chore(actions): bump the github-actions-updates group across 1 directory with 11 updates

.github/workflows/_build_container.yml

@@ -48,12 +48,12 @@ jobs:
       image_tag: ${{ steps.build.outputs.image_tag }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2  # v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd  # v3
       - name: Log in to GitHub Container Registry
         if: ${{ inputs.push }}
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567  # v3
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121  # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/_build_package.yml

@@ -41,7 +41,7 @@ jobs:
       metadata: ${{ steps.build.outputs.metadata }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           fetch-depth: 0
       - name: "Set up build toolchain"
@@ -58,7 +58,7 @@ jobs:
           SHA=$(find dist/ -type f | sort | xargs sha256sum | sha256sum | awk '{print $1}')
           echo "metadata=${SHA}" >> "$GITHUB_OUTPUT"
       - name: Upload build artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: build-artifact-${{ inputs.build_type }}-${{ github.run_id }}
           path: dist/

.github/workflows/_docs.yml

@@ -45,11 +45,11 @@ jobs:
       deployed_url: ${{ steps.dest.outputs.path }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: "3.x"
       - name: Configure Git Credentials
@@ -62,21 +62,21 @@ jobs:
           hatch run docs:mkdocs --version
       - name: Download unit test coverage
         if: ${{ inputs.include_coverage }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           pattern: coverage-report-unit-*
           path: docs/coverage/unit
           merge-multiple: true
       - name: Download integration test coverage
         if: ${{ inputs.include_coverage }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           pattern: coverage-report-integration-*
           path: docs/coverage/integration
           merge-multiple: true
       - name: Download e2e test coverage
         if: ${{ inputs.include_coverage }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           pattern: coverage-report-e2e-*
           path: docs/coverage/e2e

.github/workflows/_link-check.yml

@@ -36,7 +36,7 @@ jobs:
       report_content: ${{ steps.read-report.outputs.content }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Run lychee link checker
         uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411  # v2
         id: lychee

.github/workflows/_pr_comment.yml

@@ -29,7 +29,7 @@ jobs:
       - name: "Download PR Number Artifact"
         # Wait, how does it know the PR number? The `development.yml` needs to upload the PR number as an artifact
         # so this workflow can read it. Let's write the script to find the PR associated with the commit.
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b  # v7
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3  # v9.0.0
         with:
           script: |-
             const workflowRun = context.payload.workflow_run;

.github/workflows/_quality.yml

@@ -28,9 +28,9 @@ jobs:
         python-version: ${{ fromJson(inputs.python_versions) }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: "Set up Python ${{ matrix.python-version }}"
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: "Install uv"
@@ -49,9 +49,9 @@ jobs:
         python-version: ${{ fromJson(inputs.python_versions) }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: "Set up Python ${{ matrix.python-version }}"
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: "Install uv"

.github/workflows/_security.yml

@@ -18,19 +18,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           fetch-depth: 0
       - name: Run TruffleHog
-        uses: trufflesecurity/trufflehog@8a12e8e2fb6f3c4a4294a8e63b3659af6c08cfe3  # main
+        uses: trufflesecurity/trufflehog@6c542a5ae69ddd1214cb9dcb57ec2efbaf9ee42d  # main
         with:
           path: ./
   dependency-audit:
     name: "Dependency Vulnerability Scan"
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Set up toolchain
         run: pip install pip-audit hatch
       - name: Run dependency vulnerability scan
@@ -40,7 +40,7 @@ jobs:
           pip-audit -r requirements.txt --output json -o audit.json
       - name: Upload SCA results
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: sca-results-${{ github.run_id }}
           path: audit.json

.github/workflows/_tests.yml

@@ -68,9 +68,9 @@ jobs:
       coverage_location: "coverage/"
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: "Set up Python ${{ matrix.python-version }}"
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: "Install uv"
@@ -105,7 +105,7 @@ jobs:
           fi
       - name: Upload test results
         if: ${{ inputs.publish_results }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: test-results-${{ matrix.test-config.level }}-py${{ matrix.python-version }}-${{
             github.run_id }}
@@ -114,7 +114,7 @@ jobs:
           if-no-files-found: warn
       - name: Upload coverage report
         if: ${{ inputs.publish_results && (inputs.generate_coverage == true || matrix.test-config.coverage == true) }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a  # v7.0.1
         with:
           name: coverage-report-${{ matrix.test-config.level }}-py${{ matrix.python-version
             }}-${{ github.run_id }}

.github/workflows/development.yml

@@ -31,9 +31,9 @@ jobs:
       docs: ${{ steps.filter.outputs.docs }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Check for docs changes
-        uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590  # v3
+        uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d  # v4.0.1
         id: filter
         with:
           filters: |

.github/workflows/development_cleanup.yml

@@ -22,11 +22,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065  # v5
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405  # v6.2.0
         with:
           python-version: "3.x"
       - name: Configure Git Credentials

.github/workflows/nightly.yml

@@ -27,7 +27,7 @@ jobs:
       has_changes: ${{ steps.check.outputs.has_changes }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
         with:
           fetch-depth: 0
       - name: Check for recent commits
@@ -113,14 +113,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Download build artifact
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v4
         with:
           name: build-artifact-nightly-${{ github.run_id }}
           path: dist/
       - name: Generate artifact attestations
-        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2  # v1.5.1
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32  # v1.5.1
         with:
           subject-path: dist/*
 #       - name: Publish to PyPI

.github/workflows/release.yml

@@ -73,14 +73,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - name: Download build artifact
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16  # v4
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c  # v4
         with:
           name: build-artifact-release-${{ github.run_id }}
           path: dist/
       - name: Generate artifact attestations
-        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2  # v1.5.1
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32  # v1.5.1
         with:
           subject-path: dist/*
 #       - name: Publish to PyPI
@@ -89,7 +89,7 @@ jobs:
 #           packages-dir: dist/
       - name: Create GitHub Release
         if: ${{ github.ref_type == 'tag' }}
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191  # v2.0.8
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda  # v3.0.0
         with:
           files: dist/*
           generate_release_notes: true