build(deps): bump the github-actions-all group across 1 directory with 9 updates

[dependabot]

Bumps the github-actions-all group with 9 updates in the / directory:

Package	From	To
actions/checkout	4.2.2	6.0.1
actions/setup-go	5.5.0	6.1.0
schubergphilis/mcvs-docker-action	0.7.2	0.8.3
docker/setup-qemu-action	3.6.0	3.7.0
docker/setup-buildx-action	3.11.1	3.12.0
docker/login-action	3.4.0	3.6.0
schubergphilis/mcvs-golang-action	3.3.1	3.7.21
schubergphilis/mcvs-pr-validation-action	0.2.0	0.2.1
svenstaro/upload-release-action	2.10.0	2.11.3

Updates actions/checkout from 4.2.2 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• 08eba0b Prepare release v4.3.0 (#2237)
• Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.1.0

Release notes

Sourced from actions/setup-go's releases.

v6.1.0

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in actions/setup-go#665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in actions/setup-go#673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in actions/setup-go#674

Dependency updates

• Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @​dependabot in actions/setup-go#617
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/setup-go#641
• Upgrade semver and @​types/semver by @​dependabot in actions/setup-go#652

New Contributors

• @​nicholasngai made their first contribution in actions/setup-go#665
• @​priya-kinthali made their first contribution in actions/setup-go#673
• @​mahabaleshwars made their first contribution in actions/setup-go#674

Full Changelog: actions/setup-go@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in actions/setup-go#460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in actions/setup-go#589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-go#591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in actions/setup-go#590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-go#594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in actions/setup-go#538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in actions/setup-go#603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in actions/setup-go#618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-go#631

New Contributors

• @​matthewhughes934 made their first contribution in actions/setup-go#618
• @​salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.6.0

What's Changed

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​aparnajyothi-y in actions/setup-go#689

... (truncated)

Commits

• 4dc6199 Bump semver and @​types/semver (#652)
• f3787be Add comprehensive breaking changes documentation for v6 (#674)
• 3a0c2c8 Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)
• faf5242 Add support for .tool-versions file in setup-go, update workflow (#673)
• 7bc60db Fall back to downloading from go.dev/dl instead of storage.googleapis.com/gol...
• c0137ca Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking chang...
• 4469467 Bump actions/checkout from 4 to 5 (#631)
• e093d1e Node 24 upgrade (#624)
• 1d76b95 Improve toolchain handling (#460)
• e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
• Additional commits viewable in compare view

Updates schubergphilis/mcvs-docker-action from 0.7.2 to 0.8.3

Release notes

Sourced from schubergphilis/mcvs-docker-action's releases.

v0.8.3

What's Changed

• build(deps): bump anchore/scan-action from 7.0.0 to 7.0.2 in the github-actions-all group by @​dependabot[bot] in schubergphilis/mcvs-docker-action#139
• build(deps): bump anchore/scan-action from 7.0.2 to 7.1.0 in the github-actions-all group by @​dependabot[bot] in schubergphilis/mcvs-docker-action#140

Full Changelog: schubergphilis/mcvs-docker-action@v0.8.2...v0.8.3

v0.8.2

What's Changed

• build(deps): bump the github-actions-all group across 1 directory with 4 updates by @​dependabot[bot] in schubergphilis/mcvs-docker-action#138

Full Changelog: schubergphilis/mcvs-docker-action@v0.8.1...v0.8.2

v0.8.1

What's Changed

• build(deps): bump the github-actions-all group across 1 directory with 4 updates by @​dependabot[bot] in schubergphilis/mcvs-docker-action#134

Full Changelog: schubergphilis/mcvs-docker-action@v0.8.0...v0.8.1

v0.8.0

What's Changed

• feat: make push to a container registry optional by @​sbp-bvanb in schubergphilis/mcvs-docker-action#131

Full Changelog: schubergphilis/mcvs-docker-action@v0.7.4...v0.8.0

v0.7.4

What's Changed

• build(deps): bump the github-actions-all group with 2 updates by @​dependabot[bot] in schubergphilis/mcvs-docker-action#129
• fix: move yamllint to general action by @​sbp-bvanb in schubergphilis/mcvs-docker-action#130

Full Changelog: schubergphilis/mcvs-docker-action@v0.7.3...v0.7.4

v0.7.3

What's Changed

• build(deps): bump schubergphilis/mcvs-pr-validation-action from 0.2.0 to 0.2.1 in the github-actions-all group by @​dependabot in schubergphilis/mcvs-docker-action#126
• fix: #123 build args passed as-is if multiline, else formatted as application=value by @​030 in schubergphilis/mcvs-docker-action#127

Full Changelog: schubergphilis/mcvs-docker-action@v0.7.2...v0.7.3

Commits

• 4e9fb5e build(deps): bump anchore/scan-action in the github-actions-all group (#140)
• 0a0474e build(deps): bump anchore/scan-action in the github-actions-all group (#139)
• c706614 build(deps): bump the github-actions-all group across 1 directory with 4 upda...
• 39fc415 build(deps): bump the github-actions-all group across 1 directory with 4 upda...
• 64044b0 feat: make push to a container registry optional (#131)
• e9660d1 fix: move yamllint to general action (#130)
• 1d79f8f build(deps): bump the github-actions-all group with 2 updates (#129)
• 03aba0a fix: #123 build args passed as-is if multiline, else formatted as applicati...
• b0ad628 build(deps): bump schubergphilis/mcvs-pr-validation-action (#126)
• See full diff in compare view

Updates docker/setup-qemu-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.7.0

• Bump @​docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218
• Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

Commits

• c7c5346 Merge pull request #230 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 3a517a1 chore: update generated content
• a5b45ed build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.67.0
• 3a64278 Merge pull request #220 from docker/dependabot/npm_and_yarn/brace-expansion-1...
• 94906ba chore: update generated content
• 4027abf build(deps): bump brace-expansion from 1.1.11 to 1.1.12
• bee0aaa Merge pull request #221 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• 0d7e257 chore: update generated content
• b869601 build(deps): bump tmp from 0.2.3 to 0.2.4
• 3a043ed Merge pull request #219 from docker/dependabot/npm_and_yarn/undici-5.29.0
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

• Deprecate install input by @​crazy-max in docker/setup-buildx-action#455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits

• 8d2750c Merge pull request #455 from crazy-max/install-deprecated
• e81846b deprecate install input
• 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
• 000d75d build(deps): bump actions/checkout from 5 to 6
• 1583c0f Merge pull request #443 from nicolasleger/patch-1
• ed158e7 doc: bump actions/checkout from 4 to 5
• 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
• 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
• af1b253 Merge pull request #440 from crazy-max/k3s-build
• 3c6ab92 ci: k3s test with latest buildx
• Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

• Add registry-auth input for raw authentication to registries by @​crazy-max in docker/login-action#887
• Bump @​aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880
• Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879
• Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

• Support dual-stack endpoints for AWS ECR by @​Spacefish @​crazy-max in docker/login-action#874 docker/login-action#876
• Bump @​aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878
• Bump @​aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878
• Bump @​docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870
• Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

Commits

• 5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 97e3143 chore: update generated content
• 3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
• 5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• abc9fb3 chore: update generated content
• d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
• a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 0d7fae8 chore: update generated content
• 9832253 build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.63.0
• 09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• Additional commits viewable in compare view

Updates schubergphilis/mcvs-golang-action from 3.3.1 to 3.7.21

Release notes

Sourced from schubergphilis/mcvs-golang-action's releases.

v3.7.21

What's Changed

• build(deps): weekly update package versions that cannot be updated by dependabot by @​github-actions[bot] in schubergphilis/mcvs-golang-action#371
• build(deps): bump the github-actions-all group with 2 updates by @​dependabot[bot] in schubergphilis/mcvs-golang-action#370
• build(deps): bump golang version from 1.25.4 to 1.25.5 by @​github-actions[bot] in schubergphilis/mcvs-golang-action#368

Full Changelog: schubergphilis/mcvs-golang-action@v3.7.20...v3.7.21

v3.7.20

What's Changed

• fix: auto update osv scanner, table output and expiry by @​sbp-bvanb in schubergphilis/mcvs-golang-action#362
• build(deps): bump the github-actions-all group with 5 updates by @​dependabot[bot] in schubergphilis/mcvs-golang-action#366

Full Changelog: schubergphilis/mcvs-golang-action@v3.7.19...v3.7.20

v3.7.19

What's Changed

• feat: update osv-scanner to v2.3.0 and adjust its installation path by @​ergousha in schubergphilis/mcvs-golang-action#360

Full Changelog: schubergphilis/mcvs-golang-action@v3.7.18...v3.7.19

v3.7.18

What's Changed

• build(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions-all group by @​dependabot[bot] in schubergphilis/mcvs-golang-action#358
• refactor: Replace govulncheck with osv-scanner for vulnerability scanning by @​ergousha in schubergphilis/mcvs-golang-action#359

New Contributors

• @​ergousha made their first contribution in schubergphilis/mcvs-golang-action#359

Full Changelog: schubergphilis/mcvs-golang-action@v3.7.17...v3.7.18

v3.7.17

What's Changed

• build(deps): weekly update package versions that cannot be updated by dependabot by @​github-actions[bot] in schubergphilis/mcvs-golang-action#356
• build(deps): weekly update package versions that cannot be updated by dependabot by @​github-actions[bot] in schubergphilis/mcvs-golang-action#357

Full Changelog: schubergphilis/mcvs-golang-action@v3.7.16...v3.7.17

v3.7.16

What's Changed

• build(deps): weekly update package versions that cannot be updated by dependabot by @​github-actions[bot] in schubergphilis/mcvs-golang-action#349
• build: enable stale bot by @​sbp-bvanb in schubergphilis/mcvs-golang-action#347
• build: enable yamllint and security-file-system general action by @​sbp-bvanb in schubergphilis/mcvs-golang-action#346
• build(deps): bump golang version from 1.25.3 to 1.25.4 by @​github-actions[bot] in schubergphilis/mcvs-golang-action#350
• build: auto-update govulncheck by @​sbp-bvanb in schubergphilis/mcvs-golang-action#352
• fix: exclude govulncheck vulnerabilities if needed by @​sbp-bvanb in schubergphilis/mcvs-golang-action#353

... (truncated)

Commits

• b46f3d5 build(deps): bump golang version from 1.25.4 to 1.25.5 (#368)
• 1fa79b9 build(deps): bump the github-actions-all group with 2 updates (#370)
• 0544bf8 build(deps): weekly update package versions that cannot be updated by dependa...
• 9495b77 build(deps): bump the github-actions-all group with 5 updates (#366)
• 5465d71 fix: auto update osv scanner, table output and expiry (#362)
• de8a0d9 feat: update osv-scanner to v2.3.0 and adjust its installation path (#360)
• 4908ada refactor: replace govulncheck with osv-scanner for vulnerability scanning (#359)
• c3a12db build(deps): bump actions/checkout in the github-actions-all group (#358)
• acbb7ae build(deps): weekly update package versions that cannot be updated by dependa...
• dd91d35 build(deps): weekly update package versions that cannot be updated by dependa...
• Additional commits viewable in compare view

Updates schubergphilis/mcvs-pr-validation-action from 0.2.0 to 0.2.1

Release notes

Sourced from schubergphilis/mcvs-pr-validation-action's releases.

v0.2.1

What's Changed

• fix: #10 remove untested and broken issue description check by @​sbp-bvanb in schubergphilis/mcvs-pr-validation-action#16
• build(deps): bump actions/checkout from 4.1.7 to 4.2.2 by @​dependabot in schubergphilis/mcvs-pr-validation-action#15

Full Changelog: schubergphilis/mcvs-pr-validation-action@v0.2.0...v0.2.1

Commits

• 1258718 build(deps): bump actions/checkout from 4.1.7 to 4.2.2 (#15)
• 3907065 fix: #10 remove untested and broken issue description check (#16)
• See full diff in compare view

Updates svenstaro/upload-release-action from 2.10.0 to 2.11.3

Release notes

Sourced from svenstaro/upload-release-action's releases.

2.11.3

Post-fix Github errors - releases created as draft when they shouldn't have been - #99

2.11.2

Solved race-condition when matrix builds try to create the same release at the same time - #147

2.11.1

Fixed input and output names for release_id

2.11.0

• Adds a release_id output, and optional input, for uploading files to release - #136 (thanks @​alexis-opolka)

Changelog

Sourced from svenstaro/upload-release-action's changelog.

[2.11.3] - 2025-11-20

• Post-fix releases created as draft when they shouldn't have - #99

[2.11.2] - 2025-07-06

• Solved race-condition when matrix builds try to create the same release at the same time - #147

[2.11.1] - 2025-06-30

• Adds a release_id output, and optional input, for uploading files to release - #136 (thanks @​alexis-opolka)

Commits

• 6b7fa9f 2.11.3
• d78c255 Fix releases that are created as drafts (github error) (#151)
• 7027b76 Update README.md - explicated permission error resolution
• 81c65b7 2.11.2
• b89a939 Solve the race-condition when matrix builds try to create the same release (#...
• 5e35e58 2.11.1
• fc6aa16 Separate E2E tests into draft + non-draft - each one has its own cleanup (#146)
• 02f15da 2.11.0
• 0b45752 Added docs for draft, input validation, and outputs (#145)
• 7edb9f0 E2E draft tests (#144)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions