From a8c42a2c814345bdbdabbbbbc8026181e55d807b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jun 2026 21:32:43 +0000 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 5 updates Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.2` | `3.0.1` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.2` | `3.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` | Updates `actions/checkout` from 6.0.3 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `softprops/action-gh-release` from 2.6.2 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65...718ea10b132b3b2eba29c1007bb80653f286566b) Updates `actions/create-github-app-token` from 2.2.2 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/fee1f7d63c2ff003460e3d139729b119787bc349...bcd2ba49218906704ab6c1aa796996da409d3eb1) Updates `actions/cache` from 4.3.0 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/block-claude-coauthor.yml | 2 +- .github/workflows/ci.yml | 6 +++--- .github/workflows/release-menubar.yml | 6 +++--- .github/workflows/release-npm.yml | 8 ++++---- .github/workflows/release-tray.yml | 8 ++++---- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/block-claude-coauthor.yml b/.github/workflows/block-claude-coauthor.yml index 5dbaba9..6a25db3 100644 --- a/.github/workflows/block-claude-coauthor.yml +++ b/.github/workflows/block-claude-coauthor.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3f45aa..7ca8757 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: matrix: os: [ubuntu-latest, macos-latest, windows-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -57,7 +57,7 @@ jobs: name: Semgrep runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -93,7 +93,7 @@ jobs: name: Swift menubar build runs-on: macos-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/release-menubar.yml b/.github/workflows/release-menubar.yml index 242e901..db08ade 100644 --- a/.github/workflows/release-menubar.yml +++ b/.github/workflows/release-menubar.yml @@ -34,7 +34,7 @@ jobs: runs-on: macos-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: - name: Upload artifact (for manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: CodeBurnMenubar-${{ steps.version.outputs.value }} path: mac/.build/dist/CodeBurnMenubar-*.zip @@ -77,7 +77,7 @@ jobs: # On a `v*` tag, the npm + tray workflows are also publishing to the # SAME GitHub release in parallel, so files just stack. if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/mac-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} name: Menubar ${{ steps.version.outputs.value }} diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml index 5cdab6a..bdf6cc1 100644 --- a/.github/workflows/release-npm.yml +++ b/.github/workflows/release-npm.yml @@ -27,7 +27,7 @@ jobs: publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -108,7 +108,7 @@ jobs: - name: Attach SBOM to GitHub release if: startsWith(github.ref, 'refs/tags/v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} files: codeburn-sbom.cdx.json @@ -130,7 +130,7 @@ jobs: steps: - name: Mint GitHub App installation token id: app-token - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ secrets.HOMEBREW_TAP_APP_ID }} private-key: ${{ secrets.HOMEBREW_TAP_APP_PRIVATE_KEY }} @@ -161,7 +161,7 @@ jobs: echo " SHA-256: $SHA" - name: Checkout homebrew tap - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: soumyadebroy3/homebrew-codeburn token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/release-tray.yml b/.github/workflows/release-tray.yml index e148c5d..573eb53 100644 --- a/.github/workflows/release-tray.yml +++ b/.github/workflows/release-tray.yml @@ -31,7 +31,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable @ 2025 pin — bump SHA to update Rust toolchain action - name: Cache Cargo build - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ~/.cargo/bin/ @@ -83,7 +83,7 @@ jobs: - name: Upload artifact (manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codeburn-tray-${{ steps.version.outputs.value }} path: | @@ -124,7 +124,7 @@ jobs: - name: Create / update GitHub Release if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/tray-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} name: Tray ${{ steps.version.outputs.value }}