chore(deps): Bump the github-actions group with 8 updates

Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [andstor/file-existence-action](https://github.com/andstor/file-existence-action) | `3.0.0` | `3.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [LizardByte/actions](https://github.com/lizardbyte/actions) | `2026.328.161128` | `2026.417.35446` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | Updates `dorny/paths-filter` from 3.0.2 to 4.0.1 - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/v3.0.2...fbd0ab8f3e69293af611ebaee6363fc25e6d187d) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](ed597411d8...3a2844b7e9) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](c10b8064de...95e58e9a2c) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](53b83947a5...48b55a011b) Updates `andstor/file-existence-action` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/andstor/file-existence-action/releases) - [Commits](076e007279...558493d6c7) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](bbbca2ddaa...043fb46d1a) Updates `LizardByte/actions` from 2026.328.161128 to 2026.417.35446 - [Release notes](https://github.com/lizardbyte/actions/releases) - [Commits](0affa4f7bc...4125866b7b) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](c0f553fe54...5f6978faf0) --- updated-dependencies: - dependency-name: dorny/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: andstor/file-existence-action dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: LizardByte/actions dependency-version: 2026.417.35446 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-10 17:23:59 -04:00 · 2026-04-20 20:49:01 +00:00 · 2026-04-20 20:49:01 +00:00 · 0ef0ceb72d
commit 0ef0ceb72d
parent aefcd5ffb5
23 changed files with 31 additions and 31 deletions
--- a/.github/workflows/block-merge-eol.yml
+++ b/.github/workflows/block-merge-eol.yml
@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Set server major version environment
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
--- a/.github/workflows/block-merge-freeze.yml
+++ b/.github/workflows/block-merge-freeze.yml
@ -29,7 +29,7 @@ jobs:

    steps:
      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
--- a/.github/workflows/block-outdated-3rdparty.yml
+++ b/.github/workflows/block-outdated-3rdparty.yml
@ -41,7 +41,7 @@ jobs:
          echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"

      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
--- a/.github/workflows/bug-report-labeler.yml
+++ b/.github/workflows/bug-report-labeler.yml
@ -14,7 +14,7 @@ jobs:
      issues: write
    steps:
      - name: Extract version number and apply label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          script: |
            const body = context.payload.issue.body || '';
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -37,13 +37,13 @@ jobs:
        persist-credentials: false

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+      uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
        config-file: ./.github/codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+      uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/command-compile.yml
+++ b/.github/workflows/command-compile.yml
@ -30,7 +30,7 @@ jobs:

    steps:
      - name: Get repository from pull request comment
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        id: get-repository
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
@ -124,7 +124,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
--- a/.github/workflows/command-pull-3rdparty.yml
+++ b/.github/workflows/command-pull-3rdparty.yml
@ -32,7 +32,7 @@ jobs:
      # must fetch the PR via the API. This also gives us base.ref for free, avoiding
      # a second API call. The GITHUB_TOKEN needs pull-requests:read (granted above).
      - name: Get pull request metadata
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        id: get-pr
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@ -50,7 +50,7 @@ jobs:

      - name: Check composer.json
        id: check_composer
-        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
+        uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0
        with:
          files: 'composer.json'

@ -66,7 +66,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@ -154,7 +154,7 @@ jobs:
          path: ./

      - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ needs.init.outputs.nodeVersion }}

@ -184,7 +184,7 @@ jobs:
          SETUP_TESTING: ${{ matrix.containers == 'setup' && 'true' || '' }}

      - name: Upload snapshots and videos
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: always()
        with:
          name: snapshots_${{ matrix.containers }}
@ -207,7 +207,7 @@ jobs:
        run: docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} tar -cvjf - data > data.tar

      - name: Upload data archive
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_data_${{ matrix.containers }}
--- a/.github/workflows/integration-dav.yml
+++ b/.github/workflows/integration-dav.yml
@ -71,7 +71,7 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Python
-        uses: LizardByte/actions/actions/setup_python@0affa4f7bcb27562658960eee840eff8ff844578 # v2026.328.161128
+        uses: LizardByte/actions/actions/setup_python@4125866b7b655a6fe038b0e22a43a4c5d259af79 # v2026.417.35446
        with:
          python-version: '2.7'

--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@ -68,7 +68,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/lint-stylelint.yml
+++ b/.github/workflows/lint-stylelint.yml
@ -65,7 +65,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/node-test-handlebars.yml
+++ b/.github/workflows/node-test-handlebars.yml
@ -71,7 +71,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/node-test.yml
+++ b/.github/workflows/node-test.yml
@ -70,7 +70,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@ -68,7 +68,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@ -49,7 +49,7 @@ jobs:
          fallbackNpm: '^11.3'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@ -70,7 +70,7 @@ jobs:

      - name: Create Pull Request
        if: steps.checkout.outcome == 'success'
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(deps): Fix npm audit'
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@ -100,14 +100,14 @@ jobs:

      - name: Upload profiles
        if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
        with:
          name: profiles
          path: |
            before.json
            after.json

-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7
+      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/rector-apply.yml
+++ b/.github/workflows/rector-apply.yml
@ -56,7 +56,7 @@ jobs:
        run: composer run rector

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'refactor: Apply rector changes'
--- a/.github/workflows/rector.yml
+++ b/.github/workflows/rector.yml
@ -20,7 +20,7 @@ jobs:
      src: ${{ steps.changes.outputs.src}}

    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: changes
        continue-on-error: true
        with:
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@ -114,7 +114,7 @@ jobs:

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3
        with:
          sarif_file: results.sarif

--- a/.github/workflows/update-cacert-bundle.yml
+++ b/.github/workflows/update-cacert-bundle.yml
@ -32,7 +32,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update CA certificate bundle'
--- a/.github/workflows/update-code-signing-crl.yml
+++ b/.github/workflows/update-code-signing-crl.yml
@ -35,7 +35,7 @@ jobs:
        run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update code signing revocation list'
--- a/.github/workflows/update-min-supported-desktop.yml
+++ b/.github/workflows/update-min-supported-desktop.yml
@ -107,7 +107,7 @@ jobs:
          fi

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
        if: steps.update-files.outputs.CHANGES_MADE == 'true'
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/update-stable-titles.yml
+++ b/.github/workflows/update-stable-titles.yml
@ -24,7 +24,7 @@ jobs:
        run: sleep 15

      - name: Get PR details and update title
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |