From 69acacfb8e254db73280f7c29dc13ece959c8242 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Aug 2025 14:49:58 +0000
Subject: [PATCH] ci: bump the github-actions group with 8 updates

Bumps the github-actions group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.19.0` | `1.34.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |
| [chromaui/action](https://github.com/chromaui/action) | `10` | `13` |
| [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.2` | `2.6.1` |
| [tj-actions/branch-names](https://github.com/tj-actions/branch-names) | `8` | `9` |
| [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) | `2.1.0` | `2.1.1` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.18.0` | `0.32.0` |
| [beatlabs/delete-old-branches-action](https://github.com/beatlabs/delete-old-branches-action) | `0.0.10` | `0.0.11` |


Updates `crate-ci/typos` from 1.19.0 to 1.34.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](https://github.com/crate-ci/typos/compare/v1.19.0...v1.34.0)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5)

Updates `chromaui/action` from 10 to 13
- [Release notes](https://github.com/chromaui/action/releases)
- [Commits](https://github.com/chromaui/action/compare/v10...v13)

Updates `contributor-assistant/github-action` from 2.3.2 to 2.6.1
- [Release notes](https://github.com/contributor-assistant/github-action/releases)
- [Commits](https://github.com/contributor-assistant/github-action/compare/v2.3.2...v2.6.1)

Updates `tj-actions/branch-names` from 8 to 9
- [Release notes](https://github.com/tj-actions/branch-names/releases)
- [Changelog](https://github.com/tj-actions/branch-names/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/branch-names/compare/v8...v9)

Updates `toshimaru/auto-author-assign` from 2.1.0 to 2.1.1
- [Release notes](https://github.com/toshimaru/auto-author-assign/releases)
- [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/toshimaru/auto-author-assign/compare/v2.1.0...v2.1.1)

Updates `aquasecurity/trivy-action` from 0.18.0 to 0.32.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/062f2592684a31eb3aa050cc61e7ca1451cecd3d...dc5a429b52fcf669ce959baa2c2dd26090d2a6c4)

Updates `beatlabs/delete-old-branches-action` from 0.0.10 to 0.0.11
- [Release notes](https://github.com/beatlabs/delete-old-branches-action/releases)
- [Commits](https://github.com/beatlabs/delete-old-branches-action/compare/v0.0.10...v0.0.11)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chromaui/action
  dependency-version: '13'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: contributor-assistant/github-action
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: tj-actions/branch-names
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: toshimaru/auto-author-assign
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: beatlabs/delete-old-branches-action
  dependency-version: 0.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yaml             | 12 ++++++------
 .github/workflows/contrib.yaml        |  2 +-
 .github/workflows/dogfood.yaml        |  2 +-
 .github/workflows/pr-auto-assign.yaml |  2 +-
 .github/workflows/security.yaml       |  2 +-
 .github/workflows/stale.yaml          |  2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7c58dce1e..e0ba30708 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -142,7 +142,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.19.0
+        uses: crate-ci/typos@v1.34.0
         with:
           config: .github/workflows/typos.toml
 
@@ -308,7 +308,7 @@ jobs:
           api-key: ${{ secrets.DATADOG_API_KEY }}
 
       - name: Check code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         # This action has a tendency to error out unexpectedly, it has
         # the `fail_ci_if_error` option that defaults to `false`, but
         # that is no guarantee, see:
@@ -356,7 +356,7 @@ jobs:
           api-key: ${{ secrets.DATADOG_API_KEY }}
 
       - name: Check code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         # This action has a tendency to error out unexpectedly, it has
         # the `fail_ci_if_error` option that defaults to `false`, but
         # that is no guarantee, see:
@@ -415,7 +415,7 @@ jobs:
         working-directory: site
 
       - name: Check code coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         # This action has a tendency to error out unexpectedly, it has
         # the `fail_ci_if_error` option that defaults to `false`, but
         # that is no guarantee, see:
@@ -514,7 +514,7 @@ jobs:
       # the check to pass. This is desired in PRs, but not in mainline.
       - name: Publish to Chromatic (non-mainline)
         if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
-        uses: chromaui/action@v10
+        uses: chromaui/action@v13
         env:
           NODE_OPTIONS: "--max_old_space_size=4096"
           STORYBOOK: true
@@ -545,7 +545,7 @@ jobs:
       # infinitely "in progress" in mainline unless we re-review each build.
       - name: Publish to Chromatic (mainline)
         if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
-        uses: chromaui/action@v10
+        uses: chromaui/action@v13
         env:
           NODE_OPTIONS: "--max_old_space_size=4096"
           STORYBOOK: true
diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml
index 64262c840..28bad337d 100644
--- a/.github/workflows/contrib.yaml
+++ b/.github/workflows/contrib.yaml
@@ -34,7 +34,7 @@ jobs:
     steps:
       - name: cla
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.3.2
+        uses: contributor-assistant/github-action@v2.6.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index c9069f081..28ee7ba11 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Get branch name
         id: branch-name
-        uses: tj-actions/branch-names@v8
+        uses: tj-actions/branch-names@v9
 
       - name: "Branch name to Docker tag name"
         id: docker-tag-name
diff --git a/.github/workflows/pr-auto-assign.yaml b/.github/workflows/pr-auto-assign.yaml
index e042124d0..d8210637f 100644
--- a/.github/workflows/pr-auto-assign.yaml
+++ b/.github/workflows/pr-auto-assign.yaml
@@ -14,4 +14,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Assign author
-        uses: toshimaru/auto-author-assign@v2.1.0
+        uses: toshimaru/auto-author-assign@v2.1.1
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 3acc98725..b0da9cad0 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -114,7 +114,7 @@ jobs:
           echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index e1008e75e..c31ee1b83 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -82,7 +82,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
       - name: Run delete-old-branches-action
-        uses: beatlabs/delete-old-branches-action@v0.0.10
+        uses: beatlabs/delete-old-branches-action@v0.0.11
         with:
           repo_token: ${{ github.token }}
           date: "6 months ago"