From 14bd81814a4f50e13ffc8fcc5d72b68f33af9ccf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Feb 2026 06:31:52 +0000
Subject: [PATCH] Bump the github-actions group across 2 directories with 5
 updates

Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).
Bumps the github-actions group with 2 updates in the /.github/actions/trivy directory: [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) and [actions/cache](https://github.com/actions/cache).


Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

Updates `actions/upload-artifact` from 5 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

Updates `actions/download-artifact` from 6 to 7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

Updates `aquasecurity/setup-trivy` from 0.2.4 to 0.2.5
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases)
- [Commits](https://github.com/aquasecurity/setup-trivy/compare/v0.2.4...v0.2.5)

Updates `actions/cache` from 4 to 5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/setup-trivy
  dependency-version: 0.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/actions/trivy/action.yaml      |  6 +++---
 .github/workflows/codeql-analysis.yaml |  2 +-
 .github/workflows/govulncheck.yaml     |  2 +-
 .github/workflows/lint.yaml            |  2 +-
 .github/workflows/test.yaml            | 18 +++++++++---------
 .github/workflows/trivy.yaml           |  8 ++++----
 6 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/.github/actions/trivy/action.yaml b/.github/actions/trivy/action.yaml
index 7a24b4525f..70282f0c68 100644
--- a/.github/actions/trivy/action.yaml
+++ b/.github/actions/trivy/action.yaml
@@ -84,7 +84,7 @@ runs:
     # Install Trivy as requested.
     # NOTE: `setup-trivy` can download a "latest" version but cannot cache it.
     - if: ${{ ! contains(fromJSON(steps.parsed.outputs.setup), 'none') }}
-      uses: aquasecurity/setup-trivy@v0.2.4
+      uses: aquasecurity/setup-trivy@v0.2.5
       with:
         cache: ${{ contains(fromJSON(steps.parsed.outputs.setup), 'cache') }}
         version: ${{ steps.parsed.outputs.version }}
@@ -92,7 +92,7 @@ runs:
     # Restore a recent cache beginning with the prefix.
     - id: restore
       if: ${{ contains(fromJSON(steps.parsed.outputs.cache), 'restore') }}
-      uses: actions/cache/restore@v4
+      uses: actions/cache/restore@v5
       with:
         path: ${{ inputs.cache-directory }}
         key: ${{ inputs.cache-prefix }}-
@@ -132,7 +132,7 @@ runs:
             (contains(fromJSON(steps.parsed.outputs.cache), 'success') && success())
           )
         }}
-      uses: actions/cache/save@v4
+      uses: actions/cache/save@v5
       with:
         key: ${{ steps.trivy.outputs.cache-key }}
         path: ${{ inputs.cache-directory }}
diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 16a6d85e12..02fffef964 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
index 6721104401..02c6a7bb53 100644
--- a/.github/workflows/govulncheck.yaml
+++ b/.github/workflows/govulncheck.yaml
@@ -24,7 +24,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Install Go and produce a SARIF report. This fails only when the tool is
       # unable to scan.
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 230e2a7fae..40655be251 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -12,7 +12,7 @@ jobs:
       contents: read
       checks: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index caf94435a3..105780ac48 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -12,7 +12,7 @@ jobs:
   go-test:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -30,7 +30,7 @@ jobs:
       matrix:
         kubernetes: ['default']
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -42,7 +42,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip envtest.coverage
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: "~coverage~kubernetes-api=${{ matrix.kubernetes }}"
           path: envtest.coverage.gz
@@ -57,7 +57,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.34]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -77,7 +77,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip envtest-existing.coverage
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: "~coverage~kubernetes-k3d=${{ matrix.kubernetes }}"
           path: envtest-existing.coverage.gz
@@ -91,7 +91,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.34]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -165,10 +165,10 @@ jobs:
       - kubernetes-k3d
       - e2e-k3d-kuttl
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
-      - uses: actions/download-artifact@v6
+      - uses: actions/download-artifact@v7
         with: { path: download }
 
       # Combine the coverage profiles by taking the mode line from any one file
@@ -192,7 +192,7 @@ jobs:
 
       # Upload coverage to GitHub
       - run: gzip total-coverage.html
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v6
         with:
           name: coverage-report=html
           path: total-coverage.html.gz
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index e3fd63b2ee..3afc7b93e9 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Download Trivy
         uses: ./.github/actions/trivy
         env:
@@ -43,7 +43,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Trivy needs a populated Go module cache to detect Go module licenses.
       - uses: actions/setup-go@v6
@@ -69,7 +69,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Report success only when detected secrets are listed in [.trivyignore.yaml].
       - name: Scan secrets
@@ -91,7 +91,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Print any detected secrets or vulnerabilities to the workflow log for
       # human consumption. This step fails only when Trivy is unable to scan.