fix(gha)(deps): bump the github-actions group with 7 updates

Bumps the github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.4` | `4.1.5` | | [codacy/codacy-analysis-cli-action](https://github.com/codacy/codacy-analysis-cli-action) | `4.4.0` | `4.4.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.3` | `3.25.5` | | [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) | `3.0.0` | `3.0.1` | | [codelytv/pr-size-labeler](https://github.com/codelytv/pr-size-labeler) | `1.9.0` | `1.10.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.0.0` | `4.3.3` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` | Updates `actions/checkout` from 4.1.4 to 4.1.5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@0ad4b8f...44c2b7a) Updates `codacy/codacy-analysis-cli-action` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/codacy/codacy-analysis-cli-action/releases) - [Commits](codacy/codacy-analysis-cli-action@33d4559...3ff8e64) Updates `github/codeql-action` from 3.25.3 to 3.25.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d39d31e...b7cec75) Updates `eps1lon/actions-label-merge-conflict` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases) - [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md) - [Commits](eps1lon/actions-label-merge-conflict@e62d7a5...6d74047) Updates `codelytv/pr-size-labeler` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/codelytv/pr-size-labeler/releases) - [Commits](CodelyTV/pr-size-labeler@f2aafc4...56f6f0f) Updates `actions/upload-artifact` from 4.0.0 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...6546280) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codacy/codacy-analysis-cli-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: eps1lon/actions-label-merge-conflict dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codelytv/pr-size-labeler dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>
jmuelbert · May 16, 2024 · 93966c3 · 93966c3
1 parent bd6765e
commit 93966c3
Show file tree

Hide file tree

Showing 16 changed files with 31 additions and 31 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -49,7 +49,7 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "⚙️️ Set up Python"
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml
@@ -45,11 +45,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: "Run Codacy Analysis CLI"
-        uses: codacy/codacy-analysis-cli-action@33d455949345bddfdb845fba76b57b70cc83754b # v4.3.0
+        uses: codacy/codacy-analysis-cli-action@3ff8e64eb4b714c4bee91b7b4eea31c6fc2c4f93 # v4.3.0
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations
@@ -65,6 +65,6 @@ jobs:
 
       # Upload the SARIF file generated in the previous step
       - name: "📤 Upload SARIF results file"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: codeql-results.sarif
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -58,11 +58,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       # Initializes the CodeQL tools for scanning.
       - name: "Initialize CodeQL"
-        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -75,7 +75,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: "Autobuild"
-        uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -88,6 +88,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: "Perform CodeQL Analysis"
-        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: "🧰 Checkout"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Check the commits"
         uses: wagoid/commitlint-github-action@7f0a61df502599e1f1f50880aaa7ec1e2c0592f2 # v6.0.1
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -36,7 +36,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Dependency Review"
         uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2

diff --git a/.github/workflows/devskim-analysis.yml b/.github/workflows/devskim-analysis.yml
@@ -39,13 +39,13 @@ jobs:
       security-events: write
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Run DevSkim scanner"
         uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -36,7 +36,7 @@ jobs:
       pull-requests: write
     steps:
       - name: "Update PRs with conflict labels"
-        uses: eps1lon/actions-label-merge-conflict@e62d7a53ff8be8b97684bffb6cfbbf3fc1115e2e # v3.0.0
+        uses: eps1lon/actions-label-merge-conflict@6d74047dcef155976a15e4a124dde2c7fe0c5522 # v3.0.1
         with:
           dirtyLabel: "conflicts"
           # removeOnDirtyLabel: "PR: ready to ship"
@@ -51,7 +51,7 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: codelytv/pr-size-labeler@f2aafc4d8735009c6de18acefe15eecbfbfae56f # v1.9.0
+      - uses: codelytv/pr-size-labeler@56f6f0fc35c7cc0f72963b8467729e1120cb4bed # v1.10.0
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           xs_label: "size/xs"

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -59,7 +59,7 @@ jobs:
     steps:
       # Git Checkout
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
@@ -84,7 +84,7 @@ jobs:
       # Upload MegaLinter artifacts
       - name: "Archive production artifacts"
         if: success() || failure()
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: MegaLinter reports
           path: |

diff --git a/.github/workflows/mkdocs-pages.yml b/.github/workflows/mkdocs-pages.yml
@@ -44,7 +44,7 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "⚙️️ Set up Python"
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml
@@ -52,7 +52,7 @@ jobs:
 
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       # Ensure a compatible version of dotnet is installed.
       # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
@@ -70,6 +70,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: ${{ steps.ossar.outputs.sarifFile }}
diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: '🧰 Checkout Source Code'
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: 'Lint pull request title'
         uses: matthiashermsen/lint-pull-request-title@49458c35f9eeaaad64abfb7b1def719350b6a755 # v1.0.0

diff --git a/.github/workflows/reuse-check.yml b/.github/workflows/reuse-check.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -44,24 +44,24 @@ jobs:
 
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -43,7 +43,7 @@ jobs:
 
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
         # Skip any PR created by dependabot to avoid permission issues;
         if: (github.actor != 'dependabot[bot]')
@@ -55,7 +55,7 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: semgrep.sarif
         if: always()
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Set up Python"
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
@@ -77,7 +77,7 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Set up Python ${{ matrix.python-version }}"
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
@@ -118,7 +118,7 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: "Set up Python"
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0

diff --git a/.github/workflows/write-good.yml b/.github/workflows/write-good.yml
@@ -24,7 +24,7 @@ jobs:
       pull-requests: write
     steps:
       - name: "🧰 Checkout Source Code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: write-good action step
         id: write-good
         uses: tomwhross/write-good-action@5897a4ff597390bd521c5c3a6c062bf96147a341 # v1.6