From 5f5e13558aa60ed18368e8e7263cb97da11bd02f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2026 23:59:31 +0000 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 11 updates Bumps the github-actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.36.0` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [miniscruff/changie-action](https://github.com/miniscruff/changie-action) | `2.0.0` | `3.0.0` | | [labd/changie-release-action](https://github.com/labd/changie-release-action) | `0.4.0` | `0.6.1` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `7.0.1` | `9.2.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.6.0` | `6.0.1` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.2.2` | | [actions/add-to-project](https://github.com/actions/add-to-project) | `1.0.2` | `2.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.2` | `0.5.6` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.3.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-go` from 5.6.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/40f1582b2485089dde7abd97c1529aa768e1baff...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `github/codeql-action` from 3.35.2 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/21025c705c08248db411dc16f3619e6b5f9ea21a...25dd0e34f4fe68f24cc83900b1fe3fe149efef98) Updates `miniscruff/changie-action` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/miniscruff/changie-action/releases) - [Changelog](https://github.com/miniscruff/changie-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/miniscruff/changie-action/compare/6dcc2533cac0495148ed4046c438487e4dceaa23...11bcad388e7973948cbcecb10863baf024d5f607) Updates `labd/changie-release-action` from 0.4.0 to 0.6.1 - [Release notes](https://github.com/labd/changie-release-action/releases) - [Changelog](https://github.com/labd/changie-release-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/labd/changie-release-action/compare/c3368fda69f814cd8b78d36834fb154254ea8c23...1299f6ba27a50b2f2beb09d73bcbdc1d87a415f4) Updates `golangci/golangci-lint-action` from 7.0.1 to 9.2.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/9fae48acfc02a90574d7c304a1758ef9895495fa...82606bf257cbaff209d206a39f5134f0cfbfd2ee) Updates `codecov/codecov-action` from 4.6.0 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...e79a6962e0d4c0c17b229090214935d2e33f8354) Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.2.2 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/e435ccd777264be153ace6237001ef4d979d3a7a...5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89) Updates `actions/add-to-project` from 1.0.2 to 2.0.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/244f685bbc3b7adfa8466e08b698b5577571133e...5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd) Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.6 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...5f14fd08f7cf1cb1609c1e344975f152c7ee938d) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: labd/changie-release-action dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: miniscruff/changie-action dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 10 +++++----- .github/workflows/dependabot-changie.yaml | 6 +++--- .github/workflows/prepare-release.yaml | 4 ++-- .github/workflows/pull-request.yaml | 14 +++++++------- .github/workflows/release.yaml | 6 +++--- .github/workflows/triage.yaml | 2 +- .github/workflows/zizmor.yaml | 2 +- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 462ba85..20d8cd8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,18 +40,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 + uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -78,6 +78,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependabot-changie.yaml b/.github/workflows/dependabot-changie.yaml index 9e5e017..5a16cf1 100644 --- a/.github/workflows/dependabot-changie.yaml +++ b/.github/workflows/dependabot-changie.yaml @@ -15,18 +15,18 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Fetch Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Create change file - uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 + uses: miniscruff/changie-action@11bcad388e7973948cbcecb10863baf024d5f607 # v3.0.0 with: version: latest args: new --body "${{ github.event.pull_request.title }}" --kind Dependency diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index 33e5844..97f2215 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -9,13 +9,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Prepare release - uses: labd/changie-release-action@c3368fda69f814cd8b78d36834fb154254ea8c23 # v0.4.0 + uses: labd/changie-release-action@1299f6ba27a50b2f2beb09d73bcbdc1d87a415f4 # v0.6.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} release-workflow: release.yaml diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 4c1c29f..cc332c0 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -9,13 +9,13 @@ jobs: steps: - name: Check out code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Set up Go - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: "go.mod" cache: false @@ -24,7 +24,7 @@ jobs: run: go get ./... - name: golangci-lint - uses: golangci/golangci-lint-action@9fae48acfc02a90574d7c304a1758ef9895495fa # v7.0.1 + uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: version: v2.12.2 args: --issues-exit-code=0 @@ -39,12 +39,12 @@ jobs: AMPLIENCE_HUB_ID: ${{ secrets.AMPLIENCE_HUB_ID }} - name: Upload to codecov - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: verbose: true - name: build binary - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: args: build --snapshot --clean --single-target env: @@ -59,13 +59,13 @@ jobs: pull-requests: write actions: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Prepare release - uses: labd/changie-release-action@c3368fda69f814cd8b78d36834fb154254ea8c23 # v0.4.0 + uses: labd/changie-release-action@1299f6ba27a50b2f2beb09d73bcbdc1d87a415f4 # v0.6.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} release-workflow: 'release.yaml' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5045bed..b7825a0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,13 +7,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false - name: Set up Go - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: "go.mod" cache: false @@ -26,7 +26,7 @@ jobs: PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: version: latest args: release --clean diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index 005ac7e..e2d5e53 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -21,7 +21,7 @@ jobs: private-key: ${{ secrets.RD_APP_PRIVATE_KEY }} installation-id: ${{ secrets.RD_APP_INSTALLATION_ID }} - name: set to project board - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 + uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0 with: project-url: https://github.com/orgs/labd/projects/3 github-token: ${{ steps.get-app-token.outputs.app-token }} diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 8e6493b..406cbd0 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: advanced-security: false annotations: true