chore(deps): update minor-patch dependencies grouped by manager

.github/workflows/pull-request-main.yml

@@ -75,7 +75,7 @@ jobs:
         run: pnpm nx run signed-commits:build
 
       - name: Commit back any changes
-        uses: planetscale/ghcommit-action@b68767a2e130a71926b365322e62b583404a5e09 # v0.1.43
+        uses: planetscale/ghcommit-action@f24050e41f8694750427d111b52f4ef9ca81a32d # v0.2.18
         with:
           commit_message: "🤖 Update build"
           repo: ${{ github.repository }}

.github/workflows/run-e2e-tests.yml

@@ -369,7 +369,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
       - name: Install citool
@@ -419,14 +419,14 @@ jobs:
       workflow_id: ${{ steps.gen_id.outputs.workflow_id }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
 
       - name: Setup Go
-        uses: actions/setup-go@v5.0.2
+        uses: actions/setup-go@v5.5.0
         with:
-          go-version: "1.24.0"
+          go-version: "1.25.2"
           check-latest: true
           cache: false # disable caching as this job doesn't benefit from it
 
@@ -625,7 +625,7 @@ jobs:
 
       - name: Checkout the repo
         if: ${{ steps.check-image-exists.outputs.exists != 'true' }}
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
           ref: ${{ inputs.chainlink_version }}
@@ -666,7 +666,7 @@ jobs:
           }}
     steps:
       - name: Checkout the repo
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
           ref: ${{ inputs.chainlink_version }}
@@ -725,7 +725,7 @@ jobs:
         uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0
 
       - name: Checkout repository
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
           ref: ${{ inputs.chainlink_version }}
@@ -937,13 +937,13 @@ jobs:
       - name: Upload trace data as artifact
         if: inputs.enable_otel_traces_for_ocr2_plugins &&
           matrix.tests.test_env_vars.ENABLE_OTEL_TRACES == 'true'
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: trace-data
           path: ./integration-tests/smoke/traces/trace-data.json
 
       - name: Upload test log as artifact
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         if: failure()
         with:
           name: test_log_${{ env.TEST_ID }}
@@ -953,7 +953,7 @@ jobs:
 
       - name: Upload cl node coverage data as artifact
         if: inputs.upload_cl_node_coverage_artifact
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         timeout-minutes: 2
         continue-on-error: true
         with:
@@ -970,7 +970,7 @@ jobs:
 
       - name: Upload test result as artifact
         if: ${{ always() }}
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: test_result_${{ needs.load-test-configurations.outputs.workflow_id
             }}_${{ env.TEST_ID }}
@@ -979,7 +979,7 @@ jobs:
 
       - name: Upload custom test artifacts
         if: failure() && matrix.tests.test_artifacts_on_failure != ''
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: custom_test_artifacts_${{ env.TEST_ID }}_${{
             needs.load-test-configurations.outputs.workflow_id }}
@@ -1012,7 +1012,7 @@ jobs:
         }}.amazonaws.com/chainlink-tests
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
       - name: Build Test Runner Image
@@ -1081,7 +1081,7 @@ jobs:
         uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0
 
       - name: Checkout repository
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
 
@@ -1226,7 +1226,7 @@ jobs:
           test_suite: ${{ matrix.tests.test_env_vars.TEST_SUITE }}
 
       - name: Upload test log as artifact
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         if: failure()
         with:
           name: test_log_${{ env.TEST_ID }}
@@ -1236,7 +1236,7 @@ jobs:
 
       - name: Upload custom test artifacts
         if: failure() && matrix.tests.test_artifacts_on_failure != ''
-        uses: actions/upload-artifact@v4.4.3
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: ${{ format('custom_test_artifacts_{0}_{1}', env.TEST_ID, needs.load-test-configurations.outputs.workflow_id) }}
           path: ${{ matrix.tests.test_artifacts_on_failure }}
@@ -1270,7 +1270,7 @@ jobs:
         uses: runs-on/action@66d4449b717b5462159659523d1241051ff470b9 # v1
 
       - name: Checkout repository
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           persist-credentials: false
 
@@ -1340,7 +1340,7 @@ jobs:
       test_results: ${{ steps.set_test_results.outputs.results }}
     steps:
       - name: Download all test result artifacts
-        uses: actions/download-artifact@v4.1.8
+        uses: actions/download-artifact@v4.3.0
         with:
           path: test_results
           pattern: test_result_${{ needs.load-test-configurations.outputs.workflow_id
@@ -1391,7 +1391,7 @@ jobs:
           { echo "cl_ref=$cl_ref"; echo "cl_short_ref=$cl_short_ref"; echo "cl_ref_path=$cl_ref_path"; } >> "$GITHUB_OUTPUT"
 
       - name: Send Slack notification
-        uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
+        uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
         if: ${{ inputs.slack_notification_after_tests == 'true' ||
           inputs.slack_notification_after_tests == 'always' ||
           (inputs.slack_notification_after_tests == 'on_failure' &&
@@ -1432,7 +1432,7 @@ jobs:
           contains(join(needs.*.result, ','), 'failure') &&
           inputs.slack_notification_after_tests_notify_user_id_on_failure != ''
           }}
-        uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
+        uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
         with:

.github/workflows/solidity-review-artifacts.yml

@@ -141,7 +141,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout the caller repository
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -207,7 +207,7 @@ jobs:
     needs: [gather-basic-info]
     steps:
       - name: Checkout the caller repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
         with:
           ref: ${{ env.head_ref }}
           persist-credentials: false
@@ -226,14 +226,14 @@ jobs:
           mkdir -p code-coverage
 
       - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0
+        uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0
         with:
           version: ${{ inputs.foundry_version }}
 
       # required for code coverage report generation
       - name: Setup LCOV
         if: ${{ inputs.generate_code_coverage == true }}
-        uses: hrishikesh-kadam/setup-lcov@f5da1b26b0dcf5d893077a3c4f29cf78079c841d # v1.0.0
+        uses: hrishikesh-kadam/setup-lcov@6c1aa0cc9e1c02f9f58f01ac599f1064ccc83470 # v1.1.0
 
       - name: Run Forge build for product contracts
         run: |
@@ -308,14 +308,14 @@ jobs:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Checkout caller repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
         with:
           fetch-depth: 0
           ref: ${{ env.head_ref }}
           persist-credentials: false
 
       - name: Checkout .github repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
         with:
           repository: smartcontractkit/.github
           ref: 65249c7eae628aad6e70a0c0850d981cd0074bf9
@@ -329,7 +329,7 @@ jobs:
           pnpm-version: ^10.0.0
 
       - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0
+        uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # v1.5.0
         with:
           version: ${{ inputs.foundry_version }}
 
@@ -342,7 +342,7 @@ jobs:
         if: ${{ inputs.generate_slither_reports == true }}
         uses: actions/[email protected]
         with:
-          python-version: "3.8"
+          python-version: "3.14"
 
       - name: Install solc-select and solc
         if: ${{ inputs.generate_slither_reports == true }}
@@ -472,14 +472,14 @@ jobs:
 
       - name: Checkout caller repository
         if: ${{ inputs.link_with_jira == true }}
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4.3.0
         with:
           ref: ${{ env.head_ref }}
           persist-credentials: false
 
       - name: Checkout chainlink-github-actions repository
         if: ${{ inputs.link_with_jira == true }}
-        uses: actions/checkout@v4.2.1
+        uses: actions/checkout@v4.3.0
         with:
           repository: smartcontractkit/.github
           ref: 65249c7eae628aad6e70a0c0850d981cd0074bf9

actions/beholder-pulumi-deploy-schema/action.yml

@@ -24,7 +24,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/checkout@v4.2.1
+    - uses: actions/checkout@v4.3.0
 
     - name: Docker login to ECR
       shell: bash

actions/branch-out-upload/action.yml

@@ -62,7 +62,7 @@ runs:
         echo "::endgroup::"
 
     - name: Upload Test Results to Trunk.io
-      uses: trunk-io/analytics-uploader@f2631c653f9675d391e6e68cc877370db927c64c # v2.0.0
+      uses: trunk-io/analytics-uploader@e15a1f52c853d03426af5aff6bad7321fda0f7a4 # v2.0.2
       continue-on-error: ${{ inputs.trunk-upload-only == 'true' }}
       env:
         TRUNK_TELEMETRY: "off"

actions/build-push-docker-manifest/action.yml

@@ -169,7 +169,7 @@ runs:
         version: v0.27.0
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
+      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
       with:
         role-to-assume: ${{ inputs.aws-role-arn }}
         role-duration-seconds: 900
@@ -372,7 +372,7 @@ runs:
 
     - name: Install cosign
       if: inputs.docker-manifest-sign == 'true'
-      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+      uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
       with:
         cosign-release: "v2.4.2"
 

actions/build-push-docker/action.yml

@@ -202,7 +202,7 @@ runs:
       if:
         ${{ steps.dockerfile-ecr-parse.outputs.needs-ecr-login == 'true' ||
         inputs.docker-push == 'true' }}
-      uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
       with:
         role-to-assume: ${{ inputs.aws-role-arn }}
         role-duration-seconds: 900
@@ -229,14 +229,14 @@ runs:
         registries: ${{ inputs.aws-account-number }}
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       with:
         version: latest
 
     - name: Docker meta
       if: ${{ inputs.docker-push == 'true' }}
       id: docker-meta
-      uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
+      uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
       with:
         images:
           ${{ format('{0}/{1}', inputs.docker-registry-url,
@@ -307,7 +307,7 @@ runs:
 
     - name: Build & push image
       id: build-image
-      uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
       env:
         DOCKER_BUILD_CHECKS_ANNOTATIONS: true
         DOCKER_BUILD_SUMMARY: true

actions/ci-beholder-validator/action.yml

@@ -31,7 +31,7 @@ runs:
   using: composite
   steps:
     - name: Checkout repo
-      uses: actions/checkout@v4.2.1
+      uses: actions/checkout@v4.3.0
       with:
         fetch-depth: ${{ inputs.checkout-repo-fetch-depth }}
 

actions/ci-benchmarking/action.yml

@@ -116,7 +116,7 @@ runs:
 
     - name: Run github-action-benchmark for PRs
       if: ${{ env.IS_PR == 'true' }}
-      uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 # v1.20.3
+      uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
       with:
         tool: "go"
         output-file-path: output.txt
@@ -129,7 +129,7 @@ runs:
 
     - name: Run github-action-benchmark for Merges
       if: ${{ env.IS_MERGE == 'true' }}
-      uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 # v1.20.3
+      uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
       with:
         tool: "go"
         output-file-path: output.txt

actions/ci-lint-charts/action.yml

@@ -46,7 +46,7 @@ runs:
         fi
 
     - name: Set up chart-testing
-      uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+      uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
 
     - name: Run chart-testing (lint)
       shell: bash

actions/ci-lint-go/action.yml

@@ -83,7 +83,7 @@ runs:
 
     - name: Assume aws gati role
       if: inputs.use-gati == 'true'
-      uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
+      uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
       with:
         role-to-assume: ${{ inputs.aws-role-arn-gati }}
         role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}

actions/ci-lint-misc/action.yml

@@ -22,7 +22,7 @@ runs:
         fetch-depth: ${{ inputs.checkout-repo-fetch-depth }}
 
     - name: Run actionlint
-      uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1.54.0
+      uses: reviewdog/action-actionlint@f00ad0691526c10be4021a91b2510f0a769b14d0 # v1.68.0
 
     - name: Run shellcheck
       uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0

actions/ci-sonarqube-go/action.yml

@@ -94,7 +94,7 @@ runs:
         echo "SONARQUBE_ARGS=$ARGS" >> $GITHUB_ENV
 
     - name: SonarQube Scan
-      uses: sonarsource/sonarqube-scan-action@0c0f3958d90fc466625f1d1af1f47bddd4cc6bd1 # v3.0.0
+      uses: sonarsource/sonarqube-scan-action@13990a695682794b53148ff9f6a8b6e22e43955e # v3.1.0
       with:
         args: ${{ env.SONARQUBE_ARGS }}
       env: