build(deps): bump the github-actions group with 4 updates by dependabot[bot] · Pull Request #1130 · gocd/docs.go.cd

dependabot · 2026-05-01T06:42:45Z

Bumps the github-actions group with 4 updates: step-security/harden-runner, ruby/setup-ruby, actions/setup-node and aws-actions/configure-aws-credentials.

Updates step-security/harden-runner from 2.16.1 to 2.19.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.

System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

v2.18.0

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

Commits

8d3c67d Release v2.19.0 (#661)
6c3c2f2 Feature/deploy on self hosted vm (#658)
f808768 Feature/policy store (#656)
See full diff in compare view

Updates ruby/setup-ruby from 1.299.0 to 1.306.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.306.0

What's Changed

Add truffleruby-34.0.1,truffleruby+graalvm-34.0.1 by @ruby-builder-bot in ruby/setup-ruby#909

Full Changelog: ruby/setup-ruby@v1.305.0...v1.306.0

v1.305.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#908

Full Changelog: ruby/setup-ruby@v1.304.0...v1.305.0

v1.304.0

What's Changed

Add jruby-10.1.0.0 by @ruby-builder-bot in ruby/setup-ruby#906

Full Changelog: ruby/setup-ruby@v1.303.0...v1.304.0

v1.303.0

What's Changed

Add ruby-4.0.3 by @ruby-builder-bot in ruby/setup-ruby#903

Full Changelog: ruby/setup-ruby@v1.302.0...v1.303.0

v1.302.0

Full Changelog: ruby/setup-ruby@v1.301.0...v1.302.0

v1.301.0

What's Changed

Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0 by @ruby-builder-bot in ruby/setup-ruby#901

Full Changelog: ruby/setup-ruby@v1.300.0...v1.301.0

v1.300.0

What's Changed

Refactor matrix script by @ntkme in ruby/setup-ruby#897

Add jruby-10.0.5.0 by @ruby-builder-bot in ruby/setup-ruby#900

Full Changelog: ruby/setup-ruby@v1.299.0...v1.300.0

Commits

c4e5b13 Add truffleruby-34.0.1,truffleruby+graalvm-34.0.1
0cb964f Update CRuby releases on Windows
94e4d89 Add jruby-10.1.0.0
60ecfba Add ruby-4.0.3
7372622 Give a better error for TruffleRuby 34+ on macOS Intel
4c56a21 Darwin-x86_64 is no longer supported on TruffleRuby 34+
5d9c71d Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0
e65c17d Add jruby-10.0.5.0
ba696ad Refactor matrix script
2327de0 TruffleRuby 34+ does not support macOS Intel
See full diff in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

Upgrade @actions dependencies by @Copilot in actions/setup-node#1525

Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533

New Contributors

@Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
See full diff in compare view

Updates aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.0

6.1.0 (2026-04-06)

Features

add skip cleanup option (#1716) (11b1c58), closes #1545

Support usage of AWS Profiles (#1696) (a7f0c82)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.0 (2026-04-06)

Features

add skip cleanup option (#1716) (11b1c58), closes #1545

Support usage of AWS Profiles (#1696) (a7f0c82)

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

release 5.1.1 (56d6a58)

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

5.0.0 (2025-09-03)

... (truncated)

Commits

ec61189 chore(main): release 6.1.0 (#1717)
81676eb chore(deps): bump vite from 7.1.11 to 7.3.2 (#1721)
dc64d28 chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#1720)
bc0a50a chore: Update dist
9ea6412 chore(deps): bump proxy-agent from 6.5.0 to 7.0.0 (#1686)
0a87594 chore: Update dist
a7f0c82 feat: Support usage of AWS Profiles (#1696)
e6bb6e5 chore: add text to CONTRIBUTING.md (#1719)
11b1c58 feat: add skip cleanup option (#1716)
51635db chore: Update dist
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [actions/setup-node](https://github.com/actions/setup-node) and [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `step-security/harden-runner` from 2.16.1 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@fe10465...8d3c67d) Updates `ruby/setup-ruby` from 1.299.0 to 1.306.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@3ff19f5...c4e5b13) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) Updates `aws-actions/configure-aws-credentials` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@8df5847...ec61189) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ruby/setup-ruby dependency-version: 1.306.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026

chadlwilson merged commit bcdbd7a into master May 1, 2026
1 check failed

dependabot Bot deleted the dependabot/github_actions/github-actions-9265b56154 branch May 1, 2026 07:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the github-actions group with 4 updates#1130

build(deps): bump the github-actions group with 4 updates#1130
chadlwilson merged 1 commit into
masterfrom
dependabot/github_actions/github-actions-9265b56154

dependabot Bot commented on behalf of github May 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 1, 2026

v2.19.0

What's Changed

New Runner Support

Automated Incident Response for Supply Chain Attacks

Bug Fixes

v2.18.0

What's Changed

v2.17.0

What's Changed

Policy Store Support

v1.306.0

What's Changed

v1.305.0

What's Changed

v1.304.0

What's Changed

v1.303.0

What's Changed

v1.302.0

v1.301.0

What's Changed

v1.300.0

What's Changed

v6.4.0

What's Changed

Dependency updates:

New Contributors

v6.1.0

6.1.0 (2026-04-06)

Features

Changelog

6.1.0 (2026-04-06)

Features

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

5.1.1 (2025-11-24)

Miscellaneous Chores

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant