From 8adf4e405557ecaa537ea2cf8a6899f0749a9417 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 20:20:05 +0000 Subject: [PATCH] chore(actions): bump the github-actions-updates group across 1 directory with 11 updates Bumps the github-actions-updates group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `4.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `9.0.0` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3` | `6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d` | | [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.3` | `4.0.1` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `4.1.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.8` | `3.0.0` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `docker/setup-buildx-action` from 3.10.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd) Updates `docker/login-action` from 3.3.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) Updates `actions/github-script` from 7.1.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/f28e40c7f34bde8b3046d885e986cb6290c5673b...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `trufflesecurity/trufflehog` from 8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3 to 6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3...6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d) Updates `dorny/paths-filter` from 3.0.3 to 4.0.1 - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/d1c1ffe0248fe513906c8e24db8ea791d46f8590...fbd0ab8f3e69293af611ebaee6363fc25e6d187d) Updates `actions/attest-build-provenance` from 2.2.3 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/c074443f1aee8d4aeeae555aebba3282517141b2...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `softprops/action-gh-release` from 2.0.8 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c062e08bd532815e2082a85e87e3ef29c3e6d191...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: dorny/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: trufflesecurity/trufflehog dependency-version: 2edd4d326abd10ea6320e03f42c3b6a7cf259b3d dependency-type: direct:production dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/_build_container.yml | 6 +++--- .github/workflows/_build_package.yml | 4 ++-- .github/workflows/_docs.yml | 10 +++++----- .github/workflows/_link-check.yml | 2 +- .github/workflows/_pr_comment.yml | 2 +- .github/workflows/_quality.yml | 8 ++++---- .github/workflows/_security.yml | 8 ++++---- .github/workflows/_tests.yml | 8 ++++---- .github/workflows/development.yml | 4 ++-- .github/workflows/development_cleanup.yml | 4 ++-- .github/workflows/nightly.yml | 8 ++++---- .github/workflows/release.yml | 8 ++++---- 12 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/_build_container.yml b/.github/workflows/_build_container.yml index f19770a..6071033 100644 --- a/.github/workflows/_build_container.yml +++ b/.github/workflows/_build_container.yml @@ -48,12 +48,12 @@ jobs: image_tag: ${{ steps.build.outputs.image_tag }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3 - name: Log in to GitHub Container Registry if: ${{ inputs.push }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/_build_package.yml b/.github/workflows/_build_package.yml index 95c0944..1d3cf51 100644 --- a/.github/workflows/_build_package.yml +++ b/.github/workflows/_build_package.yml @@ -41,7 +41,7 @@ jobs: metadata: ${{ steps.build.outputs.metadata }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: "Set up build toolchain" @@ -58,7 +58,7 @@ jobs: SHA=$(find dist/ -type f | sort | xargs sha256sum | sha256sum | awk '{print $1}') echo "metadata=${SHA}" >> "$GITHUB_OUTPUT" - name: Upload build artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: build-artifact-${{ inputs.build_type }}-${{ github.run_id }} path: dist/ diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 7fa1cfa..a82a902 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -45,11 +45,11 @@ jobs: deployed_url: ${{ steps.dest.outputs.path }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - name: Configure Git Credentials @@ -62,21 +62,21 @@ jobs: hatch run docs:mkdocs --version - name: Download unit test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-unit-* path: docs/coverage/unit merge-multiple: true - name: Download integration test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-integration-* path: docs/coverage/integration merge-multiple: true - name: Download e2e test coverage if: ${{ inputs.include_coverage }} - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: pattern: coverage-report-e2e-* path: docs/coverage/e2e diff --git a/.github/workflows/_link-check.yml b/.github/workflows/_link-check.yml index 2ea4ea3..dd22b89 100644 --- a/.github/workflows/_link-check.yml +++ b/.github/workflows/_link-check.yml @@ -36,7 +36,7 @@ jobs: report_content: ${{ steps.read-report.outputs.content }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run lychee link checker uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 id: lychee diff --git a/.github/workflows/_pr_comment.yml b/.github/workflows/_pr_comment.yml index aa813ba..1d10476 100644 --- a/.github/workflows/_pr_comment.yml +++ b/.github/workflows/_pr_comment.yml @@ -29,7 +29,7 @@ jobs: - name: "Download PR Number Artifact" # Wait, how does it know the PR number? The `development.yml` needs to upload the PR number as an artifact # so this workflow can read it. Let's write the script to find the PR associated with the commit. - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: |- const workflowRun = context.payload.workflow_run; diff --git a/.github/workflows/_quality.yml b/.github/workflows/_quality.yml index 4fa5411..baf80fe 100644 --- a/.github/workflows/_quality.yml +++ b/.github/workflows/_quality.yml @@ -28,9 +28,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -49,9 +49,9 @@ jobs: python-version: ${{ fromJson(inputs.python_versions) }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" diff --git a/.github/workflows/_security.yml b/.github/workflows/_security.yml index e4c5404..5101c59 100644 --- a/.github/workflows/_security.yml +++ b/.github/workflows/_security.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3 # main + uses: trufflesecurity/trufflehog@6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d # main with: path: ./ dependency-audit: @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up toolchain run: pip install pip-audit hatch - name: Run dependency vulnerability scan @@ -40,7 +40,7 @@ jobs: pip-audit -r requirements.txt --output json -o audit.json - name: Upload SCA results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: sca-results-${{ github.run_id }} path: audit.json diff --git a/.github/workflows/_tests.yml b/.github/workflows/_tests.yml index 7e1592f..0ffedc0 100644 --- a/.github/workflows/_tests.yml +++ b/.github/workflows/_tests.yml @@ -68,9 +68,9 @@ jobs: coverage_location: "coverage/" steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Set up Python ${{ matrix.python-version }}" - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: "Install uv" @@ -105,7 +105,7 @@ jobs: fi - name: Upload test results if: ${{ inputs.publish_results }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} @@ -114,7 +114,7 @@ jobs: if-no-files-found: warn - name: Upload coverage report if: ${{ inputs.publish_results && (inputs.generate_coverage == true || matrix.test-config.coverage == true) }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-report-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{ github.run_id }} diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml index f2c0680..4460c39 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/development.yml @@ -31,9 +31,9 @@ jobs: docs: ${{ steps.filter.outputs.docs }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check for docs changes - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: filters: | diff --git a/.github/workflows/development_cleanup.yml b/.github/workflows/development_cleanup.yml index f28a465..b20e7a5 100644 --- a/.github/workflows/development_cleanup.yml +++ b/.github/workflows/development_cleanup.yml @@ -22,11 +22,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - name: Configure Git Credentials diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 5ae3f85..994d7c9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -27,7 +27,7 @@ jobs: has_changes: ${{ steps.check.outputs.has_changes }} steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Check for recent commits @@ -113,14 +113,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-nightly-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9fbb0e5..18f19cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,14 +73,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download build artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: name: build-artifact-release-${{ github.run_id }} path: dist/ - name: Generate artifact attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v1.5.1 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v1.5.1 with: subject-path: dist/* # - name: Publish to PyPI @@ -89,7 +89,7 @@ jobs: # packages-dir: dist/ - name: Create GitHub Release if: ${{ github.ref_type == 'tag' }} - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: files: dist/* generate_release_notes: true