From 0dc96df2a2e3e663de6812a62b2deb0e8641c8f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 19 Apr 2026 02:30:02 +0000 Subject: [PATCH] chore(deps): bump the everything group with 8 updates Bumps the everything group with 8 updates: | Package | From | To | | --- | --- | --- | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.7` | `4.35.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.3.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `4.1.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.2.1` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.1` | `3.0.0` | | [KineticCafe/actions-dco](https://github.com/kineticcafe/actions-dco) | `1.3.4` | `2.1.1` | Updates `ossf/scorecard-action` from 2.4.1 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `github/codeql-action` from 3.27.7 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.27.7...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f) Updates `actions/attest-build-provenance` from 2.2.3 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/c074443f1aee8d4aeeae555aebba3282517141b2...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `actions/download-artifact` from 4.2.1 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/95815c38cf2ff2164869cbab79da8d1f422bc89e...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `KineticCafe/actions-dco` from 1.3.4 to 2.1.1 - [Release notes](https://github.com/kineticcafe/actions-dco/releases) - [Changelog](https://github.com/KineticCafe/actions-dco/blob/main/Changelog.md) - [Commits](https://github.com/kineticcafe/actions-dco/compare/416cafbc9c07f26219d09981d9ac49ce29b5bfea...6e1652ef3027ce128e65e6edd215ae053350bd16) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: everything - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything - dependency-name: KineticCafe/actions-dco dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything ... Signed-off-by: dependabot[bot] --- .github/workflows/ossf-scorecard.yml | 6 +++--- .github/workflows/release.yml | 16 ++++++++-------- .github/workflows/test-dast.yml | 2 +- .github/workflows/test-dco.yml | 2 +- .github/workflows/test-lint.yml | 2 +- .github/workflows/test-perf.yml | 2 +- .github/workflows/test-sast.yml | 12 ++++++------ .github/workflows/test-types.yml | 2 +- .github/workflows/test-unit.yml | 2 +- 9 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 12bd2da..d126ace 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -22,18 +22,18 @@ jobs: with: persist-credentials: false - name: 'Run analysis' - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif publish_results: true - name: 'Upload artifact' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 04fa033..7f5c84d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org @@ -53,12 +53,12 @@ jobs: echo EOF } >> "$GITHUB_OUTPUT" - name: Build Attestations - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: | **/*.tgz - name: Upload artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ env.tag }} path: | @@ -76,16 +76,16 @@ jobs: contents: write steps: - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org - name: Download artifact - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # 8.0.1 with: name: ${{ needs.build.outputs.tag }} - name: Release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: draft: true prerelease: ${{ needs.build.outputs.prerelease }} @@ -106,12 +106,12 @@ jobs: id-token: write steps: - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org - name: Download artifact - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # 8.0.1 with: name: ${{ needs.release.outputs.tag }} - name: npm publish (next) diff --git a/.github/workflows/test-dast.yml b/.github/workflows/test-dast.yml index 8fdc97b..5498513 100644 --- a/.github/workflows/test-dast.yml +++ b/.github/workflows/test-dast.yml @@ -20,7 +20,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org diff --git a/.github/workflows/test-dco.yml b/.github/workflows/test-dco.yml index 0642db3..e9c11ef 100644 --- a/.github/workflows/test-dco.yml +++ b/.github/workflows/test-dco.yml @@ -12,4 +12,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Check for Developer Certificate of Origin (DCO) compliance - uses: KineticCafe/actions-dco@416cafbc9c07f26219d09981d9ac49ce29b5bfea # v1.3.4 + uses: KineticCafe/actions-dco@6e1652ef3027ce128e65e6edd215ae053350bd16 # v2.1.1 diff --git a/.github/workflows/test-lint.yml b/.github/workflows/test-lint.yml index 8fce92b..8280de3 100644 --- a/.github/workflows/test-lint.yml +++ b/.github/workflows/test-lint.yml @@ -20,7 +20,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org diff --git a/.github/workflows/test-perf.yml b/.github/workflows/test-perf.yml index 1f54db8..57ed68e 100644 --- a/.github/workflows/test-perf.yml +++ b/.github/workflows/test-perf.yml @@ -20,7 +20,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org diff --git a/.github/workflows/test-sast.yml b/.github/workflows/test-sast.yml index df285f7..5830274 100644 --- a/.github/workflows/test-sast.yml +++ b/.github/workflows/test-sast.yml @@ -43,7 +43,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org @@ -71,7 +71,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org @@ -93,7 +93,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org @@ -122,14 +122,14 @@ jobs: with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155 # v2.27.7 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v2.27.7 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@babb554ede22fd5605947329c4d04d8e7a0b8155 # v2.27.7 + uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v2.27.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155 # v2.27.7 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v2.27.7 with: category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/test-types.yml b/.github/workflows/test-types.yml index 02d66e8..bede95d 100644 --- a/.github/workflows/test-types.yml +++ b/.github/workflows/test-types.yml @@ -20,7 +20,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 9dac669..9648337 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -20,7 +20,7 @@ jobs: with: persist-credentials: false - name: Setup Node.js ${{ env.NODE_VERSION }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: ${{ env.NODE_VERSION }} registry-url: https://registry.npmjs.org