ci(deps): bump the actions group with 3 updates

[dependabot]

Bumps the actions group with 3 updates: actions/checkout, taiki-e/install-action and softprops/action-gh-release.

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• See full diff in compare view

Updates taiki-e/install-action from 2.81.10 to 2.82.0

Release notes

Sourced from taiki-e/install-action's releases.

2.82.0

• Support cargo-vet. (#1908, thanks @​jakewimmer)

• Support cargo-crap. (#1905, thanks @​BartoszCiesla)

• Support cargo-leptos. (#1903, thanks @​404Simon)

• Update kingfisher@latest to 1.103.0.

• Update cargo-xwin@latest to 0.23.0.

• Update wasmtime@latest to 45.0.2.

• Update cargo-deny@latest to 0.19.9.

• Update prek@latest to 0.4.5.

• Update trivy@latest to 0.71.1.

• Update mise@latest to 2026.6.10.

2.81.11

• Update wasm-tools@latest to 1.252.0.

• Update wasm-bindgen@latest to 0.2.125.

• Update uv@latest to 0.11.21.

• Update protoc@latest to 3.35.1.

• Update mise@latest to 2026.6.9.

• Update jaq@latest to 3.1.0.

• Update cargo-insta@latest to 1.48.0.

• Update biome@latest to 2.5.0.

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.82.0] - 2026-06-17

• Support cargo-vet. (#1908, thanks @​jakewimmer)

• Support cargo-crap. (#1905, thanks @​BartoszCiesla)

• Support cargo-leptos. (#1903, thanks @​404Simon)

• Update kingfisher@latest to 1.103.0.

• Update cargo-xwin@latest to 0.23.0.

• Update wasmtime@latest to 45.0.2.

• Update cargo-deny@latest to 0.19.9.

• Update prek@latest to 0.4.5.

• Update trivy@latest to 0.71.1.

• Update mise@latest to 2026.6.10.

[2.81.11] - 2026-06-15

• Update wasm-tools@latest to 1.252.0.

• Update wasm-bindgen@latest to 0.2.125.

• Update uv@latest to 0.11.21.

• Update protoc@latest to 3.35.1.

• Update mise@latest to 2026.6.9.

• Update jaq@latest to 3.1.0.

• Update cargo-insta@latest to 1.48.0.

... (truncated)

Commits

• b8cecb8 Release 2.82.0
• 9811714 Update changelog
• e700546 Update wasmtime manifest
• fdfb4a4 Update mise manifest
• ef03904 Update martin manifest
• b6d0983 Update kingfisher@latest to 1.103.0
• ebeb9b1 Update just manifest
• 119edcf Update cargo-xwin@latest to 0.23.0
• cd319da Update wasmtime@latest to 45.0.2
• 4942894 Update cargo-xwin manifest
• Additional commits viewable in compare view

Updates softprops/action-gh-release from 3.0.0 to 3.0.1

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.1

3.0.1

• maintenance release with updated dependencies

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.1

• maintenance release with updated dependencies

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

... (truncated)

Commits

• 718ea10 release 3.0.1
• f1a938b chore(deps): bump esbuild from 0.28.0 to 0.28.1 (#802)
• 0066ead chore(deps): bump vite from 8.0.14 to 8.0.16 (#806)
• dc643ca chore(deps): bump the npm group with 3 updates (#805)
• 85ee99b chore(deps): bump actions/checkout in the github-actions group (#804)
• 9ed3cf9 chore(deps): bump the npm group with 2 updates (#800)
• 3efcac8 chore(deps): bump the npm group with 3 updates (#798)
• 05d6b91 chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (#797)
• 403a524 chore(deps): bump @​types/node from 24.12.2 to 24.12.3 in the npm group (#796)
• 437e073 chore(deps): bump the npm group with 4 updates (#792)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.