Skip to content

chore(deps): bump the actions group across 1 directory with 6 updates#3

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-67810e8458
Open

chore(deps): bump the actions group across 1 directory with 6 updates#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-67810e8458

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps the actions group with 6 updates in the / directory:

Package From To
actions/checkout 4 6
xu-cheng/latex-action 3 4
actions/upload-artifact 4 7
actions/setup-python 5 6
actions/github-script 7 9
actions/stale 9 10

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates xu-cheng/latex-action from 3 to 4

Release notes

Sourced from xu-cheng/latex-action's releases.

v4

[!NOTE] This is a meta tag pointed to the latest release.

3.3.0

  • Support TeXLive 2025.

3.2.0

  • Support TeXLive 2024.
  • Auto set tlmgr repo url for historical TeXLive version.

3.1.0

Port changes from xu-cheng/texlive-action

  • use env to pass inputs
  • better printed commands

3.0.2

  • Expose more env to docker container

3.0.1

  • Enforce using true for boolean input options.
  • Remove deprecated extra_packages input.
Commits
  • 6549dc2 feat: support texlive 2026
  • 06c9f6d feat: add dependabot
  • 6ba9375 chore: update actions
  • d6769d3 README.md: minor additions
  • 577e3bf chore: Bump GitHub checkout action to latest released version v6
  • e370bea fix: correct broken link in README.md
  • ee10d5a chore: update license
  • 81b7b9a ci: update permissions
  • 6e08cb1 ci: update permissions
  • a1faf8e chore: update README
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
  • bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
  • 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
  • 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
  • bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
  • 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
  • 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
  • cfd55ca graalpy: add graalpy early-access and windows builds (#880)
  • bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
  • 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
  • Additional commits viewable in compare view

Updates actions/github-script from 7 to 9

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

... (truncated)

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[10.1.0]

What's Changed

[10.0.0]

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

... (truncated)

Commits
  • b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
  • dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
  • d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
  • a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
  • 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
  • 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
  • fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
  • 39bea7d Add Missing Input Reading for only-issue-types (#1298)
  • e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
  • 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-67810e8458 branch from 25a7be3 to 06936e0 Compare April 16, 2026 04:31
heznpc added a commit that referenced this pull request Apr 19, 2026
@heznpc
feat(service): enforce tenant isolation via MCP auth context (#3)
bf82bcf 
Multi-token auth
- PLOIDY_TOKENS accepts a JSON map {token: tenant_id}; each token
  authorises one tenant and resolves to AccessToken.client_id. The
  single-token PLOIDY_AUTH_TOKEN path still works as "one tenant".
- Token verifier iterates every candidate so compare time is
  independent of which entry matches.
- _current_owner() reads get_access_token() from the FastMCP auth
  middleware context and returns the resolved tenant to each tool.

Service-layer enforcement
- DebateService tracks debate_owners per debate, populated on create
  (start_debate / run_solo / run_auto) and on recovery from the DB.
- _require_owner() is called at the top of every lookup path:
  join / status / cancel / delete / converge / submit_position /
  submit_challenge / review. Cross-tenant access surfaces as
  "Debate {id} not found" — no side-channel about who owns it.
- owner_id=None rows stay visible to any caller so single-tenant
  deployments and legacy databases keep working.

Tests (9 new)
- Tenant A/B isolation on history/status/cancel/delete/join/position.
- Unscoped legacy debate visible across tenants.
- Ownership survives a shutdown + re-initialise cycle.
- Server-layer tool resolves owner from a mocked auth context.

61 passed, 1 deselected. Ruff + format clean.
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-67810e8458 branch 2 times, most recently from e0e4f30 to 53dd757 Compare April 23, 2026 04:31
@dependabot
chore(deps): bump the actions group across 1 directory with 6 updates
1db33dd 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [xu-cheng/latex-action](https://github.com/xu-cheng/latex-action) | `3` | `4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `9` |
| [actions/stale](https://github.com/actions/stale) | `9` | `10` |



Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `xu-cheng/latex-action` from 3 to 4
- [Release notes](https://github.com/xu-cheng/latex-action/releases)
- [Commits](xu-cheng/latex-action@v3...v4)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `actions/github-script` from 7 to 9
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v9)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: xu-cheng/latex-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the actions group across 1 directory with 6 updates chore(deps): bump the actions group across 1 directory with 6 updates May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-67810e8458 branch from 53dd757 to 1db33dd Compare May 14, 2026 04:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants