Bump the github-actions group across 2 directories with 5 updates

dependabot[bot] · tjmoore4 · commit 47e39f252584 · 2026-02-06T10:24:10.000-05:00
Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Bumps the github-actions group with 2 updates in the /.github/actions/trivy directory: [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) and [actions/cache](https://github.com/actions/cache). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v5...v6) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) Updates `aquasecurity/setup-trivy` from 0.2.4 to 0.2.5 - [Release notes](https://github.com/aquasecurity/setup-trivy/releases) - [Commits](aquasecurity/setup-trivy@v0.2.4...v0.2.5) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/setup-trivy dependency-version: 0.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml
@@ -84,15 +84,15 @@ runs:
     # Install Trivy as requested.
     # NOTE: `setup-trivy` can download a "latest" version but cannot cache it.
     - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }}
-      uses: aquasecurity/setup-trivy@v0.2.4
+      uses: aquasecurity/setup-trivy@v0.2.5
       with:
         cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }}
         version: ${{ steps.parsed.outputs.version }}
 
     # Restore a recent cache beginning with the prefix.
     - id: restore
       if: ${{ contains(fromJSON(steps.parsed.outputs.cache), 'restore') }}
-      uses: actions/cache/restore@v4
+      uses: actions/cache/restore@v5
       with:
         path: ${{ inputs.cache-directory }}
         key: ${{ inputs.cache-prefix }}-
@@ -132,7 +132,7 @@ runs:
             (contains(fromJSON(steps.parsed.outputs.cache), 'success') && success())
           )
         }}
-      uses: actions/cache/save@v4
+      uses: actions/cache/save@v5
       with:
         key: ${{ steps.trivy.outputs.cache-key }}
         path: ${{ inputs.cache-directory }}
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
@@ -24,7 +24,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Install Go and produce a SARIF report. This fails only when the tool is
       # unable to scan.
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -12,7 +12,7 @@ jobs:
       contents: read
       checks: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -12,7 +12,7 @@ jobs:
   go-test:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -30,7 +30,7 @@ jobs:
       matrix:
         kubernetes: ['default']
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -42,7 +42,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip envtest.coverage
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: "~coverage~kubernetes-api=${{ matrix.kubernetes }}"
           path: envtest.coverage.gz
@@ -57,7 +57,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.34]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -77,7 +77,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip envtest-existing.coverage
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: "~coverage~kubernetes-k3d=${{ matrix.kubernetes }}"
           path: envtest-existing.coverage.gz
@@ -91,7 +91,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.34]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -165,10 +165,10 @@ jobs:
       - kubernetes-k3d
       - e2e-k3d-kuttl
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
-      - uses: actions/download-artifact@v6
+      - uses: actions/download-artifact@v7
         with: { path: download }
 
       # Combine the coverage profiles by taking the mode line from any one file
@@ -192,7 +192,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip total-coverage.html
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: coverage-report=html
           path: total-coverage.html.gz
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Download Trivy
         uses: ./.github/actions/trivy
         env:
@@ -43,7 +43,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Trivy needs a populated Go module cache to detect Go module licenses.
       - uses: actions/setup-go@v6
@@ -69,7 +69,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Report success only when detected secrets are listed in [.trivyignore.yaml].
       - name: Scan secrets
@@ -91,7 +91,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Print any detected secrets or vulnerabilities to the workflow log for
       # human consumption. This step fails only when Trivy is unable to scan.
