From c13ea4fefe9b6f4324255fe8284123c40aef812f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 15:49:46 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 6 updates Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.1` | `6.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `5.0.0` | `6.3.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.34.1` | `4.35.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `b3e506e8c389afc651c5bacf2b8f2a1ea0557215` | `a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `99c09fe975337306107572b4fdf4db224cf8e2f2` | `4eaacf0543bb3f2c246792bd56e8cdeffafb205a` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.0` | Updates `actions/checkout` from 5.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-node` from 5.0.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/a0853c24544627f65ddf259abe73b1d18a591444...53b83947a5a98c8d113130e565377fae1a50d02f) Updates `github/codeql-action` from 3.34.1 to 4.35.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3...b8bb9f28b8d3f992092362369c57161b755dea45) Updates `actions/attest-build-provenance` from b3e506e8c389afc651c5bacf2b8f2a1ea0557215 to a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/b3e506e8c389afc651c5bacf2b8f2a1ea0557215...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `ossf/scorecard-action` from 99c09fe975337306107572b4fdf4db224cf8e2f2 to 4eaacf0543bb3f2c246792bd56e8cdeffafb205a - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/99c09fe975337306107572b4fdf4db224cf8e2f2...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 dependency-type: direct:production dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-version: 4eaacf0543bb3f2c246792bd56e8cdeffafb205a dependency-type: direct:production dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 6 +++--- .github/workflows/codeql.yml | 6 +++--- .github/workflows/live-codex-smoke.yml | 4 ++-- .github/workflows/prepare-release.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- .github/workflows/secrets.yml | 2 +- .github/workflows/security.yml | 8 ++++---- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35258d4..3f64006 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: contents: read steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Run dependency review uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 @@ -47,10 +47,10 @@ jobs: contents: read steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9801c49..22f9562 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,15 +32,15 @@ jobs: timeout-minutes: 30 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 - name: Initialize CodeQL - uses: github/codeql-action/init@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 + uses: github/codeql-action/init@b8bb9f28b8d3f992092362369c57161b755dea45 with: languages: javascript-typescript build-mode: none - name: Analyze - uses: github/codeql-action/analyze@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 + uses: github/codeql-action/analyze@b8bb9f28b8d3f992092362369c57161b755dea45 diff --git a/.github/workflows/live-codex-smoke.yml b/.github/workflows/live-codex-smoke.yml index ec56e0d..a00b3b7 100644 --- a/.github/workflows/live-codex-smoke.yml +++ b/.github/workflows/live-codex-smoke.yml @@ -17,10 +17,10 @@ jobs: timeout-minutes: 45 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 6aff47a..a8a0f96 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -25,12 +25,12 @@ jobs: REPOSITORY: ${{ github.repository }} steps: - name: Check out default branch - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event.repository.default_branch }} - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2cdad5d..5490400 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,12 +25,12 @@ jobs: id-token: write steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }} - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm @@ -104,7 +104,7 @@ jobs: upload-release-assets: false - name: Create provenance attestation - uses: actions/attest-build-provenance@b3e506e8c389afc651c5bacf2b8f2a1ea0557215 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: | release/${{ steps.release_paths.outputs.package_file }} diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml index f5dc1ab..c856cdc 100644 --- a/.github/workflows/secrets.yml +++ b/.github/workflows/secrets.yml @@ -29,7 +29,7 @@ jobs: timeout-minutes: 20 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 3e50abe..fa772f6 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -18,10 +18,10 @@ jobs: timeout-minutes: 30 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm @@ -66,7 +66,7 @@ jobs: upload-artifact: false - name: Run OSSF Scorecard - uses: ossf/scorecard-action@99c09fe975337306107572b4fdf4db224cf8e2f2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a with: results_file: reports/scorecard.sarif results_format: sarif @@ -76,7 +76,7 @@ jobs: - name: Upload security reports if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: security-reports path: reports/