[llvm] Update [Github] Update GHA Dependencies (PR #166111)
via llvm-commits
llvm-commits at lists.llvm.org
Sun Nov 2 16:19:37 PST 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-github-workflow
Author: Mend Renovate (renovate-bot)
<details>
<summary>Changes</summary>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [EnricoMi/publish-unit-test-result-action](https://redirect.github.com/EnricoMi/publish-unit-test-result-action) | action | minor | `v2.20.0` -> `v2.21.0` |
| [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | patch | `v4.6.0` -> `v4.6.2` |
| [docker/login-action](https://redirect.github.com/docker/login-action) | action | minor | `v3.5.0` -> `v3.6.0` |
| [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.30.4` -> `v3.31.2` |
| llvm/actions | action | digest | `a1ea791` -> `42d8057` |
| [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | patch | `v2.4.2` -> `v2.4.3` |
| [python](https://redirect.github.com/actions/python-versions) | uses-with | minor | `3.13` -> `3.14` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Release Notes
<details>
<summary>EnricoMi/publish-unit-test-result-action (EnricoMi/publish-unit-test-result-action)</summary>
### [`v2.21.0`](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/releases/tag/v2.21.0)
[Compare Source](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/compare/v2.20.0...v2.21.0)
Adds the following improvements:
- Add Docker action to allow setting Docker registry and image [#&#<!-- -->8203;688](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/issues/688)
- Fix class name matching for NUnit3 [#&#<!-- -->8203;689](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/issues/689)
- Upgrade all Python dependencies to latest version [#&#<!-- -->8203;695](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/issues/695)
- Fix `@<!-- -->2` tag in `README.md` to `@<!-- -->v2` [#&#<!-- -->8203;687](https://redirect.github.com/EnricoMi/publish-unit-test-result-action/issues/687)
**Full Changelog**: <https://github.com/EnricoMi/publish-unit-test-result-action/compare/v2.20.0...v2.21.0>
</details>
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
### [`v4.6.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.2)
[Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.1...v4.6.2)
#### What's Changed
- Update to use artifact 2.3.2 package & prepare for new upload-artifact release by [@&#<!-- -->8203;salmanmkc](https://redirect.github.com/salmanmkc) in [#&#<!-- -->8203;685](https://redirect.github.com/actions/upload-artifact/pull/685)
#### New Contributors
- [@&#<!-- -->8203;salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [#&#<!-- -->8203;685](https://redirect.github.com/actions/upload-artifact/pull/685)
**Full Changelog**: <https://github.com/actions/upload-artifact/compare/v4...v4.6.2>
### [`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1)
[Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1)
#### What's Changed
- Update to use artifact 2.2.2 package by [@&#<!-- -->8203;yacaovsnc](https://redirect.github.com/yacaovsnc) in [#&#<!-- -->8203;673](https://redirect.github.com/actions/upload-artifact/pull/673)
**Full Changelog**: <https://github.com/actions/upload-artifact/compare/v4...v4.6.1>
</details>
<details>
<summary>docker/login-action (docker/login-action)</summary>
### [`v3.6.0`](https://redirect.github.com/docker/login-action/releases/tag/v3.6.0)
[Compare Source](https://redirect.github.com/docker/login-action/compare/v3.5.0...v3.6.0)
- Add `registry-auth` input for raw authentication to registries by [@&#<!-- -->8203;crazy-max](https://redirect.github.com/crazy-max) in [#&#<!-- -->8203;887](https://redirect.github.com/docker/login-action/pull/887)
- Bump [@&#<!-- -->8203;aws-sdk/client-ecr](https://redirect.github.com/aws-sdk/client-ecr) to 3.890.0 in [#&#<!-- -->8203;882](https://redirect.github.com/docker/login-action/pull/882) [#&#<!-- -->8203;890](https://redirect.github.com/docker/login-action/pull/890)
- Bump [@&#<!-- -->8203;aws-sdk/client-ecr-public](https://redirect.github.com/aws-sdk/client-ecr-public) to 3.890.0 in [#&#<!-- -->8203;882](https://redirect.github.com/docker/login-action/pull/882) [#&#<!-- -->8203;890](https://redirect.github.com/docker/login-action/pull/890)
- Bump [@&#<!-- -->8203;docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit) from 0.62.1 to 0.63.0 in [#&#<!-- -->8203;883](https://redirect.github.com/docker/login-action/pull/883)
- Bump brace-expansion from 1.1.11 to 1.1.12 in [#&#<!-- -->8203;880](https://redirect.github.com/docker/login-action/pull/880)
- Bump undici from 5.28.4 to 5.29.0 in [#&#<!-- -->8203;879](https://redirect.github.com/docker/login-action/pull/879)
- Bump tmp from 0.2.3 to 0.2.4 in [#&#<!-- -->8203;881](https://redirect.github.com/docker/login-action/pull/881)
**Full Changelog**: <https://github.com/docker/login-action/compare/v3.5.0...v3.6.0>
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
### [`v3.31.2`](https://redirect.github.com/github/codeql-action/compare/v3.31.1...v3.31.2)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.1...v3.31.2)
### [`v3.31.1`](https://redirect.github.com/github/codeql-action/compare/v3.31.0...v3.31.1)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.0...v3.31.1)
### [`v3.31.0`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.0)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.9...v3.31.0)
##### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
##### 3.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. [#&#<!-- -->8203;3223](https://redirect.github.com/github/codeql-action/pull/3223)
- When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#&#<!-- -->8203;3222](https://redirect.github.com/github/codeql-action/pull/3222)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.0/CHANGELOG.md) for more information.
### [`v3.30.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.9)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.8...v3.30.9)
##### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
##### 3.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. [#&#<!-- -->8203;3205](https://redirect.github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#&#<!-- -->8203;3204](https://redirect.github.com/github/codeql-action/pull/3204)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.9/CHANGELOG.md) for more information.
### [`v3.30.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.8)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.7...v3.30.8)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
#### 3.30.8 - 10 Oct 2025
No user facing changes.
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.8/CHANGELOG.md) for more information.
### [`v3.30.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.7)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.6...v3.30.7)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
#### 3.30.7 - 06 Oct 2025
No user facing changes.
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.7/CHANGELOG.md) for more information.
### [`v3.30.6`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.6)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.5...v3.30.6)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
#### 3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2. [#&#<!-- -->8203;3168](https://redirect.github.com/github/codeql-action/pull/3168)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md) for more information.
### [`v3.30.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.5)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.4...v3.30.5)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
#### 3.30.5 - 26 Sep 2025
- We fixed a bug that was introduced in `3.30.4` with `upload-sarif` which resulted in files without a `.sarif` extension not getting uploaded. [#&#<!-- -->8203;3160](https://redirect.github.com/github/codeql-action/pull/3160)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md) for more information.
</details>
<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>
### [`v2.4.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.3)
[Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3)
#### What's Changed
This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the [Scorecard v5.3.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.3.0).
#### Documentation
- docs: clarify `GITHUB_TOKEN` permissions needed for private repos by [@&#<!-- -->8203;pankajtaneja5](https://redirect.github.com/pankajtaneja5) in [#&#<!-- -->8203;1574](https://redirect.github.com/ossf/scorecard-action/pull/1574)
- :book: Fix recommended command to test the image in development by [@&#<!-- -->8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) in [#&#<!-- -->8203;1583](https://redirect.github.com/ossf/scorecard-action/pull/1583)
#### Other
- add missing top-level token permissions to workflows by [@&#<!-- -->8203;timothyklee](https://redirect.github.com/timothyklee) in [#&#<!-- -->8203;1566](https://redirect.github.com/ossf/scorecard-action/pull/1566)
- setup codeowners for requesting reviews by [@&#<!-- -->8203;spencerschrock](https://redirect.github.com/spencerschrock) in [#&#<!-- -->8203;1576](https://redirect.github.com/ossf/scorecard-action/pull/1576)
- :seedling: Improve printing options by [@&#<!-- -->8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) in [#&#<!-- -->8203;1584](https://redirect.github.com/ossf/scorecard-action/pull/1584)
#### New Contributors
- [@&#<!-- -->8203;timothyklee](https://redirect.github.com/timothyklee) made their first contribution in [#&#<!-- -->8203;1566](https://redirect.github.com/ossf/scorecard-action/pull/1566)
- [@&#<!-- -->8203;pankajtaneja5](https://redirect.github.com/pankajtaneja5) made their first contribution in [#&#<!-- -->8203;1574](https://redirect.github.com/ossf/scorecard-action/pull/1574)
- [@&#<!-- -->8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) made their first contribution in [#&#<!-- -->8203;1584](https://redirect.github.com/ossf/scorecard-action/pull/1584)
**Full Changelog**: <https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3>
</details>
<details>
<summary>actions/python-versions (python)</summary>
### [`v3.14.0`](https://redirect.github.com/actions/python-versions/releases/tag/3.14.0-18313368925): 3.14.0
[Compare Source](https://redirect.github.com/actions/python-versions/compare/3.13.9-18515951191...3.14.0-18313368925)
Python 3.14.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 12:59 AM, only on Monday ( * 0 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/llvm/llvm-project).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTkuNCIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---
Full diff: https://github.com/llvm/llvm-project/pull/166111.diff
9 Files Affected:
- (modified) .github/workflows/build-ci-container-tooling.yml (+1-1)
- (modified) .github/workflows/check-ci.yml (+1-1)
- (modified) .github/workflows/docs.yml (+1-1)
- (modified) .github/workflows/gha-codeql.yml (+2-2)
- (modified) .github/workflows/hlsl-test-all.yaml (+1-1)
- (modified) .github/workflows/libcxx-build-containers.yml (+1-1)
- (modified) .github/workflows/libcxx-run-benchmarks.yml (+1-1)
- (modified) .github/workflows/release-binaries.yml (+2-2)
- (modified) .github/workflows/scorecard.yml (+1-1)
``````````diff
diff --git a/.github/workflows/build-ci-container-tooling.yml b/.github/workflows/build-ci-container-tooling.yml
index c77c78617666d..992947eb2fffb 100644
--- a/.github/workflows/build-ci-container-tooling.yml
+++ b/.github/workflows/build-ci-container-tooling.yml
@@ -63,7 +63,7 @@ jobs:
podman save ${{ steps.vars.outputs.container-name-lint-tag }} > ${{ steps.vars.outputs.container-lint-filename }}
- name: Upload container image
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: container-amd64
path: "*.tar"
diff --git a/.github/workflows/check-ci.yml b/.github/workflows/check-ci.yml
index f18a69c192ee9..6ecad5536109b 100644
--- a/.github/workflows/check-ci.yml
+++ b/.github/workflows/check-ci.yml
@@ -28,7 +28,7 @@ jobs:
- name: Setup Python
uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
- python-version: 3.13
+ python-version: 3.14
cache: 'pip'
- name: Install Python Dependencies
run: |
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index b5f3413fe3b6b..7374777cb759c 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -97,7 +97,7 @@ jobs:
- name: Setup Python env
uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
- python-version: '3.13'
+ python-version: '3.14'
cache: 'pip'
cache-dependency-path: 'llvm/docs/requirements-hashed.txt'
- name: Install python dependencies
diff --git a/.github/workflows/gha-codeql.yml b/.github/workflows/gha-codeql.yml
index 63388ebc706bd..6d490ca2c4b29 100644
--- a/.github/workflows/gha-codeql.yml
+++ b/.github/workflows/gha-codeql.yml
@@ -29,9 +29,9 @@ jobs:
sparse-checkout: |
.github/
- name: Initialize CodeQL
- uses: github/codeql-action/init at 303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
+ uses: github/codeql-action/init at 5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
with:
languages: actions
queries: security-extended
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze at 303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
+ uses: github/codeql-action/analyze at 5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
diff --git a/.github/workflows/hlsl-test-all.yaml b/.github/workflows/hlsl-test-all.yaml
index dcb852312d41a..cdc951658b4d2 100644
--- a/.github/workflows/hlsl-test-all.yaml
+++ b/.github/workflows/hlsl-test-all.yaml
@@ -80,7 +80,7 @@ jobs:
ninja check-hlsl-unit
ninja ${{ inputs.TestTarget }}
- name: Publish Test Results
- uses: EnricoMi/publish-unit-test-result-action/macos at 3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0
+ uses: EnricoMi/publish-unit-test-result-action/macos at 34d7c956a59aed1bfebf31df77b8de55db9bbaaf # v2.21.0
if: always() && runner.os == 'macOS'
with:
comment_mode: off
diff --git a/.github/workflows/libcxx-build-containers.yml b/.github/workflows/libcxx-build-containers.yml
index 312cb47fc3d93..4bce86145fc0c 100644
--- a/.github/workflows/libcxx-build-containers.yml
+++ b/.github/workflows/libcxx-build-containers.yml
@@ -55,7 +55,7 @@ jobs:
TAG: ${{ github.sha }}
- name: Log in to GitHub Container Registry
- uses: docker/login-action at 184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+ uses: docker/login-action at 5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/libcxx-run-benchmarks.yml b/.github/workflows/libcxx-run-benchmarks.yml
index 9e8f55859fc7a..e2ca940d2f0b3 100644
--- a/.github/workflows/libcxx-run-benchmarks.yml
+++ b/.github/workflows/libcxx-run-benchmarks.yml
@@ -35,7 +35,7 @@ jobs:
steps:
- uses: actions/setup-python at e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
- python-version: '3.13'
+ python-version: '3.14'
- name: Extract information from the PR
id: vars
diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index fa73b9d9fe8d0..d1a017ab7b553 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -68,7 +68,7 @@ jobs:
# due to https://github.com/actions/runner-images/issues/10385
- uses: actions/setup-python at e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
- python-version: '3.13'
+ python-version: '3.14'
- name: Checkout LLVM
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -173,7 +173,7 @@ jobs:
ref: ${{ needs.prepare.outputs.ref }}
- name: Install Ninja
- uses: llvm/actions/install-ninja at a1ea791b03c8e61f53a0e66f2f73db283aa0f01e # main
+ uses: llvm/actions/install-ninja at 42d80571b13f4599bbefbc7189728b64723c7f78 # main
- name: Setup Windows
if: startsWith(runner.os, 'Windows')
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index c07df338cf989..bd3277a8b452c 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -36,7 +36,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action at 05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+ uses: ossf/scorecard-action at 4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
``````````
</details>
https://github.com/llvm/llvm-project/pull/166111
More information about the llvm-commits
mailing list