Vulnerability fix (eclipse-velocitas#126)

* Bump dawidd6/action-download-artifact from 3 to 6 in /.github/workflows

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 3 to 6.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](dawidd6/action-download-artifact@v3...v6)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update GitHub workflows

* Fix jinja vulnerability

* Update NOTICE-3RD-PARTY-CONTENT.md

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: BjoernAtBosch

.github/scripts/deploy_image_from_artifact.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/build-docker-image.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/build-multiarch-image.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/check-devcontainer.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2023-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/check-licenses.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/check-updates.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2024-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/ci.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/ensure-lifecycle.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2023-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/gen-desired-state.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2023-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at

.github/workflows/release.yml

@@ -1,5 +1,5 @@
 # This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json
-# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2022-2025 Contributors to the Eclipse Foundation
 #
 # This program and the accompanying materials are made available under the
 # terms of the Apache License, Version 2.0 which is available at
@@ -95,7 +95,7 @@ jobs:
           intervalSeconds: 20
 
       - name: Download builds from Build multiarch image workflow artifacts
-        uses: dawidd6/action-download-artifact@v3
+        uses: dawidd6/action-download-artifact@v6
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           workflow: build-multiarch-image.yml
@@ -152,7 +152,7 @@ jobs:
           intervalSeconds: 30
 
       - name: Download artifact from CI workflow
-        uses: dawidd6/action-download-artifact@v3
+        uses: dawidd6/action-download-artifact@v6
         with:
           workflow: ci.yml
           workflow_conclusion: success

.velocitas-lock.json

@@ -1,7 +1,7 @@
 {
     "packages": {
         "devenv-runtimes": "v4.0.6",
-        "devenv-github-workflows": "v6.1.3",
+        "devenv-github-workflows": "v6.1.4",
         "devenv-github-templates": "v1.0.5",
         "devenv-devcontainer-setup": "v2.5.3"
     }

.velocitas.json

@@ -1,7 +1,7 @@
 {
     "packages": {
         "devenv-runtimes": "v4.0.6",
-        "devenv-github-workflows": "v6.1.3",
+        "devenv-github-workflows": "v6.1.4",
         "devenv-github-templates": "v1.0.5",
         "devenv-devcontainer-setup": "v2.5.3"
     },

NOTICE-3RD-PARTY-CONTENT.md

@@ -19,7 +19,7 @@
 |gcovr|5.2|BSD|
 |identify|2.6.1|MIT|
 |idna|3.10|BSD|
-|jinja2|3.1.4|BSD|
+|jinja2|3.1.5|BSD|
 |lxml|5.3.0|New BSD|
 |MarkupSafe|3.0.1|BSD|
 |node-semver|0.6.1|MIT|
@@ -55,7 +55,7 @@
 |actions/upload-artifact|v4|MIT License|
 |aquasecurity/trivy-action|0.19.0|Apache License 2.0|
 |ASzc/change-string-case-action|v6|ISC License|
-|dawidd6/action-download-artifact|v3|MIT License|
+|dawidd6/action-download-artifact|v6|MIT License|
 |de-vri-es/setup-git-credentials|v2|BSD 2-Clause "Simplified" License|
 |devcontainers/ci|v0.3|MIT License|
 |docker/build-push-action|v5|Apache License 2.0|

requirements.txt

@@ -36,7 +36,7 @@ identify==2.6.1
     # via pre-commit
 idna==3.10
     # via requests
-jinja2==3.1.4
+jinja2==3.1.5
     # via
     #   conan
     #   gcovr