From 3a75056046e5517701ffd0c5b1a890e30b11fd6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Jun 2026 06:38:30 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 4 updates Bumps the github-actions group with 4 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [softprops/action-gh-release](https://github.com/softprops/action-gh-release), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [actions/cache](https://github.com/actions/cache). Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `softprops/action-gh-release` from 2.6.2 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `actions/create-github-app-token` from 2.2.2 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/fee1f7d63c2ff003460e3d139729b119787bc349...bcd2ba49218906704ab6c1aa796996da409d3eb1) Updates `actions/cache` from 4.3.0 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/release-menubar.yml | 4 ++-- .github/workflows/release-npm.yml | 4 ++-- .github/workflows/release-tray.yml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-menubar.yml b/.github/workflows/release-menubar.yml index 242e901..41dd091 100644 --- a/.github/workflows/release-menubar.yml +++ b/.github/workflows/release-menubar.yml @@ -66,7 +66,7 @@ jobs: - name: Upload artifact (for manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: CodeBurnMenubar-${{ steps.version.outputs.value }} path: mac/.build/dist/CodeBurnMenubar-*.zip @@ -77,7 +77,7 @@ jobs: # On a `v*` tag, the npm + tray workflows are also publishing to the # SAME GitHub release in parallel, so files just stack. if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/mac-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ github.ref_name }} name: Menubar ${{ steps.version.outputs.value }} diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml index 5cdab6a..d9a9c6d 100644 --- a/.github/workflows/release-npm.yml +++ b/.github/workflows/release-npm.yml @@ -108,7 +108,7 @@ jobs: - name: Attach SBOM to GitHub release if: startsWith(github.ref, 'refs/tags/v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ github.ref_name }} files: codeburn-sbom.cdx.json @@ -130,7 +130,7 @@ jobs: steps: - name: Mint GitHub App installation token id: app-token - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ secrets.HOMEBREW_TAP_APP_ID }} private-key: ${{ secrets.HOMEBREW_TAP_APP_PRIVATE_KEY }} diff --git a/.github/workflows/release-tray.yml b/.github/workflows/release-tray.yml index e148c5d..91f757f 100644 --- a/.github/workflows/release-tray.yml +++ b/.github/workflows/release-tray.yml @@ -66,7 +66,7 @@ jobs: uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable @ 2025 pin — bump SHA to update Rust toolchain action - name: Cache Cargo build - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ~/.cargo/bin/ @@ -83,7 +83,7 @@ jobs: - name: Upload artifact (manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codeburn-tray-${{ steps.version.outputs.value }} path: | @@ -124,7 +124,7 @@ jobs: - name: Create / update GitHub Release if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/tray-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ github.ref_name }} name: Tray ${{ steps.version.outputs.value }}