From b99a452213982e50360a688af4de77ab10875df6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 03:22:10 +0000 Subject: [PATCH] Dependabot (repo and reusable workflows): Bump the gh-actions group across 1 directory with 7 updates Bumps the gh-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `2.9.4` | `3.0.4` | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4` | `5` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2` | `3` | | [advanced-security/policy-as-code](https://github.com/advanced-security/policy-as-code) | `2.10.1` | `2.11.1` | Updates `marocchino/sticky-pull-request-comment` from 2.9.4 to 3.0.4 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/v2.9.4...v3.0.4) Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `actions/setup-dotnet` from 4 to 5 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/v4...v5) Updates `actions/create-github-app-token` from 2 to 3 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3) Updates `advanced-security/policy-as-code` from 2.10.1 to 2.11.1 - [Release notes](https://github.com/advanced-security/policy-as-code/releases) - [Commits](https://github.com/advanced-security/policy-as-code/compare/v2.10.1...v2.11.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/setup-dotnet dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: advanced-security/policy-as-code dependency-version: 2.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-tracking.yml | 2 +- .github/workflows/reusable-workflow-sast.yml | 18 +++++++++--------- .../test-setup-environment-variables.yml | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dependabot-tracking.yml b/.github/workflows/dependabot-tracking.yml index ecbf168..b9d50d4 100644 --- a/.github/workflows/dependabot-tracking.yml +++ b/.github/workflows/dependabot-tracking.yml @@ -22,4 +22,4 @@ jobs: # marocchino/sticky-pull-request-comment v2.9.4 # SHA: 773744901bac0e8cbb5a0dc842800d45e9b2b405 - - uses: marocchino/sticky-pull-request-comment@v2.9.4 + - uses: marocchino/sticky-pull-request-comment@v3.0.4 diff --git a/.github/workflows/reusable-workflow-sast.yml b/.github/workflows/reusable-workflow-sast.yml index 20804c8..ba07ed2 100644 --- a/.github/workflows/reusable-workflow-sast.yml +++ b/.github/workflows/reusable-workflow-sast.yml @@ -122,7 +122,7 @@ jobs: if: ${{ (github.actor != 'dependabot[bot]') && (inputs.force_semgrep == true || needs.test-visibility.outputs.visibility == 'private') }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # Run the "semgrep scan" command on the command line of the docker image. - run: semgrep scan --config auto --sarif --sarif-output=semgrep.sarif --force-color @@ -133,7 +133,7 @@ jobs: run: | echo report_name=${{ github.run_id }}_${{ github.run_number }}_semgrep >> "$GITHUB_OUTPUT" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: ${{ steps.name-sarifs.outputs.report_name }} path: ${{ github.workspace }}/semgrep.sarif @@ -161,12 +161,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: queries: ${{ inputs.queries }} config-file: ${{ inputs.config_file }} @@ -175,7 +175,7 @@ jobs: if: ${{ inputs.config_file != '' }} - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: queries: ${{ inputs.queries }} languages: ${{ inputs.language }} @@ -183,7 +183,7 @@ jobs: if: ${{ inputs.config_file == '' }} - name: Setup dotnet ${{ inputs.dotnet_version }} - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ inputs.dotnet_version }} source-url: ${{ inputs.nuget-source-url }} @@ -208,7 +208,7 @@ jobs: if: ${{ inputs.language == 'csharp' && inputs.dotnet_build_params != '' }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: ref: ${{ inputs.ref }} sha: ${{ inputs.sha }} @@ -231,7 +231,7 @@ jobs: if: ${{ needs.test-visibility.outputs.visibility == 'public' }} steps: - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@v3 if: ${{ env.CODEQL_AUTHENTICATION_PRIVATE_KEY }} id: app-token with: @@ -242,7 +242,7 @@ jobs: - name: Advance Security Compliance Action if: ${{ env.CODEQL_AUTHENTICATION_PRIVATE_KEY }} - uses: advanced-security/policy-as-code@v2.10.1 + uses: advanced-security/policy-as-code@v2.11.1 with: # Set the severity levels which to set the threshold. All previous # severities are included so selecting 'error' also selects 'critical' and diff --git a/.github/workflows/test-setup-environment-variables.yml b/.github/workflows/test-setup-environment-variables.yml index 65b8149..2727cdf 100644 --- a/.github/workflows/test-setup-environment-variables.yml +++ b/.github/workflows/test-setup-environment-variables.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Environment Variables uses: ./set-up-environment