From 926a175f421aefccd27b380a72d3550eb113cca6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 14 Mar 2026 03:54:22 +0000
Subject: [PATCH] Bump the github-actions group across 1 directory with 4
 updates

Bumps the github-actions group with 4 updates in the / directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token), [fgrosse/go-coverage-report](https://github.com/fgrosse/go-coverage-report), [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2.2.1...v3.0.0)

Updates `fgrosse/go-coverage-report` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/fgrosse/go-coverage-report/releases)
- [Changelog](https://github.com/fgrosse/go-coverage-report/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fgrosse/go-coverage-report/compare/v1.2.0...v1.3.0)

Updates `crazy-max/ghaction-import-gpg` from 6 to 7
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v6...v7)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: fgrosse/go-coverage-report
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/csm-versions-update.yaml            | 2 +-
 .github/workflows/go-common.yml                       | 2 +-
 .github/workflows/go-version-workflow.yaml            | 2 +-
 .github/workflows/image-version-workflow.yaml         | 2 +-
 .github/workflows/license-checker.yaml                | 2 +-
 .github/workflows/operator-driver-version-update.yaml | 2 +-
 .github/workflows/operator-module-version-update.yaml | 2 +-
 .github/workflows/operator-version-update.yaml        | 2 +-
 .github/workflows/release-creator.yaml                | 4 ++--
 .github/workflows/sidecar-version-update.yaml         | 2 +-
 .github/workflows/ubi-version-update.yaml             | 2 +-
 .github/workflows/update-libraries-to-commits.yml     | 2 +-
 .github/workflows/update-libraries.yml                | 2 +-
 13 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/csm-versions-update.yaml b/.github/workflows/csm-versions-update.yaml
index f9539568..573209ba 100644
--- a/.github/workflows/csm-versions-update.yaml
+++ b/.github/workflows/csm-versions-update.yaml
@@ -40,7 +40,7 @@ jobs:
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
       - name: Generate GitHub App Token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/go-common.yml b/.github/workflows/go-common.yml
index c3a14bf9..c76ee048 100644
--- a/.github/workflows/go-common.yml
+++ b/.github/workflows/go-common.yml
@@ -88,7 +88,7 @@ jobs:
         # code coverage profiles are uploaded as GitHub artifacts, which automatically expire after 90 days
         # if no coverage profile exists on main branch yet, then the step will fail
         continue-on-error: true
-        uses: fgrosse/go-coverage-report@v1.2.0
+        uses: fgrosse/go-coverage-report@v1.3.0
         with:
           coverage-artifact-name: "code-coverage"
           coverage-file-name: "new_coverage.txt"
diff --git a/.github/workflows/go-version-workflow.yaml b/.github/workflows/go-version-workflow.yaml
index f7c9e11a..c0becefc 100644
--- a/.github/workflows/go-version-workflow.yaml
+++ b/.github/workflows/go-version-workflow.yaml
@@ -77,7 +77,7 @@ jobs:
 
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-      - uses: actions/create-github-app-token@v2.2.1
+      - uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/image-version-workflow.yaml b/.github/workflows/image-version-workflow.yaml
index 73a0c6ec..27b25e7f 100644
--- a/.github/workflows/image-version-workflow.yaml
+++ b/.github/workflows/image-version-workflow.yaml
@@ -107,7 +107,7 @@ jobs:
 
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-      - uses: actions/create-github-app-token@v2.2.1
+      - uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/license-checker.yaml b/.github/workflows/license-checker.yaml
index f65741e1..e7f123ea 100644
--- a/.github/workflows/license-checker.yaml
+++ b/.github/workflows/license-checker.yaml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@v7
         with:
           gpg_private_key: ${{ secrets.CSM_GPG_PRIVATE_KEY }}
           git_user_signingkey: true
diff --git a/.github/workflows/operator-driver-version-update.yaml b/.github/workflows/operator-driver-version-update.yaml
index c05c45f2..82381ae8 100644
--- a/.github/workflows/operator-driver-version-update.yaml
+++ b/.github/workflows/operator-driver-version-update.yaml
@@ -99,7 +99,7 @@ jobs:
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
       - name: Generate GitHub App Token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/operator-module-version-update.yaml b/.github/workflows/operator-module-version-update.yaml
index 5ccf71ca..5399da68 100644
--- a/.github/workflows/operator-module-version-update.yaml
+++ b/.github/workflows/operator-module-version-update.yaml
@@ -105,7 +105,7 @@ jobs:
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
       - name: Generate GitHub App Token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/operator-version-update.yaml b/.github/workflows/operator-version-update.yaml
index 9623f993..5cb74b1f 100644
--- a/.github/workflows/operator-version-update.yaml
+++ b/.github/workflows/operator-version-update.yaml
@@ -75,7 +75,7 @@ jobs:
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
       - name: Generate GitHub App Token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/release-creator.yaml b/.github/workflows/release-creator.yaml
index d4503184..e3420781 100644
--- a/.github/workflows/release-creator.yaml
+++ b/.github/workflows/release-creator.yaml
@@ -88,7 +88,7 @@ jobs:
 
       # To import GPG key and configure git for signed commits (Annotated tags)
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@v7
         with:
           gpg_private_key: ${{ secrets.CSM_GPG_PRIVATE_KEY }}
           git_user_signingkey: true
@@ -105,7 +105,7 @@ jobs:
           git push origin $REL_VERSION
 
       - name: Download binary
-        uses: actions/download-artifact@v8.0.0
+        uses: actions/download-artifact@v8.0.1
 
       # This is required to check if the binary exists and update its name to the release.
       - name: Set file name
diff --git a/.github/workflows/sidecar-version-update.yaml b/.github/workflows/sidecar-version-update.yaml
index e47889ca..3c4827e8 100644
--- a/.github/workflows/sidecar-version-update.yaml
+++ b/.github/workflows/sidecar-version-update.yaml
@@ -63,7 +63,7 @@ jobs:
       # Needed for signing commits using Github App tokens
       # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
       - name: Generate GitHub App Token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v3.0.0
         id: generate-token
         with:
           app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/ubi-version-update.yaml b/.github/workflows/ubi-version-update.yaml
index 646bf8d1..19374708 100644
--- a/.github/workflows/ubi-version-update.yaml
+++ b/.github/workflows/ubi-version-update.yaml
@@ -73,7 +73,7 @@ jobs:
 
  # Needed for signing commits using Github App tokens
     # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-    - uses: actions/create-github-app-token@v2.2.1
+    - uses: actions/create-github-app-token@v3.0.0
       if: env.sha_mismatch == 'true'
       id: generate-token
       with:
diff --git a/.github/workflows/update-libraries-to-commits.yml b/.github/workflows/update-libraries-to-commits.yml
index 3543890e..fd265195 100644
--- a/.github/workflows/update-libraries-to-commits.yml
+++ b/.github/workflows/update-libraries-to-commits.yml
@@ -95,7 +95,7 @@ jobs:
 
     # Needed for signing commits using Github App tokens
     # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-    - uses: actions/create-github-app-token@v2.2.1
+    - uses: actions/create-github-app-token@v3.0.0
       id: generate-token
       with:
         app-id: ${{ vars.CSM_RELEASE_APP_ID }}
diff --git a/.github/workflows/update-libraries.yml b/.github/workflows/update-libraries.yml
index c521fa67..a9b95aaa 100644
--- a/.github/workflows/update-libraries.yml
+++ b/.github/workflows/update-libraries.yml
@@ -79,7 +79,7 @@ jobs:
 
     # Needed for signing commits using Github App tokens
     # See: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#commit-signing
-    - uses: actions/create-github-app-token@v2.2.1
+    - uses: actions/create-github-app-token@v3.0.0
       id: generate-token
       with:
         app-id: ${{ vars.CSM_RELEASE_APP_ID }}