CI: Bump the all-actions group across 1 directory with 4 updates (#2379)

author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)

committer GitHub <noreply@github.com>

Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)
author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)
committer GitHub <noreply@github.com>
Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml

index c93c8850e2546284a52c9caf6bbfa16566172104..9ad62f5b41bd9813a09cac5cd7b7797a2ffc3ef2 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
        matrix:
          bs: [autotools, cmake]
      steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Install dependencies
        run: ./build/ci/github_actions/macos.sh prepare
      - name: Autogen
@@ -45,7 +45,7 @@ jobs:
        run: ./build/ci/build.sh -a artifact
        env:
          BS: ${{ matrix.bs }}
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: libarchive-macos-${{ matrix.bs }}-${{ github.sha }}
          path: libarchive.tar.xz
@@ -57,7 +57,7 @@ jobs:
          bs: [autotools, cmake]
          crypto: [mbedtls, nettle, openssl]
      steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Update apt cache
        run: sudo apt-get update
      - name: Install dependencies
@@ -91,14 +91,14 @@ jobs:
        run: ./build/ci/build.sh -a artifact
        env:
          BS: ${{ matrix.bs }}
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: libarchive-ubuntu-${{ matrix.bs }}-${{ matrix.crypto }}-${{ github.sha }}
          path: libarchive.tar.xz
    Ubuntu-distcheck:
      runs-on: ubuntu-24.04
      steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Update package definitions
        run: sudo apt-get update
      - name: Install dependencies
@@ -113,7 +113,7 @@ jobs:
          SKIP_OPEN_FD_ERR_TEST: 1
      - name: Dist-Artifact
        run: ./build/ci/build.sh -a dist-artifact
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: libarchive-${{ github.sha }}
          path: libarchive-dist.tar
@@ -125,7 +125,7 @@ jobs:
        matrix:
          be: [mingw-gcc, msvc]
      steps:
-    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Install mingw
        if:  ${{ matrix.be=='mingw-gcc' }}
        run: choco install mingw
@@ -161,7 +161,7 @@ jobs:
        shell: cmd
        env:
          BE: ${{ matrix.be }}
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: libarchive-windows-${{ matrix.be }}-${{ github.sha }}
          path: libarchive.zip
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml

index ddacccc318cfa2516ee84b46caf39531e209779b..4777fab9c23e675c9f363aab9567c30b5bb3a443 100644 (file)
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -21,7 +21,7 @@ jobs:
          fuzz-seconds: 600
          dry-run: false
      - name: Upload Crash
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+      uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        if: failure() && steps.build.outcome == 'success'
        with:
          name: artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml

index d9b6a373be0628079505d08dd5a805aa547bc101..3f596639a944da9f87401207b3c47cd2fb502fcd 100644 (file)
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,18 +26,18 @@ jobs:
  
      steps:
        - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
  
        - name: Initialize CodeQL
-        uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
          with:
            languages: ${{ matrix.language }}
            queries: +security-and-quality
  
        - name: Autobuild
-        uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
  
        - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
          with:
            category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml

index a5f452ca240bb89a8c38dd0b0e31deb352ee30aa..60e9868344c33df67a5390ab8dc21213901e5ed8 100644 (file)
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -29,12 +29,12 @@ jobs:
  
      steps:
        - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
          with:
            persist-credentials: false
  
        - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
          with:
            results_file: results.sarif
            results_format: sarif
@@ -52,7 +52,7 @@ jobs:
        # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
        # format to the repository Actions tab.
        - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
          with:
            name: SARIF file
            path: results.sarif
@@ -60,6 +60,6 @@ jobs:
  
        # Upload the results to GitHub's code scanning dashboard.
        - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
          with:
            sarif_file: results.sarif
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
	Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)
committer	GitHub <noreply@github.com>
	Sun, 13 Oct 2024 07:42:01 +0000 (09:42 +0200)
.github/workflows/ci.yml		patch \| blob \| blame \| history
.github/workflows/cifuzz.yml		patch \| blob \| blame \| history
.github/workflows/codeql.yml		patch \| blob \| blame \| history
.github/workflows/scorecard.yml		patch \| blob \| blame \| history