Bump the github-actions group across 1 directory with 5 updates

dependabot[bot] · sevein · commit f2f9ac95db59 · 2025-10-03T06:24:58.000+02:00
Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.7.0` | `6.8.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `de65e23aa2b7e23d713bb51fbfcb6d502f8667d8` | `2848b2cda0e5190984587ec6bb1f36730ca78d50` | | [docker/login-action](https://github.com/docker/login-action) | `3.5.0` | `3.6.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` | | [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `3.0.25` | `4.0.0` | Updates `astral-sh/setup-uv` from 6.7.0 to 6.8.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@b75a909...d0cc045) Updates `actions/upload-artifact` from de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 to 2848b2cda0e5190984587ec6bb1f36730ca78d50 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@de65e23...2848b2c) Updates `docker/login-action` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@184bdaa...5e57cd1) Updates `actions/cache` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0400d5f...0057852) Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 3.0.25 to 4.0.0 - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](zgosalvez/github-actions-ensure-sha-pinned-actions@fc87bb5...9e9574e) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 6.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 2848b2cda0e5190984587ec6bb1f36730ca78d50 dependency-type: direct:production dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -46,14 +46,14 @@ jobs:
         with:
           node-version-file: .node-version
       - name: Install uv
-        uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
         with:
           enable-cache: true
           version: latest
       - name: Build package
         run: uv build
       - name: Save distribution directory
-        uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 # v4.6.2
+        uses: actions/upload-artifact@2848b2cda0e5190984587ec6bb1f36730ca78d50 # v4.6.2
         with:
           # We expect:
           # - dist/aipscan-[version].tar.gz
@@ -109,7 +109,7 @@ jobs:
           name: dist
           path: dist
       - name: Login to Docker Hub
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -38,7 +38,7 @@ jobs:
         run: |
           echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT"
       - name: "Cache pip packages"
-        uses: "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" # v4.2.4
+        uses: "actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830" # v4.3.0
         with:
           path: "${{ steps.pip-cache.outputs.dir }}"
           key: "${{ runner.os }}-pip-${{ hashFiles('**/base.txt', '**/test.txt') }}"
diff --git a/.github/workflows/validate-action-pinning.yml b/.github/workflows/validate-action-pinning.yml
@@ -22,4 +22,4 @@ jobs:
       - name: Check out repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Ensure SHA-pinned Actions
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@fc87bb5b5a97953d987372e74478de634726b3e5 # v3.0.25
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@9e9574ef04ea69da568d6249bd69539ccc704e74 # v4.0.0
