Merge pull request #578 from mm2/dependabot/github_actions/github-actions-9a505bf394

mm2 · web-flow · commit eca75f462f1d · 2026-06-03T14:25:25.000+02:00
Bump the github-actions group across 1 directory with 3 updates. Looks great
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,7 +16,7 @@ jobs:
         runner: [ ubuntu-latest ]
     runs-on: ${{ matrix.runner }}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
       - name: Build Ubuntu
         run: |
           ./configure --with-fastfloat --with-threaded
@@ -29,7 +29,7 @@ jobs:
         runner: [ macos-14, macos-latest ]
     runs-on: ${{ matrix.runner }}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
       - name: Build macOS
         run: |
           ./configure --with-fastfloat --with-threaded
@@ -50,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.runner }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@v6.0.3
       
       - name: Setup MSVC Build Environment
         uses: ilammy/msvc-dev-cmd@v1   
@@ -66,7 +66,7 @@ jobs:
   Ubuntu-meson:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - name: Install packages
         run: |
@@ -84,7 +84,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - name: Install packages
         run: |
@@ -104,7 +104,7 @@ jobs:
         runner: [ ubuntu-latest ]
     runs-on: ${{ matrix.runner }}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - name: Install packages
         run: sudo apt-get -y install build-essential cmake ninja-build
@@ -130,7 +130,7 @@ jobs:
         runner: [ macos-14, macos-latest ]
     runs-on: ${{ matrix.runner }}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - name: Configure
         run: |
@@ -161,7 +161,7 @@ jobs:
     runs-on: ${{ matrix.runner }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@v6.0.3
 
       - name: Configure
         run: |
@@ -185,7 +185,7 @@ jobs:
       run:
         shell: msys2 {0}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - uses: msys2/setup-msys2@v2
         with:
@@ -216,7 +216,7 @@ jobs:
       run:
         shell: C:\cygwin64\bin\bash.exe --login -eo pipefail -o igncr '{0}'
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@v6.0.3
 
       - uses: cygwin/cygwin-install-action@v6
         with:
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -36,15 +36,15 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v6.0.2
+      uses: actions/checkout@v6.0.3
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4.35.1
+      uses: github/codeql-action/init@v4.36.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v4.35.1
+      uses: github/codeql-action/autobuild@v4.36.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -69,4 +69,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4.35.1
+      uses: github/codeql-action/analyze@v4.36.1
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.1.1
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v4.1.1
         with:
           persist-credentials: false
 
@@ -42,14 +42,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b623f5fd572a69d335c9da3487c1ce53741a09bf # v2.24.0
+        uses: github/codeql-action/upload-sarif@8ed7f7c384ef65d96d422e33fe592d3572522558 # v2.24.0
         with:
           sarif_file: results.sarif
