From 4d8d42c8369b116d7c44feff085b85a5815628a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jul 2026 06:24:45 +0000 Subject: [PATCH] ci(deps)(deps): bump the actions group across 1 directory with 6 updates Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.1` | `7.0.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `1ad29ea4a422cce9a242a9fae469541dcd08addc` | `99df26d4f13ea111d4ec1a7dddef6063f76b97e9` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `1ad29ea4a422cce9a242a9fae469541dcd08addc` | `99df26d4f13ea111d4ec1a7dddef6063f76b97e9` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` | Updates `actions/checkout` from 5.0.1 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `github/codeql-action/init` from 1ad29ea4a422cce9a242a9fae469541dcd08addc to 99df26d4f13ea111d4ec1a7dddef6063f76b97e9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1ad29ea4a422cce9a242a9fae469541dcd08addc...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) Updates `github/codeql-action/analyze` from 1ad29ea4a422cce9a242a9fae469541dcd08addc to 99df26d4f13ea111d4ec1a7dddef6063f76b97e9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1ad29ea4a422cce9a242a9fae469541dcd08addc...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `gitleaks/gitleaks-action` from 2.3.9 to 3.0.0 - [Release notes](https://github.com/gitleaks/gitleaks-action/releases) - [Commits](https://github.com/gitleaks/gitleaks-action/compare/ff98106e4c7b2bc287b24eaf42907196329070c7...e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action/analyze dependency-version: 99df26d4f13ea111d4ec1a7dddef6063f76b97e9 dependency-type: direct:production dependency-group: actions - dependency-name: github/codeql-action/init dependency-version: 99df26d4f13ea111d4ec1a7dddef6063f76b97e9 dependency-type: direct:production dependency-group: actions - dependency-name: gitleaks/gitleaks-action dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/backend-tests.yml | 2 +- .github/workflows/changelog-fragments-validate.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/compliance-trace.yml | 2 +- .github/workflows/regression-test-skills.yml | 2 +- .github/workflows/release-consistency.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/secret-scan.yml | 6 +++--- .github/workflows/skill-build-fresh.yml | 2 +- .github/workflows/validate-skills.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/backend-tests.yml b/.github/workflows/backend-tests.yml index a3d3b4a..376b7fb 100644 --- a/.github/workflows/backend-tests.yml +++ b/.github/workflows/backend-tests.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } - name: Run runtime, migration, and export-safety tests diff --git a/.github/workflows/changelog-fragments-validate.yml b/.github/workflows/changelog-fragments-validate.yml index 2e9eb71..cd59a5c 100644 --- a/.github/workflows/changelog-fragments-validate.yml +++ b/.github/workflows/changelog-fragments-validate.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Set up Python diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 939db49..c4c5ae4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: python: ["3.10", "3.12", "3.14"] steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: @@ -41,7 +41,7 @@ jobs: timeout-minutes: 30 steps: - name: Check out full history - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Set up Python diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 02251fb..3eacb4b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,16 +25,16 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@1ad29ea4a422cce9a242a9fae469541dcd08addc # v4 + uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 with: languages: python build-mode: none queries: security-extended - name: Analyze id: analyze - uses: github/codeql-action/analyze@1ad29ea4a422cce9a242a9fae469541dcd08addc # v4 + uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 with: category: /language:python # Private pre-publication repositories may not have Code Scanning @@ -43,7 +43,7 @@ jobs: upload: ${{ github.event.repository.private && 'never' || 'always' }} - name: Retain private-repository SARIF if: github.event.repository.private - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codeql-python-sarif-${{ github.sha }} path: ${{ steps.analyze.outputs.sarif-output }} diff --git a/.github/workflows/compliance-trace.yml b/.github/workflows/compliance-trace.yml index 5f9d4d3..ba4fbfd 100644 --- a/.github/workflows/compliance-trace.yml +++ b/.github/workflows/compliance-trace.yml @@ -67,7 +67,7 @@ jobs: # Public pull requests never execute on a persistent self-hosted machine. runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } - name: Unit-test the compliance checker diff --git a/.github/workflows/regression-test-skills.yml b/.github/workflows/regression-test-skills.yml index a3e9ded..ffc5ef4 100644 --- a/.github/workflows/regression-test-skills.yml +++ b/.github/workflows/regression-test-skills.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } diff --git a/.github/workflows/release-consistency.yml b/.github/workflows/release-consistency.yml index 2804442..461a184 100644 --- a/.github/workflows/release-consistency.yml +++ b/.github/workflows/release-consistency.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1c88446..5f8dcb2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Verify signed annotated tag and main ancestry @@ -57,7 +57,7 @@ jobs: outputs: mode: ${{ steps.classify.outputs.mode }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 @@ -79,7 +79,7 @@ jobs: runs-on: macos-15 timeout-minutes: 20 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 @@ -90,7 +90,7 @@ jobs: --git-sha "$(git rev-parse HEAD)" --write-evidence /tmp/runtime-verification.json - name: Publish commit-bound runtime verification evidence - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: runtime-verification path: /tmp/runtime-verification.json @@ -115,14 +115,14 @@ jobs: # (default is 6h). Normal builds finish in well under a minute. timeout-minutes: 20 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } - name: Download macOS runtime verification evidence if: needs.classify-release.outputs.mode == 'activation' - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: runtime-verification path: /tmp/runtime-verification diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index ede9e89..15a259f 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' } @@ -40,10 +40,10 @@ jobs: timeout-minutes: 30 steps: - name: Check out full history - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Scan repository history - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2 + uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/skill-build-fresh.yml b/.github/workflows/skill-build-fresh.yml index 9b24709..cde1566 100644 --- a/.github/workflows/skill-build-fresh.yml +++ b/.github/workflows/skill-build-fresh.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 diff --git a/.github/workflows/validate-skills.yml b/.github/workflows/validate-skills.yml index 506f7a0..f4cf97c 100644 --- a/.github/workflows/validate-skills.yml +++ b/.github/workflows/validate-skills.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Python uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6 with: { python-version: '3.12' }