From beca36cfdade0a19ed7767efd3daf37d358dbaad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Nov 2025 01:07:07 +0000 Subject: [PATCH] Bump the development-dependencies group across 1 directory with 8 updates Bumps the development-dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.3` | `4.31.4` | | [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) | `0.51.0` | `0.54.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.1.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `5` | `6` | | [peter-evans/find-comment](https://github.com/peter-evans/find-comment) | `3` | `4` | | [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `4` | `5` | Updates `actions/checkout` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) Updates `github/codeql-action` from 4.31.3 to 4.31.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/014f16e7ab1402f30e7c3329d33797e7948572db...e12f0178983d466f2f6028f5cc7a6d786fd97f4b) Updates `rojopolis/spellcheck-github-actions` from 0.51.0 to 0.54.0 - [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases) - [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md) - [Commits](https://github.com/rojopolis/spellcheck-github-actions/compare/0.51.0...0.54.0) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) Updates `actions/setup-go` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/44694675825211faa026b3c33043df3e48a5fa00...4dc6199c7b1a012772edbd06daecab0f50c9053c) Updates `actions/download-artifact` from 5 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) Updates `peter-evans/find-comment` from 3 to 4 - [Release notes](https://github.com/peter-evans/find-comment/releases) - [Commits](https://github.com/peter-evans/find-comment/compare/v3...v4) Updates `peter-evans/create-or-update-comment` from 4 to 5 - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: github/codeql-action dependency-version: 4.31.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: rojopolis/spellcheck-github-actions dependency-version: 0.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: peter-evans/find-comment dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: peter-evans/create-or-update-comment dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/contributors.yml | 2 +- .github/workflows/doc-update.yml | 20 ++++++++++---------- .github/workflows/go-test.yml | 16 ++++++++-------- .github/workflows/pr-comment.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scanner.yml | 6 +++--- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a3d1c59..6b60deb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - # Initializes the CodeQL tools for scanning. name: Initialize CodeQL - uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: languages: ${{ matrix.language }} - name: Analyze ${{ matrix.language }} - uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 79a7047..a7c8f41 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Identify all-time contributors to this repository uses: github/contributors@8b7586939baa0af4e801dbd22c88adf6e0db8915 # v1.7.5 diff --git a/.github/workflows/doc-update.yml b/.github/workflows/doc-update.yml index e343a4d..c01b7d4 100644 --- a/.github/workflows/doc-update.yml +++ b/.github/workflows/doc-update.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Originating repo checkout (e.g. public fork) - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - @@ -85,12 +85,12 @@ jobs: steps: - name: Originating repo checkout (e.g. public fork) - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout markdown config - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: go-openapi/ci-workflows ref: master # TODO: retrieve workflow ref @@ -156,12 +156,12 @@ jobs: report: ${{ steps.report-exists.outputs.report }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout spellcheck config - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: go-openapi/ci-workflows ref: master # TODO: retrieve workflow ref @@ -178,7 +178,7 @@ jobs: cp ci-tools/${{ env.spellcheck_dict }} ${{ env.spellcheck_dict }} - name: Spellcheck - uses: rojopolis/spellcheck-github-actions@0.51.0 + uses: rojopolis/spellcheck-github-actions@0.54.0 continue-on-error: true id: spellcheck with: @@ -261,7 +261,7 @@ jobs: echo "reactions=hooray" >> "$GITHUB_OUTPUT" - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.markdown_artifact }} name: ${{ env.markdown_artifact }} @@ -330,7 +330,7 @@ jobs: echo "> ℹ️ INFO: we use [avtodev/markdown-lint action](https://github.com/avto-dev/markdown-lint)" >> $GITHUB_STEP_SUMMARY - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.markdown_artifact }} name: ${{ env.markdown_artifact }} @@ -398,7 +398,7 @@ jobs: echo "reactions=hooray" >> "$GITHUB_OUTPUT" - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.spellcheck_artifact }} name: ${{ env.spellcheck_artifact }} @@ -491,7 +491,7 @@ jobs: # description: | # Calls a trusted shared workflow that temporarily elevates the caller's privileges # to write a comment in the PR. - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.spellcheck_artifact }} name: ${{ env.spellcheck_artifact }} diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 5dddca1..1c44996 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -17,9 +17,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true @@ -44,9 +44,9 @@ jobs: steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: '${{ matrix.go }}' check-latest: true @@ -96,9 +96,9 @@ jobs: CORPUS_MAX_SIZE_MB: 100 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true @@ -172,7 +172,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -207,7 +207,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml index 5509847..d9b03a2 100644 --- a/.github/workflows/pr-comment.yml +++ b/.github/workflows/pr-comment.yml @@ -101,7 +101,7 @@ jobs: - name: Download message artifact if: ${{ steps.check_pr.outputs.proceed == 'true'}} id: download - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: run-id: "${{ inputs.run_id }}" repository: "${{ env.TARGET }}" @@ -125,7 +125,7 @@ jobs: - name: Find previous PR comment if: ${{ steps.check_pr.outputs.proceed == 'true'}} - uses: peter-evans/find-comment@v3 + uses: peter-evans/find-comment@v4 id: find_comment with: repository: ${{ inputs.target_repo }} @@ -136,7 +136,7 @@ jobs: - name: Create or update PR comment if: ${{ steps.check_pr.outputs.proceed == 'true'}} - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@v5 with: issue-number: ${{ inputs.pr_number }} comment-id: ${{ steps.find_comment.outputs.comment-id }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e79ad9..ff9a106 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 - diff --git a/.github/workflows/scanner.yml b/.github/workflows/scanner.yml index 2f34e48..9f73274 100644 --- a/.github/workflows/scanner.yml +++ b/.github/workflows/scanner.yml @@ -24,7 +24,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - @@ -39,7 +39,7 @@ jobs: exit-code: 0 - name: Upload trivy findings to code scanning dashboard - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: category: trivy sarif_file: trivy-code-report.sarif @@ -59,7 +59,7 @@ jobs: output-file: govulnscan-report.sarif - name: Upload govulnscan findings to code scanning dashboard - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: category: govulnscan sarif_file: govulnscan-report.sarif