Build(deps): Bump the compatible group with 4 updates (#272)

Bumps the compatible group with 4 updates:
[actions/create-github-app-token](https://github.com/actions/create-github-app-token),
[frequenz-floss/gh-action-dependabot-migrate](https://github.com/frequenz-floss/gh-action-dependabot-migrate),
[frequenz-floss/gh-action-setup-python-with-deps](https://github.com/frequenz-floss/gh-action-setup-python-with-deps)
and [actions/labeler](https://github.com/actions/labeler).

Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md">actions/create-github-app-token's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/bcd2ba49218906704ab6c1aa796996da409d3eb1"><code>bcd2ba4</code></a>
chore(main): release 3.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/370">#370</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd"><code>f24bbd8</code></a>
fix: validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/363531b6d972a60a00b3f1e6bb139e5e6c764cd9"><code>363531b</code></a>
docs: capitalize Git as a proper noun in README (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/374">#374</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/fd2801133e469d2950f2c5af5e591d6b2ad833c8"><code>fd28011</code></a>
docs: update procedure to configure Git (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/287">#287</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6"><code>85eb8dd</code></a>
feat: support full repository names in <code>repositories</code> input
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/c9aabb83728c3bd519212fa657ebc07e1f2a5dec"><code>c9aabb8</code></a>
build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the
development-dependencie...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/e02e816e5591415258a53bf735aff57977dcd5e2"><code>e02e816</code></a>
build(deps-dev): bump undici from 7.24.6 to 8.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/366">#366</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/8d835bfd37aa48fcb8e709925115857568d98bc4"><code>8d835bf</code></a>
build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the
development-depend...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4"><code>952a2a7</code></a>
feat: add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857"><code>43e5c34</code></a>
fix(deps): bump <code>@​actions/core</code> from 3.0.0 to 3.0.1 in the
production-dependenc...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1">compare
view</a></li>
</ul>
</details>
<br />

Updates `frequenz-floss/gh-action-dependabot-migrate` from 1.1.1 to
1.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/releases">frequenz-floss/gh-action-dependabot-migrate's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Avoid setting migration labels if committing fails by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/pull/22">frequenz-floss/gh-action-dependabot-migrate#22</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/compare/v1.2.0...v1.2.1">https://github.com/frequenz-floss/gh-action-dependabot-migrate/compare/v1.2.0...v1.2.1</a></p>
<h2>v1.2.0</h2>
<h2>Release Notes</h2>
<h3>New features</h3>
<ul>
<li>
<p><strong><code>version-iteration</code> input</strong> — controls
which intermediate versions are generated during multi-version jumps.
Values: <code>&quot;false&quot;</code> (only the target version),
<code>&quot;major&quot;</code>, <code>&quot;minor&quot;</code>,
<code>&quot;patch&quot;</code> (iterate semver boundaries). When empty
(default), the action preserves the historical v0.x minor iteration
behaviour.</p>
</li>
<li>
<p><strong><code>if-no-iterations</code> input</strong> — controls what
happens when the selected iteration mode produces no versions:
<code>&quot;error&quot;</code> fails the action,
<code>&quot;pass&quot;</code> treats it as a clean no-op migration.
Defaults to <code>&quot;error&quot;</code> under explicit
<code>version-iteration</code> modes.</p>
</li>
<li>
<p><strong><code>UPDATED_DEPENDENCIES_JSON</code> env var</strong> — The
migration script now received the dependabot update details as JSON as
provided by <a
href="https://github.com/dependabot/fetch-metadata">dependabot/fetch-metadata</a>.</p>
</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li><strong><code>migration_ran</code> output is now
<code>&quot;true&quot;</code>.</strong> When
<code>if-no-iterations</code> is <code>&quot;pass&quot;</code> and no
versions are generated, enabling downstream labeling and auto-merge to
proceed correctly.</li>
</ul>
<h3>Deprecations</h3>
<ul>
<li>
<p><strong><code>iterate-v0-minors</code> is deprecated.</strong> A
deprecation warning is emitted when it is explicitly set. Replace
<code>iterate-v0-minors: &quot;true&quot;</code> with
<code>version-iteration: &quot;minor&quot;</code> (and optionally
<code>if-no-iterations: &quot;pass&quot;</code> if same-minor v0.x patch
bumps should pass as a no-op). Replace <code>iterate-v0-minors:
&quot;false&quot;</code> with <code>version-iteration:
&quot;false&quot;</code>.</p>
</li>
<li>
<p><strong>The implicit v0.x minor iteration default is
deprecated.</strong> When neither <code>version-iteration</code> nor
<code>iterate-v0-minors</code> is set, the action still iterates
intermediate v0.x minors (preserving existing behaviour), but now emits
a warning. This implicit default will be removed in a future release.
Set <code>version-iteration</code> explicitly to silence the
warning.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/eb100d3cf732b4808a7776eee8f303521efd494b"><code>eb100d3</code></a>
Merge pull request <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/issues/22">#22</a>
from llucax/fix-failure</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/39c2697f21055a0b0f3b9d97db284ad7928ccb3c"><code>39c2697</code></a>
Avoid setting migration labels if committing fails</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/27763fb5eb56476d91abe00132e8a0614171f92f"><code>27763fb</code></a>
Merge pull request <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/issues/17">#17</a>
from llucax/version-jumps</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/e29b5bede206e6e5806c96a636bfc1a01b9e4164"><code>e29b5be</code></a>
Merge pull request <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/issues/19">#19</a>
from frequenz-floss/dependabot/github_actions/dependab...</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/b52f20998126cfc91b18b5dc8db96d5ac3c273a9"><code>b52f209</code></a>
Merge pull request <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/issues/18">#18</a>
from frequenz-floss/dependabot/github_actions/actions/...</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/3f5be00b790b3bfd791fbb2def6692896e57bb10"><code>3f5be00</code></a>
Bump dependabot/fetch-metadata from 3.0.0 to 3.1.0</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/e1b0aea9c0cff31404fac7b823f6f8fb3068eaf8"><code>e1b0aea</code></a>
Bump actions/create-github-app-token from 3.0.0 to 3.1.1</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/49eeffd120aa1fc7dd71421420c3164ba63891aa"><code>49eeffd</code></a>
Generalise migration version iteration modes</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/f31474454fe81981842ccdda78cb20850c0e67d8"><code>f314744</code></a>
Merge pull request <a
href="https://redirect.github.com/frequenz-floss/gh-action-dependabot-migrate/issues/16">#16</a>
from llucax/export-updated-deps</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/commit/190e5cdc18d48e5b89fa2b4663f1a624af1c1807"><code>190e5cd</code></a>
Pass updated-dependencies-json to migration scripts</li>
<li>See full diff in <a
href="https://github.com/frequenz-floss/gh-action-dependabot-migrate/compare/45994e185a9040449304a470e8f02d0e197873b4...eb100d3cf732b4808a7776eee8f303521efd494b">compare
view</a></li>
</ul>
</details>
<br />

Updates `frequenz-floss/gh-action-setup-python-with-deps` from 1.0.2 to
1.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/releases">frequenz-floss/gh-action-setup-python-with-deps's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix glob expansion for local dependencies by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/gh-action-setup-python-with-deps/pull/20">frequenz-floss/gh-action-setup-python-with-deps#20</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/compare/v1.0.3...v1.0.4">https://github.com/frequenz-floss/gh-action-setup-python-with-deps/compare/v1.0.3...v1.0.4</a></p>
<h2>v1.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix potential remote code execution issues by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/gh-action-setup-python-with-deps/pull/19">frequenz-floss/gh-action-setup-python-with-deps#19</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/compare/v1.0.2...v1.0.3">https://github.com/frequenz-floss/gh-action-setup-python-with-deps/compare/v1.0.2...v1.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/b5707ffcd43ec4b24f2b24df712b43148cfa887f"><code>b5707ff</code></a>
Fix glob expansion for local dependencies (<a
href="https://redirect.github.com/frequenz-floss/gh-action-setup-python-with-deps/issues/20">#20</a>)</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/77a4e81015156fdb7e1cdbf229bbe533294ab87b"><code>77a4e81</code></a>
Use pinned dependencies in the README</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/ef7146bb36528a9dd2a35a439112ece77dea178c"><code>ef7146b</code></a>
Fix glob expansion for local dependencies</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/bc560ff517d3606e1291eed46a603a9f7bfe8697"><code>bc560ff</code></a>
Fix potential remote code execution issues (<a
href="https://redirect.github.com/frequenz-floss/gh-action-setup-python-with-deps/issues/19">#19</a>)</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/7a386c10d52c940c81fa50f24cecda4b583da359"><code>7a386c1</code></a>
Remove unnecessary token permissions to DCO</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/899b8909e568a5b700c7cadc45a36a1d32bc6283"><code>899b890</code></a>
Use Python in isolated mode</li>
<li><a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/commit/e0d9e7201a13d1271e3b1a682bead0c6c8c62732"><code>e0d9e72</code></a>
Export inputs via environment variables</li>
<li>See full diff in <a
href="https://github.com/frequenz-floss/gh-action-setup-python-with-deps/compare/e4d0b2ef8f5a1612d7827f3abaef17c931d2b946...b5707ffcd43ec4b24f2b24df712b43148cfa887f">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/labeler` from 6.0.1 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/labeler/releases">actions/labeler's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>Enhancements</h2>
<ul>
<li>Add changed-files-labels-limit and max-files-changed configuration
options to cap the number of labels added by <a
href="https://github.com/bluca"><code>@​bluca</code></a> in <a
href="https://redirect.github.com/actions/labeler/pull/923">actions/labeler#923</a></li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Improve Labeler Action documentation and permission error handling
by <a
href="https://github.com/chiranjib-swain"><code>@​chiranjib-swain</code></a>
in <a
href="https://redirect.github.com/actions/labeler/pull/897">actions/labeler#897</a></li>
<li>Preserve manually added labels during workflow runs and refine label
synchronization logic by <a
href="https://github.com/chiranjib-swain"><code>@​chiranjib-swain</code></a>
in <a
href="https://redirect.github.com/actions/labeler/pull/917">actions/labeler#917</a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking
changes in v6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/labeler/pull/877">actions/labeler#877</a></li>
<li>Upgrade minimatch from 10.0.1 to 10.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/labeler/pull/926">actions/labeler#926</a></li>
<li>Upgrade dependencies (<code>@​actions/core</code>,
<code>@​actions/github</code>, js-yaml, minimatch, <a
href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>)
by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/actions/labeler/pull/934">actions/labeler#934</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/chiranjib-swain"><code>@​chiranjib-swain</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/labeler/pull/897">actions/labeler#897</a></li>
<li><a href="https://github.com/bluca"><code>@​bluca</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/labeler/pull/923">actions/labeler#923</a></li>
<li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/labeler/pull/934">actions/labeler#934</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/labeler/compare/v6...v6.1.0">https://github.com/actions/labeler/compare/v6...v6.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/labeler/commit/f27b608878404679385c85cfa523b85ccb86e213"><code>f27b608</code></a>
chore: upgrade dependencies (<code>@​actions/core</code>,
<code>@​actions/github</code>, js-yaml, minimat...</li>
<li><a
href="https://github.com/actions/labeler/commit/c5dadc2a45784a4b6adfcd20fea3465da3a5f904"><code>c5dadc2</code></a>
Add 'changed-files-labels-limit' and 'max-files-changed' configs to
allow cap...</li>
<li><a
href="https://github.com/actions/labeler/commit/e52e4fb63ed5cd0e07abaad9826b2a893ccb921f"><code>e52e4fb</code></a>
Bump minimatch from 10.0.1 to 10.2.3 (<a
href="https://redirect.github.com/actions/labeler/issues/926">#926</a>)</li>
<li><a
href="https://github.com/actions/labeler/commit/77a4082b841706ac431479b7e2bb11216ffef250"><code>77a4082</code></a>
Fix: Preserve manually added labels during workflow run and refine label
sync...</li>
<li><a
href="https://github.com/actions/labeler/commit/25abb3cad4f14b7ac27968a495c37798860a5a1a"><code>25abb3c</code></a>
Improve Labeler Action Documentation and Error Handling for Permissions
(<a
href="https://redirect.github.com/actions/labeler/issues/897">#897</a>)</li>
<li><a
href="https://github.com/actions/labeler/commit/395c8cfdb1e1e691cc4bad0dd315820af8eb67fd"><code>395c8cf</code></a>
Bump brace-expansion from 1.1.11 to 1.1.12 and document breaking changes
in v...</li>
<li>See full diff in <a
href="https://github.com/actions/labeler/compare/634933edcd8ababfe52f92936142cc22ac488b1b...f27b608878404679385c85cfa523b85ccb86e213">compare
view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions

</details>

Author: frequenz-auto-dependabot[bot]

.github/workflows/auto-dependabot.yaml

@@ -28,7 +28,7 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         with:
           app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
           private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}

.github/workflows/black-migration.yaml

@@ -55,7 +55,7 @@ jobs:
     steps:
       - name: Generate token
         id: create-app-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         with:
           app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
           private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
@@ -66,7 +66,7 @@ jobs:
           # Read/update pull request metadata and labels.
           permission-pull-requests: write
       - name: Migrate
-        uses: frequenz-floss/gh-action-dependabot-migrate@45994e185a9040449304a470e8f02d0e197873b4  # v1.1.1
+        uses: frequenz-floss/gh-action-dependabot-migrate@eb100d3cf732b4808a7776eee8f303521efd494b  # v1.2.1
         with:
           migration-script: |
             import os

.github/workflows/ci-pr.yaml

@@ -39,7 +39,7 @@ jobs:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@b5707ffcd43ec4b24f2b24df712b43148cfa887f # v1.0.4
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]

.github/workflows/ci.yaml

@@ -89,7 +89,7 @@ jobs:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@b5707ffcd43ec4b24f2b24df712b43148cfa887f # v1.0.4
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: build
@@ -147,7 +147,7 @@ jobs:
             > pyproject.toml
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@b5707ffcd43ec4b24f2b24df712b43148cfa887f # v1.0.4
         with:
           python-version: ${{ matrix.python }}
           dependencies: dist/*.whl
@@ -188,7 +188,7 @@ jobs:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@b5707ffcd43ec4b24f2b24df712b43148cfa887f # v1.0.4
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]
@@ -228,7 +228,7 @@ jobs:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@b5707ffcd43ec4b24f2b24df712b43148cfa887f # v1.0.4
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]

.github/workflows/labeler.yml

@@ -20,7 +20,7 @@ jobs:
         # only use hashes to pick the action to execute (instead of tags or branches).
         # For more details read:
         # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-        uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b  # 6.0.1
+        uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213  # 6.1.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           dot: true

.github/workflows/repo-config-migration.yaml

@@ -45,7 +45,7 @@ jobs:
     steps:
       - name: Generate token
         id: create-app-token
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         with:
           app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
           private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
@@ -58,7 +58,7 @@ jobs:
           # Allow pushes when migration changes workflow files.
           permission-workflows: write
       - name: Migrate
-        uses: frequenz-floss/gh-action-dependabot-migrate@45994e185a9040449304a470e8f02d0e197873b4 # v1.1.1
+        uses: frequenz-floss/gh-action-dependabot-migrate@eb100d3cf732b4808a7776eee8f303521efd494b # v1.2.1
         with:
           script-url-template: >-
             https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/{version}/cookiecutter/migrate.py