From 595669e2e704699a8454bba1dee968a5732cacff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 May 2026 08:27:02 +0000 Subject: [PATCH] ci: bump the actions group across 1 directory with 5 updates Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` | Updates `github/codeql-action` from 4.35.1 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b) Updates `codecov/codecov-action` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/release.yml | 8 ++++---- .github/workflows/verify.yml | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 80751f8..8c17ed8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 with: languages: ${{ matrix.language }} queries: security-and-quality @@ -68,10 +68,10 @@ jobs: cache-dependency-path: native/session_scan_go/go.mod - name: Autobuild - uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3 with: category: "/language:${{ matrix.language }}" upload: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 03ac2b0..d5f9676 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -142,7 +142,7 @@ jobs: components: clippy - name: Cache Cargo - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 with: path: | ~/.cargo/registry @@ -178,7 +178,7 @@ jobs: - name: Create GitHub release (with release notes) if: needs.validate.outputs.has_notes == 'true' - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v2 with: body_path: docs/RELEASE_NOTES_${{ needs.validate.outputs.version }}.md generate_release_notes: false @@ -188,7 +188,7 @@ jobs: - name: Create GitHub release (auto-generated notes) if: needs.validate.outputs.has_notes != 'true' - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v2 with: generate_release_notes: true draft: false @@ -226,6 +226,6 @@ jobs: run: twine check dist/* - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: skip-existing: true diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 9054d8c..73b6262 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -32,7 +32,7 @@ jobs: python-version: "3.11" - name: Cache pip (lint) - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-lint-${{ hashFiles('pyproject.toml') }} @@ -107,7 +107,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Cache pip (test) - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-test-${{ matrix.python-version }}-${{ hashFiles('pyproject.toml') }} @@ -131,7 +131,7 @@ jobs: -v - name: Upload coverage to Codecov - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5 with: files: coverage.xml flags: python-${{ matrix.python-version }} @@ -182,7 +182,7 @@ jobs: components: clippy - name: Cache Cargo - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 with: path: | ~/.cargo/registry @@ -220,7 +220,7 @@ jobs: python-version: "3.11" - name: Cache pip (quality) - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-quality-3.11-${{ hashFiles('pyproject.toml') }}