CI: Bump the all-actions group across 1 directory with 3 updates

author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)

committer GitHub <noreply@github.com>

Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)
author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)
committer GitHub <noreply@github.com>
Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml

index 80adc6ae74bfb0cc43e23ef2df6cc67173a658c4..88deb3eabd958f7a67ac595a6f841a13d1c509ae 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
        matrix:
          bs: [autotools, cmake]
      steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Install dependencies
        run: ./build/ci/github_actions/install-macos-dependencies.sh
      - name: Autogen
@@ -47,7 +47,7 @@ jobs:
        run: ./build/ci/build.sh -a artifact
        env:
          BS: ${{ matrix.bs }}
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: libarchive-macos-${{ matrix.bs }}-${{ github.sha }}
          path: libarchive.tar.xz
@@ -59,7 +59,7 @@ jobs:
          bs: [autotools, cmake]
          crypto: [mbedtls, nettle, openssl]
      steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Update apt cache
        run: sudo apt-get update
      - name: Install dependencies
@@ -93,14 +93,14 @@ jobs:
        run: ./build/ci/build.sh -a artifact
        env:
          BS: ${{ matrix.bs }}
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: libarchive-ubuntu-${{ matrix.bs }}-${{ matrix.crypto }}-${{ github.sha }}
          path: libarchive.tar.xz
    Ubuntu-distcheck:
      runs-on: ubuntu-24.04
      steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Update package definitions
        run: sudo apt-get update
      - name: Install dependencies
@@ -115,7 +115,7 @@ jobs:
          SKIP_OPEN_FD_ERR_TEST: 1
      - name: Dist-Artifact
        run: ./build/ci/build.sh -a dist-artifact
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: libarchive-${{ github.sha }}
          path: libarchive-dist.tar
@@ -127,7 +127,7 @@ jobs:
        matrix:
          be: [mingw-gcc, msvc]
      steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Install mingw
        if:  ${{ matrix.be=='mingw-gcc' }}
        run: choco install mingw
@@ -163,7 +163,7 @@ jobs:
        shell: cmd
        env:
          BE: ${{ matrix.be }}
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        with:
          name: libarchive-windows-${{ matrix.be }}-${{ github.sha }}
          path: libarchive.zip
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml

index d647091bb2e1b629e6a85f39799100ac860bb1e1..8eaa3a2ee689df316a0bc61984661993e269f77e 100644 (file)
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -21,7 +21,7 @@ jobs:
          fuzz-seconds: 600
          dry-run: false
      - name: Upload Crash
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
        if: failure() && steps.build.outcome == 'success'
        with:
          name: artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml

index 139d47d5a9a2762273374919e7c3f9f2babb68b0..2bcf936f56022a46c707930d4b2dc70885357330 100644 (file)
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,18 +26,18 @@ jobs:
  
      steps:
        - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  
        - name: Initialize CodeQL
-        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
          with:
            languages: ${{ matrix.language }}
            queries: +security-and-quality
  
        - name: Autobuild
-        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
  
        - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
          with:
            category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml

index 4038954a21ae480ea4f355209204b5aac72648ab..5258a6cdc9b150866116a1a7069848724472eba9 100644 (file)
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -29,7 +29,7 @@ jobs:
  
      steps:
        - name: "Checkout code"
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
          with:
            persist-credentials: false
  
@@ -52,7 +52,7 @@ jobs:
        # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
        # format to the repository Actions tab.
        - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
          with:
            name: SARIF file
            path: results.sarif
@@ -60,6 +60,6 @@ jobs:
  
        # Upload the results to GitHub's code scanning dashboard.
        - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
+        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
          with:
            sarif_file: results.sarif
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
	Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)
committer	GitHub <noreply@github.com>
	Mon, 8 Dec 2025 16:06:40 +0000 (16:06 +0000)
.github/workflows/ci.yml		patch \| blob \| blame \| history
.github/workflows/cifuzz.yml		patch \| blob \| blame \| history
.github/workflows/codeql.yml		patch \| blob \| blame \| history
.github/workflows/scorecard.yml		patch \| blob \| blame \| history