From 304945177604dfd495859e3faa8e73aeae679139 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 Apr 2026 10:57:05 +0000
Subject: [PATCH] Bump the actions group across 1 directory with 5 updates

Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [generoi/github-actions](https://github.com/generoi/github-actions) | `1` | `2` |
| [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) | `20` | `21` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2` | `3` |



Updates `generoi/github-actions` from 1 to 2
- [Commits](https://github.com/generoi/github-actions/compare/v1...v2)

Updates `dawidd6/action-download-artifact` from 20 to 21
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/8305c0f1062bb0d184d09ef4493ecb9288447732...b6e2e70617bc3265edd6dab6c906732b2f1ae151)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

Updates `actions/create-github-app-token` from 2 to 3
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3)

---
updated-dependencies:
- dependency-name: generoi/github-actions
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '21'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codex.yml              | 8 ++++----
 .github/workflows/deploy.yml             | 4 ++--
 .github/workflows/e2e.yml                | 4 ++--
 .github/workflows/sync-db.yml            | 8 ++++----
 .github/workflows/test.yml               | 4 ++--
 .github/workflows/vulnerability-scan.yml | 4 ++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/codex.yml b/.github/workflows/codex.yml
index 90e4bb9..9a13157 100644
--- a/.github/workflows/codex.yml
+++ b/.github/workflows/codex.yml
@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Setup project
-        uses: generoi/github-actions/setup@v1
+        uses: generoi/github-actions/setup@v2
         with:
           npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
           packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
@@ -33,10 +33,10 @@ jobs:
         run: composer install:development
 
       - name: Setup DDEV
-        uses: generoi/github-actions/setup-ddev@v1
+        uses: generoi/github-actions/setup-ddev@v2
 
       - name: Download database artifact
-        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
+        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
         with:
           workflow: sync-db.yml
           name: sanitized-db
@@ -91,7 +91,7 @@ jobs:
 
       - name: Upload artifacts
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: codex-artifacts
           path: artifacts/
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 690094c..a6cc742 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -35,12 +35,12 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Start SSH agent
-        uses: generoi/github-actions/ssh-agent@v1
+        uses: generoi/github-actions/ssh-agent@v2
         with:
           ssh-private-key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
 
       - name: Setup project
-        uses: generoi/github-actions/setup@v1
+        uses: generoi/github-actions/setup@v2
         with:
           npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
           packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 3134ff7..39a5e7b 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: .nvmrc
           cache: 'npm'
@@ -32,7 +32,7 @@ jobs:
 
       - name: Upload test results
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: e2e-test-results
           path: test-results/
diff --git a/.github/workflows/sync-db.yml b/.github/workflows/sync-db.yml
index 316132a..12012c8 100644
--- a/.github/workflows/sync-db.yml
+++ b/.github/workflows/sync-db.yml
@@ -23,12 +23,12 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - uses: generoi/github-actions/ssh-agent@v1
+      - uses: generoi/github-actions/ssh-agent@v2
         with:
           ssh-private-key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
 
       - name: Setup project
-        uses: generoi/github-actions/setup@v1
+        uses: generoi/github-actions/setup@v2
         with:
           npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
           packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
@@ -40,7 +40,7 @@ jobs:
         run: ssh-keyscan -p $(./vendor/bin/robo config env.@production.port || echo 22) $(./vendor/bin/robo config env.@production.host) >> ~/.ssh/known_hosts
 
       - name: Setup DDEV
-        uses: generoi/github-actions/setup-ddev@v1
+        uses: generoi/github-actions/setup-ddev@v2
 
       - name: Pull database from production
         run: ./vendor/bin/robo db:pull @production
@@ -61,7 +61,7 @@ jobs:
             -pass env:DB_ARTIFACT_KEY
 
       - name: Upload sanitized DB artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: sanitized-db
           path: .github/fixtures/sanitized-db.sql.gz.enc
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8f68bae..6e45c9c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup project
-        uses: generoi/github-actions/setup@v1
+        uses: generoi/github-actions/setup@v2
         with:
           npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
           packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
@@ -51,7 +51,7 @@ jobs:
         run: composer ci --no-interaction
 
       - name: Install WordPress
-        uses: generoi/github-actions/install-wordpress@v1
+        uses: generoi/github-actions/install-wordpress@v2
         with:
           multisite: ${{ inputs.multisite }}
           activate_plugins: ${{ inputs.activate_plugins }}
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
index 6ab4c58..ae036e4 100644
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@@ -39,7 +39,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup project
-        uses: generoi/github-actions/setup@v1
+        uses: generoi/github-actions/setup@v2
         with:
           npm_fontawesome_auth_token: ${{ secrets.NPM_FONTAWESOME_AUTH_TOKEN }}
           packagist_github_token: ${{ secrets.PACKAGIST_GITHUB_TOKEN }}
@@ -183,7 +183,7 @@ jobs:
         # fails gracefully and the fallback to github.token kicks in.
         if: failure() && inputs.auto_update && steps.scan.outputs.packages != ''
         id: app-token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@v3
         continue-on-error: true
         with:
           app-id: ${{ secrets.VULN_BOT_APP_ID }}