mozilla
diff --git a/‎.github/actions/pr-comment-data-export/action.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/pr-comment-data-export/action.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/pr-comment/action.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/actions/pr-comment/action.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/quic-interop-runner/action.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/actions/quic-interop-runner/action.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 5 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/actionlint.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/actionlint.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/bench.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/bench.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/bencher-archive.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/bencher-archive.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/bencher-upload.yml‎
Lines changed: 5 additions & 1 deletion b/‎.github/workflows/bencher-upload.yml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎.github/workflows/check-mtu.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check-mtu.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/check.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/check.yml‎
Lines changed: 2 additions & 2 deletions
@@ -34,7 +34,7 @@ runs:
         echo "$EVENT_NUMBER" > comment-data/pr-number
         echo "$LOG_MD" > comment-data/log-md
     - if: ${{ github.event_name == 'pull_request' }}
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
         name: ${{ inputs.name }}
         path: comment-data
 
@@ -15,7 +15,7 @@ inputs:
 runs:
   using: composite
   steps:
-    - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+    - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
       with:
         run-id: ${{ github.event.workflow_run.id }}
         name: ${{ inputs.name }}
 
@@ -124,7 +124,7 @@ runs:
         exit $FAILED
       shell: bash
 
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       if: ${{ always() }}
       id: upload-logs
       with:
@@ -141,7 +141,7 @@ runs:
         mv result.json.tmp result.json
       shell: bash
 
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       if: ${{ always() }}
       with:
         name: '${{ inputs.client }} vs. ${{ inputs.server }} results'
 
@@ -12,6 +12,11 @@ updates:
     # Disable all non-security updates.
     # <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit>
     open-pull-requests-limit: 0
+    cooldown:
+      default-days: 10
+      semver-major-days: 20
+      semver-minor-days: 10
+      semver-patch-days: 5
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
 
@@ -9,7 +9,7 @@ on:
   merge_group:
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -48,13 +48,13 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
+      - uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
 
       - run: uvx zizmor --persona auditor --format sarif . > results.sarif
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+      - uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         with:
           sarif_file: results.sarif
           category: zizmor
@@ -27,7 +27,7 @@ env:
   WORKSPACE: ${{ github.workspace}}
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -191,7 +191,7 @@ jobs:
 
       - name: Export profiler.firefox.com data
         id: export_samply
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ${{ github.event.repository.name }}-${{ github.event.pull_request.head.sha }}-bench-samply
           path: |
@@ -202,7 +202,7 @@ jobs:
 
       - name: Export performance data
         id: export_perf
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ${{ github.event.repository.name }}-${{ github.event.pull_request.head.sha }}-bench-perf
           path: |
 
@@ -5,6 +5,10 @@ on:
     # SAFETY: We are not running any code from the triggering PR, so this is safe.
     types: [closed] # zizmor: ignore[dangerous-triggers]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
   contents: read
 
 
@@ -6,6 +6,10 @@ on:
     # SAFETY: We are not running any code from the triggering PR, so this is safe.
     types: [completed] # zizmor: ignore[dangerous-triggers]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
   contents: read
 
@@ -33,7 +37,7 @@ jobs:
           echo "$EVENT" | jq
 
       - name: Download benchmark results
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           run-id: ${{ github.event.workflow_run.id }}
           name: ${{ github.event.repository.name }}-${{ env.SHA }}-${{ env.DATA_TAG }}-perf
 
@@ -6,7 +6,7 @@ on:
   merge_group:
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 permissions:
 
@@ -15,7 +15,7 @@ env:
   RUST_TEST_TIME_DOCTEST: 10,30
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref_name }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 permissions:
@@ -174,7 +174,7 @@ jobs:
 
       - name: Save simulation seeds artifact
         if: ${{ always() }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }}
           path: simulation-seeds