ci: bump the github-actions group with 4 updates

Bumps the github-actions group with 4 updates: [github/codeql-action](https://github.com/github/codeql-action), [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release), [python-semantic-release/upload-to-gh-release](https://github.com/python-semantic-release/upload-to-gh-release) and [hynek/build-and-inspect-python-package](https://github.com/hynek/build-and-inspect-python-package). Updates `github/codeql-action` from 3.25.5 to 3.25.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b7cec75...f079b84) Updates `python-semantic-release/python-semantic-release` from 9.7.3 to 9.8.0 - [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases) - [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.md) - [Commits](python-semantic-release/python-semantic-release@9555482...31a691e) Updates `python-semantic-release/upload-to-gh-release` from 0f96c02a48278aff14251e9f1a0d73122a8c638b to 477a4045c717b615cd9018a0c40499f9c12bb12e - [Release notes](https://github.com/python-semantic-release/upload-to-gh-release/releases) - [Changelog](https://github.com/python-semantic-release/upload-to-gh-release/blob/main/releaserc.toml) - [Commits](python-semantic-release/upload-to-gh-release@0f96c02...477a404) Updates `hynek/build-and-inspect-python-package` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/hynek/build-and-inspect-python-package/releases) - [Changelog](https://github.com/hynek/build-and-inspect-python-package/blob/main/CHANGELOG.md) - [Commits](hynek/build-and-inspect-python-package@4aea7de...b4fc3f6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: python-semantic-release/python-semantic-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: python-semantic-release/upload-to-gh-release dependency-type: direct:production dependency-group: github-actions - dependency-name: hynek/build-and-inspect-python-package dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
afuetterer · Jun 1, 2024 · 3e936dc · 3e936dc
1 parent 8427f6a
commit 3e936dc
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -21,8 +21,8 @@ jobs:
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       # Ref: https://github.com/github/codeql-action
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
       with:
         languages: python
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -32,12 +32,12 @@ jobs:
         token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
     - name: Create semantic release
       id: release
-      uses: python-semantic-release/python-semantic-release@9555482f978fee890bd79b2ebac3095a20217375 # v9.7.3
+      uses: python-semantic-release/python-semantic-release@31a691e771e103d6b9c70baafc75fb2cc9f48207 # v9.8.0
       with:
         # allows for python-semantic-release to push to protected main branch
         github_token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
     - name: Publish package to GitHub Release
-      uses: python-semantic-release/upload-to-gh-release@0f96c02a48278aff14251e9f1a0d73122a8c638b
+      uses: python-semantic-release/upload-to-gh-release@477a4045c717b615cd9018a0c40499f9c12bb12e
       if: ${{ steps.release.outputs.released }} == 'true'
       with:
         github_token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -39,6 +39,6 @@ jobs:
 
     # required for Code scanning alerts
     - name: Upload SARIF results to code scanning
-      uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+      uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -97,4 +97,4 @@ jobs:
     steps:
     - run: sudo apt-get install tree # workaround for "tree: command not found" in baipp
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-    - uses: hynek/build-and-inspect-python-package@4aea7de65ba374f49b5f549cd471b61de2ef19d3 # v2.5.0
+    - uses: hynek/build-and-inspect-python-package@b4fc3f6ba2b3da04f09659be99e2a29fb6146a61 # v2.6.0