From 2181d8902f18f0366aaea45e88a289e6e2fc8636 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 09:19:32 +0000 Subject: [PATCH] deps(actions)(deps): bump the github-actions group with 6 updates Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/bandit.yml | 6 +++--- .github/workflows/ci.yml | 10 +++++----- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/devskim.yml | 4 ++-- .github/workflows/google.yml | 4 ++-- .github/workflows/psscriptanalyzer.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/semgrep.yml | 6 +++--- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 4519557..82e8467 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' @@ -29,6 +29,6 @@ jobs: run: bandit -r . -f sarif -o bandit-results.sarif --exit-zero - name: Upload Bandit SARIF results - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: bandit-results.sarif diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d88b55..c42de4b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,9 +8,9 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' - name: Install dependencies @@ -25,9 +25,9 @@ jobs: permissions: contents: write # Required for uploads steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' - name: Install build deps @@ -37,7 +37,7 @@ jobs: run: python -m build # Example: Build JS (TensorFlow.js predictions) - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '20' - name: Build JS bundle diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 94da6eb..0443191 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,17 +23,17 @@ jobs: language: [python, javascript] steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3.32.4 + uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3.32.4 + uses: github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3.32.4 + uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 2c7f049..ed0c15d 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@v1 @@ -26,6 +26,6 @@ jobs: directory-to-scan: . - name: Upload DevSkim SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/google.yml b/.github/workflows/google.yml index 36fa0b7..2715245 100644 --- a/.github/workflows/google.yml +++ b/.github/workflows/google.yml @@ -60,7 +60,7 @@ jobs: steps: - name: 'Checkout' - uses: 'actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98' # actions/checkout@v4 + uses: 'actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5' # actions/checkout@v4 # Configure Workload Identity Federation and generate an access token. # @@ -74,7 +74,7 @@ jobs: # Authenticate Docker to Google Cloud Artifact Registry - name: 'Docker Auth' - uses: 'docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9' # docker/login-action@v3 + uses: 'docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2' # docker/login-action@v4.0.0 with: username: 'oauth2accesstoken' password: '${{ steps.auth.outputs.auth_token }}' diff --git a/.github/workflows/psscriptanalyzer.yml b/.github/workflows/psscriptanalyzer.yml index 543a69d..de07959 100644 --- a/.github/workflows/psscriptanalyzer.yml +++ b/.github/workflows/psscriptanalyzer.yml @@ -15,7 +15,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run PSScriptAnalyzer uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f # v1.1 @@ -26,6 +26,6 @@ jobs: settings: CodeFormatting - name: Upload PSScriptAnalyzer results - uses: github/codeql-action/upload-sarif@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3.32.4 + uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 with: sarif_file: results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e905a51..4c393aa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@v6 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts - name: Upload artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 8dd4fb5..1f8f1bc 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' @@ -39,7 +39,7 @@ jobs: --error || true - name: Upload Semgrep SARIF results - uses: github/codeql-action/upload-sarif@45580472a5bb82c4681c4ac726cfdb60060c2ee1 # v3.32.4 + uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 if: always() with: sarif_file: semgrep.sarif