From 3bf386615bbaf96f9e2db32b57d623798491d6d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Jun 2026 12:53:54 +0000 Subject: [PATCH] chore(deps): bump the actions group with 9 updates Bumps the actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [actions/setup-java](https://github.com/actions/setup-java) | `4` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `9` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.88.0` | `3.95.5` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `actions/setup-java` from 4 to 5 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v4...v5) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) Updates `actions/github-script` from 7 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v9) Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `trufflesecurity/trufflehog` from 3.88.0 to 3.95.5 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/v3.88.0...v3.95.5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-java dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 22 ++++++------ .github/workflows/fuzz.yml | 26 +++++++------- .github/workflows/release.yml | 36 +++++++++---------- .github/workflows/security.yml | 28 +++++++-------- .github/workflows/wasmtime-upstream-watch.yml | 2 +- 5 files changed, 57 insertions(+), 57 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dced21ef..1fb519e6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,14 +43,14 @@ jobs: if: matrix.container run: dnf install -y gcc gcc-c++ make curl git perl-core - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -65,7 +65,7 @@ jobs: CARGO_TARGET_DIR: wasmtime4j-native/.cargo-target run: cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -77,15 +77,15 @@ jobs: name: Code Quality runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -158,9 +158,9 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: # Java 8 target: use JDK 21 to compile with -source/-target 8 and run tests # (test dependencies like Mockito 5.x require JDK 11+) @@ -168,14 +168,14 @@ jobs: distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/src/main/resources/natives/${{ matrix.platform }}/ @@ -205,7 +205,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: test-results-${{ matrix.platform }}-java${{ matrix.java }} path: '**/target/surefire-reports/' diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 1dcaf825..1cf275b6 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -47,7 +47,7 @@ jobs: name: Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@nightly @@ -65,7 +65,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-smoke path: wasmtime4j-native/fuzz/artifacts/ @@ -77,9 +77,9 @@ jobs: name: Java Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '23' @@ -100,7 +100,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes-smoke path: wasmtime4j-tests/fuzz/**/hs_err_*.log @@ -124,7 +124,7 @@ jobs: - wit_serialize - jni_callback steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@nightly @@ -132,7 +132,7 @@ jobs: run: cargo install cargo-fuzz - name: Cache fuzz corpus - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: wasmtime4j-native/fuzz/corpus/${{ matrix.target }} key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} @@ -164,14 +164,14 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-${{ matrix.target }} path: wasmtime4j-native/fuzz/artifacts/${{ matrix.target }}/ if-no-files-found: ignore - name: Upload updated corpus - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-corpus-${{ matrix.target }} path: wasmtime4j-native/fuzz/corpus/${{ matrix.target }}/ @@ -183,9 +183,9 @@ jobs: name: Java Fuzz Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '23' @@ -215,7 +215,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes path: wasmtime4j-tests/fuzz/**/hs_err_*.log @@ -230,7 +230,7 @@ jobs: issues: write steps: - name: Create issue for crashes - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date().toISOString().split('T')[0]; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93781c20..520f0b13 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,14 +42,14 @@ jobs: if: matrix.container run: dnf install -y gcc gcc-c++ make curl git perl-core - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -64,7 +64,7 @@ jobs: CARGO_TARGET_DIR: wasmtime4j-native/.cargo-target run: cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -105,23 +105,23 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: # Java 8 target: use JDK 21 to compile with source/target 8 and run tests java-version: ${{ matrix.java == '8' && '21' || matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wasmtime4j-native/src/main/resources/natives/${{ matrix.platform }}/ @@ -139,15 +139,15 @@ jobs: needs: build-native runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -180,9 +180,9 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -193,7 +193,7 @@ jobs: gpg-passphrase: GPG_PASSPHRASE - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-publish-${{ hashFiles('**/pom.xml') }} @@ -201,19 +201,19 @@ jobs: # Download all 4 native libraries into resource directories - name: Download native libraries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wasmtime4j-native/src/main/resources/natives/linux-x86_64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-linux-aarch64 path: wasmtime4j-native/src/main/resources/natives/linux-aarch64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-darwin-aarch64 path: wasmtime4j-native/src/main/resources/natives/darwin-aarch64/ - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 with: name: native-windows-x86_64 path: wasmtime4j-native/src/main/resources/natives/windows-x86_64/ @@ -287,7 +287,7 @@ jobs: done - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: generate_release_notes: true files: | diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index b48ca0b4..aaf22287 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -19,7 +19,7 @@ jobs: name: Cargo Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable @@ -44,15 +44,15 @@ jobs: name: OWASP Dependency Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-security-${{ hashFiles('**/pom.xml') }} @@ -68,7 +68,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dependency-check-report path: '**/target/dependency-check-report.html' @@ -81,15 +81,15 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java @@ -100,19 +100,19 @@ jobs: ./mvnw compile $COMMON_ARGS -pl wasmtime4j,wasmtime4j-jni,wasmtime4j-native-loader - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # Secret scanning secret-scan: name: Secret Scanning runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@v3.88.0 + uses: trufflesecurity/trufflehog@v3.95.5 with: path: ./ base: ${{ github.event.pull_request.base.sha || 'HEAD~1' }} @@ -124,9 +124,9 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'push' && github.ref == 'refs/heads/master' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -134,7 +134,7 @@ jobs: - name: Generate SBOM run: ./mvnw org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -B -P skip-native - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: sbom path: target/bom.xml diff --git a/.github/workflows/wasmtime-upstream-watch.yml b/.github/workflows/wasmtime-upstream-watch.yml index 612113c5..fef99452 100644 --- a/.github/workflows/wasmtime-upstream-watch.yml +++ b/.github/workflows/wasmtime-upstream-watch.yml @@ -14,7 +14,7 @@ jobs: name: Check upstream wasmtime release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Compare versions and manage tracking issue env: