From 85ceff2383402745e167eb66ac891d74ddac5754 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 May 2026 21:39:30 +0200 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 7 updates (#11642) Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.35.4` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.4.0` | | [vedantmgoyal9/winget-releaser](https://github.com/vedantmgoyal9/winget-releaser) | `19e706d4c9121098010096f9c495a70a7518b30f` | `7bd472be23763def6e16bd06cc8b1cdfab0e2fd5` | | [cbrgm/mastodon-github-action](https://github.com/cbrgm/mastodon-github-action) | `2.1.26` | `2.2.0` | Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `github/codeql-action` from 4.32.5 to 4.35.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...68bde559dea0fdcac2102bfdf6230c5f70eb485e) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `actions/setup-node` from 6.2.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `vedantmgoyal9/winget-releaser` from 19e706d4c9121098010096f9c495a70a7518b30f to 7bd472be23763def6e16bd06cc8b1cdfab0e2fd5 - [Release notes](https://github.com/vedantmgoyal9/winget-releaser/releases) - [Commits](https://github.com/vedantmgoyal9/winget-releaser/compare/19e706d4c9121098010096f9c495a70a7518b30f...7bd472be23763def6e16bd06cc8b1cdfab0e2fd5) Updates `cbrgm/mastodon-github-action` from 2.1.26 to 2.2.0 - [Release notes](https://github.com/cbrgm/mastodon-github-action/releases) - [Commits](https://github.com/cbrgm/mastodon-github-action/compare/fc8b40e2ec9e8208654b0bd8695e03ecc3364d7d...776364a15dd1171530479600c75363f7cbc89ef5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: cbrgm/mastodon-github-action dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: vedantmgoyal9/winget-releaser dependency-version: 7bd472be23763def6e16bd06cc8b1cdfab0e2fd5 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/pacquet-codecov.yml | 4 ++-- .github/workflows/pacquet-integrated-benchmark-comment.yml | 2 +- .github/workflows/pacquet-integrated-benchmark.yml | 2 +- .github/workflows/pacquet-micro-benchmark.yml | 4 ++-- .github/workflows/pacquet-release-to-npm.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/update-latest.yml | 6 +++--- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d2e81496b5..36af72449d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: - name: Package compiled artifacts run: tar -czf compiled.tar.gz --exclude='node_modules' $(find . -type d -name lib -not -path '*/node_modules/*') $(find . -name 'tsconfig.tsbuildinfo' -not -path '*/node_modules/*') pnpm/dist - name: Upload compiled artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: compiled-packages path: compiled.tar.gz diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index dc40109095..669893dba8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5 + uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 diff --git a/.github/workflows/pacquet-codecov.yml b/.github/workflows/pacquet-codecov.yml index 53f3fb08a0..a245947d81 100644 --- a/.github/workflows/pacquet-codecov.yml +++ b/.github/workflows/pacquet-codecov.yml @@ -85,7 +85,7 @@ jobs: just registry-mock end - name: Upload Artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codecov path: lcov.info @@ -102,7 +102,7 @@ jobs: persist-credentials: false - name: Download coverage file - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: codecov diff --git a/.github/workflows/pacquet-integrated-benchmark-comment.yml b/.github/workflows/pacquet-integrated-benchmark-comment.yml index bf1dbee776..077716bef4 100644 --- a/.github/workflows/pacquet-integrated-benchmark-comment.yml +++ b/.github/workflows/pacquet-integrated-benchmark-comment.yml @@ -103,7 +103,7 @@ jobs: - name: Download benchmark report # `run-id` + `github-token` lets v8 pull artifacts from a different # workflow run, which is exactly the workflow_run pattern. - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: integrated-benchmark-report-ubuntu-latest path: benchmark-artifact diff --git a/.github/workflows/pacquet-integrated-benchmark.yml b/.github/workflows/pacquet-integrated-benchmark.yml index 05b72ae1b6..a154e286fb 100644 --- a/.github/workflows/pacquet-integrated-benchmark.yml +++ b/.github/workflows/pacquet-integrated-benchmark.yml @@ -224,7 +224,7 @@ jobs: cp bench-work-env/SUMMARY.md benchmark-artifact/SUMMARY.md - name: Upload benchmark report - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: integrated-benchmark-report-${{ matrix.os }} path: benchmark-artifact/ diff --git a/.github/workflows/pacquet-micro-benchmark.yml b/.github/workflows/pacquet-micro-benchmark.yml index c528434726..3f3d3aa58b 100644 --- a/.github/workflows/pacquet-micro-benchmark.yml +++ b/.github/workflows/pacquet-micro-benchmark.yml @@ -69,7 +69,7 @@ jobs: run: cargo run --bin=micro-benchmark --release -- --save-baseline pr - name: Upload benchmark results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: benchmark-results-${{ matrix.os }} path: ./target/criterion @@ -91,7 +91,7 @@ jobs: tool: critcmp - name: Linux | Download PR benchmark results - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: benchmark-results-ubuntu-latest path: ./target/criterion diff --git a/.github/workflows/pacquet-release-to-npm.yml b/.github/workflows/pacquet-release-to-npm.yml index 869a0cf0d8..6393e6b808 100644 --- a/.github/workflows/pacquet-release-to-npm.yml +++ b/.github/workflows/pacquet-release-to-npm.yml @@ -99,7 +99,7 @@ jobs: pacquet-${{ matrix.code-target }}* - name: Upload Binary - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -149,7 +149,7 @@ jobs: install: false - name: Download Artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: binaries-* merge-multiple: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05fc9aacd6..216f808428 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -97,7 +97,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/') # `gh release create` could replace this, but the release pipeline is # sensitive and softprops/action-gh-release is widely battle-tested. - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 # zizmor: ignore[superfluous-actions] + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v2.5.0 # zizmor: ignore[superfluous-actions] with: draft: true files: dist/* diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0b29fe3561..8a4606e03a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -70,7 +70,7 @@ jobs: - name: Verify npm run: npm --version - name: Download compiled artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: compiled-packages - name: Extract compiled artifacts diff --git a/.github/workflows/update-latest.yml b/.github/workflows/update-latest.yml index 79a233c86e..35283fb820 100644 --- a/.github/workflows/update-latest.yml +++ b/.github/workflows/update-latest.yml @@ -22,7 +22,7 @@ jobs: with: api_token: ${{ secrets.GARNET_API_TOKEN }} - name: Setup Node - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 - name: Update tag env: "npm_config_//registry.npmjs.org/:_authToken": ${{ secrets.NPM_TOKEN }} @@ -39,7 +39,7 @@ jobs: environment: release needs: tag-in-registry steps: - - uses: vedantmgoyal9/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # main + - uses: vedantmgoyal9/winget-releaser@7bd472be23763def6e16bd06cc8b1cdfab0e2fd5 # main with: identifier: pnpm.pnpm version: ${{ github.event.inputs.version }} @@ -68,7 +68,7 @@ jobs: steps: - name: Send toot to Mastodon id: mastodon - uses: cbrgm/mastodon-github-action@fc8b40e2ec9e8208654b0bd8695e03ecc3364d7d # v2.1.26 + uses: cbrgm/mastodon-github-action@776364a15dd1171530479600c75363f7cbc89ef5 # v2.2.0 with: message: | pnpm@${{ github.event.inputs.version }} is out!