From 7f7ef793f333b76af8567b8ed73ed9489ed7ca0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 19:45:11 +0000 Subject: [PATCH] ci(deps): bump the github-actions group with 5 updates Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.3` | `4.35.4` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.2` | `3.95.3` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` | | [graalvm/setup-graalvm](https://github.com/graalvm/setup-graalvm) | `1.5.2` | `1.5.3` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` | Updates `github/codeql-action` from 4.35.3 to 4.35.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e) Updates `trufflesecurity/trufflehog` from 3.95.2 to 3.95.3 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/17456f8c7d042d8c82c9a8ca9e937231f9f42e26...37b77001d0174ebec2fcca2bd83ff83a6d45a3ab) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294) Updates `graalvm/setup-graalvm` from 1.5.2 to 1.5.3 - [Release notes](https://github.com/graalvm/setup-graalvm/releases) - [Commits](https://github.com/graalvm/setup-graalvm/compare/60c26726de13f8b90771df4bc1641a52a3159994...bef4b0e916c7dd079bf60fb95d49139f67e32c5f) Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: graalvm/setup-graalvm dependency-version: 1.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci-guardrails.yml | 4 ++-- .github/workflows/ci.yml | 2 +- .github/workflows/prs-review.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/reusable-native-build.yml | 2 +- .github/workflows/sast.yml | 10 +++++----- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci-guardrails.yml b/.github/workflows/ci-guardrails.yml index 5b17516..27b41ae 100644 --- a/.github/workflows/ci-guardrails.yml +++ b/.github/workflows/ci-guardrails.yml @@ -86,7 +86,7 @@ jobs: > poutine_results.sarif - name: Upload poutine SARIF file - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: sarif_file: poutine_results.sarif @@ -117,7 +117,7 @@ jobs: echo "trufflehog=${trufflehog}" >> "$GITHUB_OUTPUT" - name: Run TruffleHog - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2 + uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab # v3.95.3 with: extra_args: --results=verified,unknown version: ${{ steps.versions.outputs.trufflehog }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8a9ef46..88fb6c7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,6 +79,6 @@ jobs: - name: Upload Trivy SARIF file if: always() - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: sarif_file: trivy-results.sarif diff --git a/.github/workflows/prs-review.yml b/.github/workflows/prs-review.yml index 22bcdfb..e179d85 100644 --- a/.github/workflows/prs-review.yml +++ b/.github/workflows/prs-review.yml @@ -207,7 +207,7 @@ jobs: persist-credentials: false - name: Dependency Review - uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 + uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 with: config-file: ./.github/dependency-review-config.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dc89b0f..e34d53c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -170,7 +170,7 @@ jobs: # validates the native-image version even though no native compilation # happens in this job. - name: Set up GraalVM - uses: graalvm/setup-graalvm@60c26726de13f8b90771df4bc1641a52a3159994 # v1.5.2 + uses: graalvm/setup-graalvm@bef4b0e916c7dd079bf60fb95d49139f67e32c5f # v1.5.3 with: java-version: '25' distribution: 'graalvm-community' diff --git a/.github/workflows/reusable-native-build.yml b/.github/workflows/reusable-native-build.yml index 6487148..d33a88f 100644 --- a/.github/workflows/reusable-native-build.yml +++ b/.github/workflows/reusable-native-build.yml @@ -56,7 +56,7 @@ jobs: persist-credentials: false - name: Set up GraalVM - uses: graalvm/setup-graalvm@60c26726de13f8b90771df4bc1641a52a3159994 # v1.5.2 + uses: graalvm/setup-graalvm@bef4b0e916c7dd079bf60fb95d49139f67e32c5f # v1.5.3 with: java-version: '25' distribution: 'graalvm-community' diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 38a6829..3ea0bbe 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -44,16 +44,16 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: languages: java-kotlin,actions queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 opengrep: name: Analyze (Opengrep) @@ -90,7 +90,7 @@ jobs: echo "opengrep=${opengrep}" >> "$GITHUB_OUTPUT" - name: Install Cosign - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Download Opengrep env: @@ -120,7 +120,7 @@ jobs: - name: Upload results to GitHub Code Scanning if: always() - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: sarif_file: opengrep.sarif category: opengrep