj-actions/verify-changed-files action to v17 (6a42993) - (repo-ranger[bot])
• PR #276: update github/codeql-action action to v3 (3480893) - (repo-ranger[bot])
• PR #275: to v8 (ce11ce0) - (repo-ranger[bot])

⚙️ Miscellaneous Tasks

• Update test.yml (fd631fd) - (Tonye Jack)
• deps: Update tj-actions/verify-changed-files action to v18 (7a67835) - (renovate[bot])
• deps: Update tj-actions/verify-changed-files action to v17 (2fc8b99) - (renovate[bot])
• deps: Update github/codeql-action action to v3 (133b286) - (renovate[bot])

⬆️ Upgrades

• Upgraded from v7.0.7 -> v8 (cf62a9f) - (jackton1)

... (truncated)

Commits

• 6871f53 Merge pull request #282 from tj-actions/chore/update-test.yml
• fd631fd chore: update test.yml
• b08a65c Merge pull request #281 from tj-actions/renovate/tj-actions-verify-changed-fi...
• 7a67835 chore(deps): update tj-actions/verify-changed-files action to v18
• daaa308 Merge pull request #279 from tj-actions/dependabot/github_actions/peter-evans...
• d7e1c12 Bump peter-evans/create-pull-request from 5 to 6
• e6d7f60 Merge pull request #278 from tj-actions/chore/update-readme
• 331c645 Updated README.md
• 1dd881b Update README.md
• 6a42993 Merge pull request #277 from tj-actions/renovate/tj-actions-verify-changed-fi...
• Additional commits viewable in compare view

Updates actions/setup-python from 4.7.0 to 5.1.0

Release notes

Sourced from actions/setup-python's releases.

v5.1.0

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-python#766.
• Dependency updates by @​dependabot and @​HarithaVattikuti in actions/setup-python#817
• Documentation changes for version in README by @​basnijholt in actions/setup-python#776
• Documentation changes for link in README by @​ukd1 in actions/setup-python#793
• Documentation changes for link in Advanced Usage by @​Jamim in actions/setup-python#782
• Documentation changes for avoiding rate limit issues on GHES by @​priya-kinthali in actions/setup-python#835

New Contributors

• @​basnijholt made their first contribution in actions/setup-python#776
• @​ukd1 made their first contribution in actions/setup-python#793
• @​Jamim made their first contribution in actions/setup-python#782
• @​Shegox made their first contribution in actions/setup-python#766
• @​priya-kinthali made their first contribution in actions/setup-python#835

Full Changelog: actions/setup-python@v5.0.0...v5.1.0

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

• Trim python version when reading from file by @​FerranPares in actions/setup-python#628
• Use non-deprecated versions in examples by @​jeffwidman in actions/setup-python#724
• Change deprecation comment to past tense by @​jeffwidman in actions/setup-python#723
• Bump @​babel/traverse from 7.9.0 to 7.23.2 by @​dependabot in actions/setup-python#743
• advanced-usage.md: Encourage the use actions/checkout@v4 by @​cclauss in actions/setup-python#729
• Examples now use checkout@v4 by @​simonw in actions/setup-python#738
• Update actions/checkout to v4 by @​dmitry-shibanov in actions/setup-python#761

New Contributors

• @​FerranPares made their first contribution in actions/setup-python#628
• @​timfel made their first contribution in actions/setup-python#694

... (truncated)

Commits

• 82c7e63 Documentation changes for avoiding rate limit issues on GHES (#835)
• 10aa35a feat: fallback to raw endpoint for manifest when rate limit is reached (#766)
• 9a7ac94 Bump undici from 5.27.2 to 5.28.3 (#817)
• 871daa9 Fix the "Specifying multiple Python/PyPy versions" link (#782)
• 2f07895 Fix broken README.md link (#793)
• e9d6f99 Replace setup-python@v4 by setup-python@v5 in README (#776)
• 0a5c615 Update action to node20 (#772)
• 0ae5836 Add example of GraalPy to docs (#773)
• b64ffca update actions/checkout to v4 (#761)
• 8d28961 Examples now use checkout@v4 (#738)
• Additional commits viewable in compare view

Updates actions/cache from 3.3.2 to 4.0.2

Release notes

Sourced from actions/cache's releases.

v4.0.2

What's Changed

• Fix fail-on-cache-miss not working by @​cdce8p in actions/cache#1327

Full Changelog: actions/cache@v4.0.1...v4.0.2

v4.0.1

What's Changed

• Update README.md by @​yacaovsnc in actions/cache#1304
• Update examples by @​yacaovsnc in actions/cache#1305
• Update actions/cache publish flow by @​bethanyj28 in actions/cache#1340
• Update @​actions/cache by @​bethanyj28 in actions/cache#1341

New Contributors

• @​yacaovsnc made their first contribution in actions/cache#1304

Full Changelog: actions/cache@v4...v4.0.1

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

• Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

• Added option to fail job on cache miss.

3.2.3

• Support cross os caching on Windows as an opt-in feature.
• Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

... (truncated)

Commits

• 0c45773 Merge pull request #1327 from cdce8p/fix-fail-on-cache-miss
• 8a55f83 Add test case for process exit
• 3884cac Bump version
• e29dad3 Fix fail-on-cache-miss not working
• ab5e6d0 Merge pull request #1341 from bethanyj28/main
• 89c7d86 licensed cache
• d2c84da update @​actions/cache
• 37e7d4e Merge pull request #1340 from actions/bethanyj28/update-publish-flow
• a18323f add release action
• a2ed59d Merge pull request #1305 from actions/yacaovsnc/update_examples
• Additional commits viewable in compare view

Updates azure/setup-helm from 3.5 to 4

Release notes

Sourced from azure/setup-helm's releases.

v4.0.0

• #121 update to node20 as node16 is deprecated

Changelog

Sourced from azure/setup-helm's changelog.

Change Log

[4.2.0] - 2024-04-15

• #124 Fix OS detection and download OS-native archive extension

[4.1.0] - 2024-03-01

• #130 switches to use Helm published file to read latest version instead of using GitHub releases

[4.0.0] - 2024-02-12

• #121 update to node20 as node16 is deprecated

Commits

• fe7b79c build
• df50d87 Release v4.2.0 (#134)
• 08d7123 Bump undici from 5.28.2 to 5.28.4 (#133)
• 0a0c55a Fix os detection and archive extension (#124)
• d00ce1c update to release workflow major version tag (#132)
• 4c255dd publish version 4.1.0 (#131)
• ec8dd7c switching to fetching latest version from the dedicated file (#130)
• efbd96d Fix action version in README.md (#129)
• 859dc38 v4 readme update (#127)
• 0788eb3 v4 release and required workflow updates (#125)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.3 to 4.3.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.3

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in actions/upload-artifact#565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in actions/upload-artifact#516
• Minor fix to the migration readme by @​andrewakim in actions/upload-artifact#523
• Update readme with v3/v2/v1 deprecation notice by @​robherley in actions/upload-artifact#561
• updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @​eggyhead in actions/upload-artifact#562

New Contributors

• @​andrewakim made their first contribution in actions/upload-artifact#523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in actions/upload-artifact#504
• Add sub-action to merge artifacts by @​robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

• Ability to overwrite an Artifact by @​robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

• Add migrations docs by @​robherley in actions/upload-artifact#482
• Update README.md by @​samuelwine in actions/upload-artifact#492
• Support artifact-url output by @​konradpabjan in actions/upload-artifact#496
• Update readme to reflect new 500 artifact per job limit by @​robherley in actions/upload-artifact#497

New Contributors

• @​samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

... (truncated)

Commits

• 6546280 updating package version
• c004fb4 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
• 90aba49 updating toolkit artifact dependency to 2.1.6
• b06cde3 Merge pull request #563 from actions/eggyhead/release-4.3.2
• 1746f4a Revert "updating to release 4.3.2"
• 31685d0 updating to release 4.3.2
• 18bf333 Merge pull request #562 from actions/eggyhead/update-artifact-v215
• dac413b update package lock version
• bb3b4a3 updating package version
• 3e3da83 updating artifact and core dependencies
• Additional commits viewable in compare view

Updates github/codeql-action from 2.21.7 to 3.25.7

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

• Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

• We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

• Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

• Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
• Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
• The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

• Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

• Update default CodeQL bundle version to 2.17.1. #2247
• Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

3.25.1 - 17 Apr 2024

• We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode. #2235
• Fix a bug where the init Action would fail if --overwrite was specified in CODEQL_ACTION_EXTRA_OPTIONS. #2245

3.25.0 - 15 Apr 2024

• The deprecated feature for extracting dependencies for a Python analysis has been removed. #2224

  As a result, the following inputs and environment variables are now ignored:

  • The setup-python-dependencies input to the init Action
  • The CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION environment variable

... (truncated)

Commits

• f079b84 Merge pull request #2317 from github/update-v3.25.7-a095bf2a1
• e1a4268 Update changelog for v3.25.7
• a095bf2 Merge pull request #2313 from github/revert-2312-update-bundle/codeql-bundle-...
• bbd4e19 Revert "Update default bundle to 2.17.4"
• 9ab5d16 Merge pull request #2312 from github/update-bundle/codeql-bundle-v2.17.4
• 028346e Add changelog note
• 5fe0847 Update default bundle to codeql-bundle-v2.17.4
• 9550da9 Merge pull request #2311 from github/henrymercer/pack-missing-auth-config-error
• 6548a4d Add configuration error for missing auth to package registry
• 7927df0 Bump micromatch from 4.0.5 to 4.0.7 in the npm group (#2310)
• Additional commits viewable in compare view

Updates fossa-contrib/fossa-action from 2.0.0 to 3.0.0

Release notes

Sourced from fossa-contrib/fossa-action's releases.

v3.0.0

Changed

• Update default runtime to node20.

Changelog

Sourced from fossa-contrib/fossa-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[unreleased]

[3.0.0] - 2023-11-24

Changed

• Update default runtime to node20.

[2.0.0] - 2023-02-14

Changed

• Update default runtime to node16.

[1.2.0] - 2021-11-14

Added

• Allow the endpoint flag to be set.

[1.1.5] - 2021-11-14

Fixed

• Introduce changes for fossa cli v3.

[1.1.4] - 2020-02-02

Fixed

• Improve error handling at the entry point.

[1.1.3] - 2020-11-30

Changed

• Provide the github.token by default.

[1.1.2] - 2020-10-16

Fixed

... (truncated)

Commits

• cdc5065 Prepare v3.0.0
• e0cd480 Update default runtime to node20
• 2fb4cbd @tsconfig/node16 -> @tsconfig/node20
• f8e8957 Update dependency @​types/node to v20.9.4
• 79fdf90 Update dependency @​types/semver to v7.5.6
• feee8c0 Update dependency @​types/node to v20.9.3
• 2e41b6b Update dependency typescript to v5.3.2
• 1c9d223 Update typescript-eslint monorepo to v6.12.0
• bb587f5 Lock file maintenance
• 798c451 Update dependency @​types/node to v20.9.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #1324.