From 1174c003e1ee9654f8f82fec4ce9fea9b4bfce65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Mar 2025 18:58:56 +0000 Subject: [PATCH] ci: bump the github-actions group across 1 directory with 10 updates Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.8` | `3.28.11` | | [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) | `9.17.0` | `9.21.0` | | [extractions/setup-just](https://github.com/extractions/setup-just) | `2` | `3` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `5.2.2` | `5.3.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `4.1.9` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.8.0` | `3.10.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.4.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.6.1` | `5.7.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.13.0` | `6.15.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | Updates `github/codeql-action` from 3.28.8 to 3.28.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...6bb031afdd8eb862ea3fc1848194185e076637e5) Updates `python-semantic-release/python-semantic-release` from 9.17.0 to 9.21.0 - [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) - [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-semantic-release/python-semantic-release/compare/cdfda70b6df73f3e4917cfd498f4bf9fed29ea08...26bb37cfab71a5a372e3db0f48a6eac57519a4a6) Updates `extractions/setup-just` from 2 to 3 - [Release notes](https://github.com/extractions/setup-just/releases) - [Commits](https://github.com/extractions/setup-just/compare/v2...v3) Updates `astral-sh/setup-uv` from 5.2.2 to 5.3.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/4db96194c378173c656ce18a155ffc14a9fc4355...f94ec6bedd8674c4426838e6b50417d36b6ab231) Updates `actions/download-artifact` from 4.1.8 to 4.1.9 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/fa0a91b85d4f404e444e00e005971372dc801d16...cc203385981b70ca67e1cc392babf9cc229d5806) Updates `docker/setup-buildx-action` from 3.8.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) Updates `docker/login-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) Updates `docker/metadata-action` from 5.6.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) Updates `docker/build-push-action` from 6.13.0 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca877d9245402d1537745e0e356eab47c3520991...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: python-semantic-release/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: extractions/setup-just dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/pr.yml | 4 ++-- .github/workflows/publish.yml | 16 ++++++++-------- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/test.yml | 16 ++++++++-------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b5bbdc..5c2b3f2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,8 +21,8 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Ref: https://github.com/github/codeql-action - name: Initialize CodeQL - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 with: languages: python - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3e68da5..7f6275d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -33,7 +33,7 @@ jobs: fetch-depth: 0 # get all commits and tags token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} - name: Create semantic release - uses: python-semantic-release/python-semantic-release@cdfda70b6df73f3e4917cfd498f4bf9fed29ea08 # v9.17.0 + uses: python-semantic-release/python-semantic-release@26bb37cfab71a5a372e3db0f48a6eac57519a4a6 # v9.21.0 with: # allows for python-semantic-release to push to protected main branch github_token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index cb3c01d..6b18423 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -30,10 +30,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Set up just - uses: extractions/setup-just@v2 + uses: extractions/setup-just@v3 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up uv - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5.2.2 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 with: python-version: '3.13' enable-cache: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8931e6b..29187f9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -31,7 +31,7 @@ jobs: contents: write steps: - name: Download package built by build job - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: name: Packages path: dist @@ -50,7 +50,7 @@ jobs: id-token: write steps: - name: Download package built by build job - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 with: name: Packages path: dist @@ -71,9 +71,9 @@ jobs: env: IMAGE_NAME: ${{ github.repository }} steps: - - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -81,7 +81,7 @@ jobs: - name: Generate Docker image metadata id: meta # Ref: https://github.com/docker/metadata-action?tab=readme-ov-file#customizing - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ghcr.io/${{ env.IMAGE_NAME }} flavor: latest=true @@ -90,7 +90,7 @@ jobs: type=pep440,pattern={{major}}.{{minor}} - name: Build and push image to registry # Ref: https://github.com/docker/build-push-action?tab=readme-ov-file#customizing - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: true build-args: VERSION=${{ github.event.release.name }} @@ -109,12 +109,12 @@ jobs: contents: write steps: - name: Set up just - uses: extractions/setup-just@v2 + uses: extractions/setup-just@v3 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # fetch all commits and branches - name: Set up uv - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5.2.2 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 with: python-version: '3.13' enable-cache: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8b0522b..362fb78 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false # Ref: https://github.com/ossf/scorecard-action - name: Run scorecard analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -39,6 +39,6 @@ jobs: # required for Code scanning alerts - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0da6a1f..1c5ea46 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,10 +20,10 @@ jobs: python-version: ['3.10', '3.12', '3.13'] steps: - name: Set up just - uses: extractions/setup-just@v2 + uses: extractions/setup-just@v3 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up uv - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5.2.2 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 with: python-version: ${{ matrix.python-version }} enable-cache: true @@ -71,10 +71,10 @@ jobs: os: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Set up just - uses: extractions/setup-just@v2 + uses: extractions/setup-just@v3 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up uv - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5.2.2 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 with: python-version: '3.13' enable-cache: true @@ -113,16 +113,16 @@ jobs: NO_COLOR: 1 steps: - name: Set up just - uses: extractions/setup-just@v2 + uses: extractions/setup-just@v3 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up uv - uses: astral-sh/setup-uv@4db96194c378173c656ce18a155ffc14a9fc4355 # v5.2.2 + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 - name: Get package version id: package-version run: echo "version=$(just project-version)" >> $GITHUB_OUTPUT - - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: load: true tags: afuetterer/python-re3data:test