Skip to content

Commit e3a1d4c

Browse files
build(deps): bump the github-actions group across 1 directory with 8 updates
Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [gradle/actions](https://github.com/gradle/actions) | `48b5f213c81028ace310571dc5ec0fbbca0b2947` | `ed408507eac070d1f99cc633dbcf757c94c7933a` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.8.0` | `5.2.0` | | [lukka/get-cmake](https://github.com/lukka/get-cmake) | `4.0.2` | `4.3.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.0.0` | `5.0.0` | | [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `2.0.2` | `2.3.8` | | [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `4.0.0` | `5.0.0` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...de0fac2) Updates `gradle/actions` from 48b5f213c81028ace310571dc5ec0fbbca0b2947 to ed408507eac070d1f99cc633dbcf757c94c7933a - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@48b5f21...ed40850) Updates `actions/setup-java` from 4.8.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@c1e3236...be666c2) Updates `lukka/get-cmake` from 4.0.2 to 4.3.3 - [Release notes](https://github.com/lukka/get-cmake/releases) - [Changelog](https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md) - [Commits](lukka/get-cmake@ea00481...591817e) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) Updates `actions/dependency-review-action` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4901385...a1d282b) Updates `google/osv-scanner-action` from 2.0.2 to 2.3.8 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@e69cc6c...9a49870) Updates `peter-evans/create-or-update-comment` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@71345be...e8674b0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google/osv-scanner-action dependency-version: 2.3.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: gradle/actions dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: lukka/get-cmake dependency-version: 4.3.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-or-update-comment dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
1 parent 1e1c694 commit e3a1d4c

8 files changed

Lines changed: 40 additions & 40 deletions

.github/workflows/android.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,11 @@ jobs:
3838
runs-on: ubuntu-latest
3939

4040
steps:
41-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
41+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4242
with:
4343
submodules: recursive
4444

45-
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
45+
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
4646

4747
- name: Check root crash/replay logs
4848
run: bash scripts/check-no-root-crash-logs.sh
@@ -60,16 +60,16 @@ jobs:
6060
run: bash scripts/check-fastlane-metadata.sh
6161

6262
- name: Set up JDK 17
63-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
63+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
6464
with:
6565
java-version: 17
6666
distribution: temurin
6767

6868
- name: Set up CMake and Ninja
69-
uses: lukka/get-cmake@ea004816823209b8d1211e47b216185caee12cc5 # v4.0.2
69+
uses: lukka/get-cmake@591817e96fcad43505fb4eae36172462abb3a42e # v4.3.3
7070

7171
- name: Cache Gradle
72-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
72+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
7373

7474
- name: Verify no-network contract (N7.1)
7575
run: ./gradlew :app:verifyNoInternetPermission
@@ -123,14 +123,14 @@ jobs:
123123
echo "All shipped native libraries (if any) are 16 KB aligned."
124124
125125
- name: Upload debug APK
126-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
126+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
127127
with:
128128
name: app-debug.apk
129129
path: app/build/outputs/apk/debug/app-debug.apk
130130

131131
- name: Upload lint report
132132
if: always()
133-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
133+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
134134
with:
135135
name: lint-debug-report
136136
path: |
@@ -140,7 +140,7 @@ jobs:
140140
141141
- name: Upload unit-test report
142142
if: always()
143-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
143+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
144144
with:
145145
name: unit-test-report
146146
path: app/build/reports/tests/testDebugUnitTest/

.github/workflows/crowdin-upload.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121

2222
steps:
2323
- name: Checkout
24-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
24+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2525
- name: Upload
2626
# SHA pin: crowdin/github-action@v2 = 8868a33591d21088edfc398968173a3b98d51706
2727
# Verified 2026-05-17 via `GET /repos/crowdin/github-action/git/refs/tags/v2`.

.github/workflows/dependency-scan.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -40,36 +40,36 @@ jobs:
4040
if: github.event_name == 'pull_request'
4141
runs-on: ubuntu-latest
4242
steps:
43-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
43+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4444
with:
4545
submodules: recursive
4646
- name: Run dependency-review
47-
uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4
47+
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v4
4848
with:
4949
fail-on-severity: high
5050
comment-summary-in-pr: on-failure
5151

5252
osv-scanner:
5353
runs-on: ubuntu-latest
5454
steps:
55-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
55+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5656
with:
5757
submodules: recursive
5858

5959
- name: Set up JDK 17
60-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
60+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
6161
with:
6262
java-version: 17
6363
distribution: temurin
6464

6565
- name: Cache Gradle
66-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
66+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
6767

6868
- name: Generate Gradle dependency tree
6969
run: ./gradlew :app:dependencies --configuration releaseRuntimeClasspath > gradle-deps.txt
7070

7171
- name: Run OSV-Scanner against the lockfiles + dep tree
72-
uses: google/osv-scanner-action/osv-scanner-action@e69cc6c86b31f1e7e23935bbe7031b50e51082de # v2.0.2
72+
uses: google/osv-scanner-action/osv-scanner-action@9a498708959aeaef5ef730655706c5a1df1edbc2 # v2.3.8
7373
with:
7474
scan-args: |-
7575
--recursive
@@ -79,7 +79,7 @@ jobs:
7979

8080
- name: Upload dep tree artifact
8181
if: always()
82-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
82+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
8383
with:
8484
name: gradle-dep-tree
8585
path: gradle-deps.txt

.github/workflows/emulator-smoke.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -28,23 +28,23 @@ jobs:
2828
timeout-minutes: 35
2929

3030
steps:
31-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
31+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232
with:
3333
submodules: recursive
3434

35-
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
35+
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
3636

3737
- name: Set up JDK 17
38-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
38+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
3939
with:
4040
java-version: 17
4141
distribution: temurin
4242

4343
- name: Set up CMake and Ninja
44-
uses: lukka/get-cmake@ea004816823209b8d1211e47b216185caee12cc5 # v4.0.2
44+
uses: lukka/get-cmake@591817e96fcad43505fb4eae36172462abb3a42e # v4.3.3
4545

4646
- name: Cache Gradle
47-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
47+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
4848

4949
- name: Build debug APK
5050
run: ./gradlew :app:assembleDebug
@@ -77,7 +77,7 @@ jobs:
7777
7878
- name: Upload emulator smoke logcat
7979
if: always()
80-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
80+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
8181
with:
8282
name: emulator-smoke-logcat
8383
path: emulator-smoke-logcat.txt

.github/workflows/release.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,21 +38,21 @@ jobs:
3838
env:
3939
SIGNING_KEYSTORE_BASE64: ${{ secrets.SIGNING_KEYSTORE_BASE64 }}
4040
steps:
41-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
41+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4242
with:
4343
submodules: recursive
4444
fetch-depth: 0
4545

46-
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
46+
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
4747

4848
- name: Set up JDK 17
49-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
49+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
5050
with:
5151
java-version: 17
5252
distribution: temurin
5353

5454
- name: Cache Gradle
55-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
55+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
5656

5757
- name: Make gradlew executable
5858
run: chmod +x ./gradlew
@@ -141,7 +141,7 @@ jobs:
141141
142142
- name: Upload OSV scan artifacts
143143
if: always()
144-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
144+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
145145
with:
146146
name: swiftfloris-v${{ inputs.version }}-osv
147147
path: |
@@ -222,7 +222,7 @@ jobs:
222222
echo '```' >> "$GITHUB_STEP_SUMMARY"
223223
224224
- name: Upload artifacts
225-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
225+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
226226
with:
227227
name: swiftfloris-v${{ inputs.version }}
228228
path: |

.github/workflows/reproducible-build.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,31 +48,31 @@ jobs:
4848
runs-on: ubuntu-latest
4949

5050
steps:
51-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
51+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5252
with:
5353
submodules: recursive
5454
fetch-depth: 0
5555

56-
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
56+
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
5757

5858
- name: Set up JDK 17
59-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
59+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
6060
with:
6161
java-version: 17
6262
distribution: temurin
6363

6464
- name: Set up CMake and Ninja
65-
uses: lukka/get-cmake@ea004816823209b8d1211e47b216185caee12cc5 # v4.0.2
65+
uses: lukka/get-cmake@591817e96fcad43505fb4eae36172462abb3a42e # v4.3.3
6666

6767
- name: Cache Gradle
68-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
68+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
6969

7070
- name: Verify release APK reproducibility
7171
run: bash scripts/verify-reproducible-apk.sh "$RUNNER_TEMP/reproducible-apk"
7272

7373
- name: Upload reproducibility artifacts
7474
if: always()
75-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
75+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
7676
with:
7777
name: reproducible-apk-${{ github.sha }}
7878
path: ${{ runner.temp }}/reproducible-apk/

.github/workflows/roborazzi-baseline.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,20 +36,20 @@ jobs:
3636
runs-on: ubuntu-latest
3737

3838
steps:
39-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
39+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4040
with:
4141
submodules: recursive
4242

43-
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
43+
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
4444

4545
- name: Set up JDK 17
46-
uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
46+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
4747
with:
4848
java-version: 17
4949
distribution: temurin
5050

5151
- name: Cache Gradle
52-
uses: gradle/actions/setup-gradle@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4
52+
uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
5353

5454
- name: Make gradlew executable
5555
run: chmod +x ./gradlew
@@ -81,7 +81,7 @@ jobs:
8181
8282
- name: Upload baseline artifact
8383
if: always()
84-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
84+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
8585
with:
8686
name: roborazzi-baselines-${{ github.run_id }}${{ inputs.message && format('-{0}', inputs.message) || '' }}
8787
path: app/src/test/snapshots/images/

.github/workflows/validate-strings-no-translations.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,7 @@ jobs:
6767
# while running on `pull_request_target` (base-repo context). A
6868
# floating tag would let an attacker who rotates the v4 ref exfiltrate
6969
# the token. Re-pin when bumping; never re-introduce `@v4`.
70-
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4
70+
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
7171
if: steps.precheck.outputs.require_validation == 'true' && steps.fetch_changed_files.outputs.illegal_changes_list != ''
7272
with:
7373
issue-number: ${{ github.event.pull_request.number }}

0 commit comments

Comments
 (0)