From 91a3b828a2a95e818b32f31a6681733ed7d61dd2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Apr 2026 06:19:25 +0000
Subject: [PATCH] ci(deps): bump the actions-minor-patch group across 1
 directory with 4 updates

Bumps the actions-minor-patch group with 4 updates in the / directory: [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [github/codeql-action](https://github.com/github/codeql-action), [vig-os/commit-action](https://github.com/vig-os/commit-action) and [vig-os/sync-issues-action](https://github.com/vig-os/sync-issues-action).


Updates `actions/dependency-review-action` from 4.8.2 to 4.9.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261...2031cfc080254a8a887f58cffee85186f0e49e48)

Updates `github/codeql-action` from 4.32.2 to 4.32.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...0d579ffd059c29b07949a3cce3983f0780820c98)

Updates `vig-os/commit-action` from 0.1.3 to 0.1.5
- [Release notes](https://github.com/vig-os/commit-action/releases)
- [Changelog](https://github.com/vig-os/commit-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vig-os/commit-action/compare/b70c2d87acd0f146c40e8d88a9bda40b76c084b5...c0024cbad0e501764127cccab732c6cd465b4646)

Updates `vig-os/sync-issues-action` from 0.1.1 to 0.2.2
- [Release notes](https://github.com/vig-os/sync-issues-action/releases)
- [Changelog](https://github.com/vig-os/sync-issues-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vig-os/sync-issues-action/compare/b4cdf371bb708230ce410a8203e6463e9e6caf2d...bad447d330526a7313ffddae084010c39b335fc1)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: github/codeql-action
  dependency-version: 4.32.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: vig-os/commit-action
  dependency-version: 0.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
- dependency-name: vig-os/sync-issues-action
  dependency-version: 0.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml          | 2 +-
 .github/workflows/codeql.yml      | 4 ++--
 .github/workflows/release.yml     | 2 +-
 .github/workflows/scorecard.yml   | 2 +-
 .github/workflows/sync-issues.yml | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c152f7e..4c74443 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -221,7 +221,7 @@ jobs:
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
 
       - name: Review dependencies for vulnerabilities
-        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261  # v4
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48  # v4
         with:
           fail-on-severity: high
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d8a23ee..68197ca 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -50,11 +50,11 @@ jobs:
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2  # v4
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13  # v4
         with:
           languages: ${{ matrix.language }}
 
       - name: Run CodeQL analysis
-        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2  # v4
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13  # v4
         with:
           category: '/language:${{ matrix.language }}'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 02a9d5c..b34a493 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -213,7 +213,7 @@ jobs:
           echo "Release date set in CHANGELOG.md"
 
       - name: Commit and push finalization changes via API
-        uses: vig-os/commit-action@b70c2d87acd0f146c40e8d88a9bda40b76c084b5  # v0.1.3
+        uses: vig-os/commit-action@1bc004353d08d9332a0cb54920b148256220c8e0  # v0.2.0
         env:
           GH_TOKEN: ${{ github.token }}
           GITHUB_REPOSITORY: ${{ github.repository }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 7f48751..282a7ed 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -44,7 +44,7 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF to GitHub Security
-        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2  # v4
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13  # v4
         with:
           sarif_file: results.sarif
           category: 'scorecard'
diff --git a/.github/workflows/sync-issues.yml b/.github/workflows/sync-issues.yml
index 5a6922e..fba0569 100644
--- a/.github/workflows/sync-issues.yml
+++ b/.github/workflows/sync-issues.yml
@@ -93,7 +93,7 @@ jobs:
 
       - name: Sync Issues and PRs
         id: sync
-        uses: vig-os/sync-issues-action@b4cdf371bb708230ce410a8203e6463e9e6caf2d  # v0.1.1
+        uses: vig-os/sync-issues-action@bad447d330526a7313ffddae084010c39b335fc1  # v0.2.2
         with:
           app-id: ${{ secrets.APP_SYNC_ISSUES_ID }}
           app-private-key: ${{ secrets.APP_SYNC_ISSUES_PRIVATE_KEY }}
@@ -107,7 +107,7 @@ jobs:
       - name: Commit and push changes via API
         id: commit
         if: steps.sync.outputs.modified-files != ''
-        uses: vig-os/commit-action@b70c2d87acd0f146c40e8d88a9bda40b76c084b5  # v0.1.3
+        uses: vig-os/commit-action@1bc004353d08d9332a0cb54920b148256220c8e0  # v0.2.0
         env:
           # Use App token so push can bypass branch protection when App is in bypass list
           GH_TOKEN: ${{ steps.generate-token.outputs.token || github.token }}