From 775e376aa7ca8a458300bbf67dcad90d016e7a1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 22:57:28 +0000 Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 3 updates Bumps the actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32...0f67c3f4856b2e3261c31976d6725780e5e4c373) Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/b4309332981a82ec1c5618f44dd2e27cc8bfbfda...718ea10b132b3b2eba29c1007bb80653f286566b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/cd.yml | 6 +++--- .github/workflows/ci.yml | 6 +++--- .github/workflows/claude-security-review.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/setup.yml | 2 +- .github/workflows/update-changelog.yml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d7c1441..0d769ac 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -25,7 +25,7 @@ jobs: id-token: write attestations: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-tags: true @@ -56,7 +56,7 @@ jobs: python -m build - name: Generate SLSA build provenance attestation - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-path: 'dist/*' @@ -69,7 +69,7 @@ jobs: attestations: true - name: Create GitHub Release - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: v${{ steps.pkg.outputs.version }} name: v${{ steps.pkg.outputs.version }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fad8ef2..e814372 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: security: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 @@ -43,7 +43,7 @@ jobs: licenses: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-python@v6 with: @@ -65,7 +65,7 @@ jobs: matrix: python-version: ["3.11", "3.12", "3.13"] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-python@v6 with: diff --git a/.github/workflows/claude-security-review.yml b/.github/workflows/claude-security-review.yml index a821b19..2d67130 100644 --- a/.github/workflows/claude-security-review.yml +++ b/.github/workflows/claude-security-review.yml @@ -28,7 +28,7 @@ jobs: echo "skip=false" >> "$GITHUB_OUTPUT" fi - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 if: steps.gate.outputs.skip == 'false' with: ref: ${{ github.event.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 44fea7c..7af5875 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,7 +22,7 @@ jobs: # (script injection, missing permissions, etc.). language: [python, actions] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index f0040b3..9006c64 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -15,7 +15,7 @@ jobs: permissions: issues: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Check if template id: check diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index 94c98a7..91c3259 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -19,7 +19,7 @@ jobs: update: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: ref: main token: ${{ secrets.GITHUB_TOKEN }}