From 24b135e1ffa764fa1f837a8a0ee634c75b64a2fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 31 May 2026 09:11:24 +0000 Subject: [PATCH] chore(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) | `3.0.1` | `4.1.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.34.0` | `4.36.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `6.0.0` | `8.0.1` | Updates `KSXGitHub/github-actions-deploy-aur` from 3.0.1 to 4.1.3 - [Release notes](https://github.com/ksxgithub/github-actions-deploy-aur/releases) - [Commits](https://github.com/ksxgithub/github-actions-deploy-aur/compare/a97f56a8425a7a7f3b8c58607f769c69b089cadb...da03e160361ce01bf087e790b6ffd196d7dccff7) Updates `github/codeql-action` from 4.34.0 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.34.0...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3) Updates `actions/upload-artifact` from 5.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/download-artifact` from 6.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) --- updated-dependencies: - dependency-name: KSXGitHub/github-actions-deploy-aur dependency-version: 4.1.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/aur-publish.yml | 4 ++-- .github/workflows/container.yml | 2 +- .github/workflows/scorecard-enforcer.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/aur-publish.yml b/.github/workflows/aur-publish.yml index 78e3bee..d1e8c4c 100644 --- a/.github/workflows/aur-publish.yml +++ b/.github/workflows/aur-publish.yml @@ -72,7 +72,7 @@ jobs: EOF - name: Publish to AUR - uses: KSXGitHub/github-actions-deploy-aur@a97f56a8425a7a7f3b8c58607f769c69b089cadb # v3.0.1 + uses: KSXGitHub/github-actions-deploy-aur@da03e160361ce01bf087e790b6ffd196d7dccff7 # v4.1.3 if: ${{ secrets.AUR_SSH_PRIVATE_KEY != '' }} with: pkgname: vext @@ -126,7 +126,7 @@ jobs: sed -i "s/^sha256sums_aarch64=.*/sha256sums_aarch64=('$AARCH64_SUM')/" PKGBUILD-bin - name: Publish vext-bin to AUR - uses: KSXGitHub/github-actions-deploy-aur@a97f56a8425a7a7f3b8c58607f769c69b089cadb # v3.0.1 + uses: KSXGitHub/github-actions-deploy-aur@da03e160361ce01bf087e790b6ffd196d7dccff7 # v4.1.3 if: ${{ secrets.AUR_SSH_PRIVATE_KEY != '' }} with: pkgname: vext-bin diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 597100a..b93baf5 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v3 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v3 diff --git a/.github/workflows/scorecard-enforcer.yml b/.github/workflows/scorecard-enforcer.yml index 75e2385..a5de43d 100644 --- a/.github/workflows/scorecard-enforcer.yml +++ b/.github/workflows/scorecard-enforcer.yml @@ -49,12 +49,12 @@ jobs: publish_results: true - name: Upload SARIF - uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 with: sarif_file: results.sarif - name: Persist SARIF for downstream score-gate job - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: scorecard-results path: results.sarif @@ -67,7 +67,7 @@ jobs: contents: read steps: - name: Download SARIF from scorecard job - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v5.0.0 with: name: scorecard-results