From 36ef8b2516710d70517f6b58ccd73f467fc48b91 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 14 Apr 2026 16:25:01 +0000
Subject: [PATCH] Bump the github-actions group across 2 directories with 10
 updates

Bumps the github-actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` |
| [step-security/changed-files](https://github.com/step-security/changed-files) | `47.0.1` | `47.0.5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.1` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` |
| [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.4.1` | `0.5.3` |

Bumps the github-actions group with 3 updates in the /devops/actions/build_container directory: [docker/login-action](https://github.com/docker/login-action), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [docker/build-push-action](https://github.com/docker/build-push-action).


Updates `actions/upload-artifact` from 6.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `step-security/changed-files` from 47.0.1 to 47.0.5
- [Release notes](https://github.com/step-security/changed-files/releases)
- [Commits](https://github.com/step-security/changed-files/compare/60967b822d3001fa82242f8d6b4ed46bc3600a68...2e07db73e5ccdb319b9a6c7766bd46d39d304bad)

Updates `github/codeql-action` from 4.31.9 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4.31.9...c10b8064de6f491fea524254123dbe5e09572f13)

Updates `dorny/paths-filter` from 3.0.2 to 4.0.1
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dorny/paths-filter/compare/de90cc6fb38fc0963ad72b210f1f284cd68cea36...fbd0ab8f3e69293af611ebaee6363fc25e6d187d)

Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases)
- [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/gh-action-sigstore-python/compare/a5caf349bc536fbef3668a10ed7f5cd309a4b53d...04cffa1d795717b140764e8b640de88853c92acc)

Updates `softprops/action-gh-release` from 2.5.0 to 3.0.0
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...b4309332981a82ec1c5618f44dd2e27cc8bfbfda)

Updates `zizmorcore/zizmor-action` from 0.4.1 to 0.5.3
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/135698455da5c3b3e55f73f4419e481ab68cdd95...b1d7e1fb5de872772f31590499237e7cce841e8e)

Updates `docker/login-action` from 3.6.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/5e57cd118135c172c3672efd75eb46360885c0ef...4907a6ddec9925e35a0a9e82d7399ccc52663121)

Updates `docker/setup-buildx-action` from 3.11.1 to 4.0.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/e468171a9de216ec08956ac3ada2f0791b6bd435...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd)

Updates `docker/build-push-action` from 6.18.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/263435318d21b8e681c14492fe198d362a7d2c83...bcafcacb16a39f128d818304e6c9c0c18556b85f)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: step-security/changed-files
  dependency-version: 47.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: sigstore/gh-action-sigstore-python
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/email-check.yaml        | 2 +-
 .github/workflows/pr-code-format.yml      | 4 ++--
 .github/workflows/scorecard.yml           | 2 +-
 .github/workflows/sycl-bandit.yml         | 2 +-
 .github/workflows/sycl-detect-changes.yml | 2 +-
 .github/workflows/sycl-nightly.yml        | 4 ++--
 .github/workflows/sycl-yarpgen.yml        | 2 +-
 .github/workflows/sycl-zizmor.yml         | 2 +-
 devops/actions/build_container/action.yml | 6 +++---
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 4b6fb0237ba3b..e2253c1a4dc9d 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -40,7 +40,7 @@ jobs:
           [{"body" : "$COMMENT"}]
           EOF
 
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         if: always()
         with:
           name: workflow-args
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 0686b5d781466..20df85b061689 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -27,7 +27,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: step-security/changed-files@60967b822d3001fa82242f8d6b4ed46bc3600a68 # v47.0.1
+        uses: step-security/changed-files@2e07db73e5ccdb319b9a6c7766bd46d39d304bad # v47.0.5
         with:
           separator: ","
           skip_initial_fetch: true
@@ -83,7 +83,7 @@ jobs:
             --end-rev HEAD \
             --changed-files "$CHANGED_FILES"
 
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         if: always()
         with:
           name: workflow-args
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 825dd05ccd298..576abba968a91 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/sycl-bandit.yml b/.github/workflows/sycl-bandit.yml
index 0f55e69345897..0769b3ab3cdda 100644
--- a/.github/workflows/sycl-bandit.yml
+++ b/.github/workflows/sycl-bandit.yml
@@ -35,6 +35,6 @@ jobs:
         run: |
           bandit -c devops/bandit.config -r . --exit-zero -f sarif -o bandit_results.sarif
 
-      - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+      - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: bandit_results.sarif
diff --git a/.github/workflows/sycl-detect-changes.yml b/.github/workflows/sycl-detect-changes.yml
index 1153603b85da6..ffb1d7ee5b5f0 100644
--- a/.github/workflows/sycl-detect-changes.yml
+++ b/.github/workflows/sycl-detect-changes.yml
@@ -24,7 +24,7 @@ jobs:
           echo "changed_file_cnt=${{ github.event.pull_request.changed_files }}" >> $GITHUB_OUTPUT
 
       - name: Check file changes
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
+        uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d
         if: steps.changed_files.outputs.changed_file_cnt < 500
         id: changes
         with:
diff --git a/.github/workflows/sycl-nightly.yml b/.github/workflows/sycl-nightly.yml
index b33b8ac4d759c..7185d8371220e 100644
--- a/.github/workflows/sycl-nightly.yml
+++ b/.github/workflows/sycl-nightly.yml
@@ -453,7 +453,7 @@ jobs:
       with:
         name: sycl_windows_default
     - name: Sign with sigstore/cosign
-      uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d # v3.2.0
+      uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc # v3.3.0
       with:
         inputs: sycl_linux.tar.gz sycl_windows.tar.gz
     - name: Compute tag
@@ -466,7 +466,7 @@ jobs:
           echo "TAG=${{ needs.get_date.outputs.date }}-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
         fi
     - name: Upload binaries
-      uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
+      uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
       with:
         files: |
           sycl_linux.tar.gz
diff --git a/.github/workflows/sycl-yarpgen.yml b/.github/workflows/sycl-yarpgen.yml
index 4db356fb34e3e..6c6f1a04a4285 100644
--- a/.github/workflows/sycl-yarpgen.yml
+++ b/.github/workflows/sycl-yarpgen.yml
@@ -77,7 +77,7 @@ jobs:
     - name: Pack results
       run: tar -czf yarpgen_results.tar.gz yarpgen/testing
 
-    - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+    - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: yarpgen_results
         path: yarpgen_results.tar.gz
diff --git a/.github/workflows/sycl-zizmor.yml b/.github/workflows/sycl-zizmor.yml
index b6ac427a28056..7f42e95c6e855 100644
--- a/.github/workflows/sycl-zizmor.yml
+++ b/.github/workflows/sycl-zizmor.yml
@@ -40,4 +40,4 @@ jobs:
             devops/actions/**/*.yml
 
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95 # v0.4.1
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
diff --git a/devops/actions/build_container/action.yml b/devops/actions/build_container/action.yml
index 6a418553c5e23..d86237d085765 100644
--- a/devops/actions/build_container/action.yml
+++ b/devops/actions/build_container/action.yml
@@ -26,15 +26,15 @@ runs:
   using: "composite"
   steps:
   - name: Login to GitHub Container Registry
-    uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+    uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
     with:
       registry: ghcr.io
       username: ${{ inputs.username }}
       password: ${{ inputs.password }}
   - name: Set up Docker Buildx
-    uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+    uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
   - name: Build and Push Container
-    uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+    uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
     with:
       push: ${{ inputs.push }}
       tags: ${{ inputs.tags }}