From 34ea1bbe739764378ba0c09fd251113ea56f4227 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 10 Aug 2025 01:43:32 +0000
Subject: [PATCH] [GITHUB-ACTIONS] Bump the github-actions group with 4 updates

Bumps the github-actions group with 4 updates: [actions/create-github-app-token](https://github.com/actions/create-github-app-token), [actions/download-artifact](https://github.com/actions/download-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action).


Updates `actions/create-github-app-token` from 2.0.6 to 2.1.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/df432ceedc7162793a195dd1713ff69aefc7379e...0f859bf9e69e887678d5bbfbee594437cb440ffe)

Updates `actions/download-artifact` from 4.3.0 to 5.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...634f93cb2916e3fdff6788551b99b062d0335ce0)

Updates `github/codeql-action` from 3.29.7 to 3.29.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...76621b61decf072c1cee8dd1ce2d2a82d33c17ed)

Updates `bridgecrewio/checkov-action` from 12.3046.0 to 12.3047.0
- [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
- [Commits](https://github.com/bridgecrewio/checkov-action/compare/c903af70b3b45a75049af3b64f5e15db11ea76de...649c937994abeb41d49eb821f09f110ff721dd2e)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 3.29.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: bridgecrewio/checkov-action
  dependency-version: 12.3047.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cd-staging.yaml          | 2 +-
 .github/workflows/ci.yaml                  | 2 +-
 .github/workflows/reusable-codeql.yaml     | 4 ++--
 .github/workflows/reusable-pre-commit.yaml | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/cd-staging.yaml b/.github/workflows/cd-staging.yaml
index 39d2a14..85b6c36 100644
--- a/.github/workflows/cd-staging.yaml
+++ b/.github/workflows/cd-staging.yaml
@@ -41,7 +41,7 @@ jobs:
       # instead of PAT, github_app_id and github_app_pem_file are used by this workflow because
       # we have tag-based ruleset in place to restrict ACTOR from bypassing tag protection.
       id: generate-token
-      uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0
       with:
         app-id: ${{ secrets.SECRET_GITHUB_APP_ID }}
         private-key: ${{ secrets.SECRET_GITHUB_APP_PEM_FILE }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 394751d..1ede3ce 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -89,7 +89,7 @@ jobs:
     - name: Download distributions
       if: ${{ github.event.repository.language == 'Python' }}
       id: artifact-download
-      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 #v4.3.0
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
       with:
         artifact-ids: "${{ needs.build-test.outputs.ARTIFACT_ID }}"
         run-id: "${{ needs.build-test.outputs.WORKFLOW_RUN_ID }}"
diff --git a/.github/workflows/reusable-codeql.yaml b/.github/workflows/reusable-codeql.yaml
index 66e3b22..8b05829 100644
--- a/.github/workflows/reusable-codeql.yaml
+++ b/.github/workflows/reusable-codeql.yaml
@@ -34,13 +34,13 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
       with:
         languages: ${{ matrix.language }}
         queries: security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
       with:
         output: codeql-results/
 
diff --git a/.github/workflows/reusable-pre-commit.yaml b/.github/workflows/reusable-pre-commit.yaml
index 0f4ed19..bf1282c 100644
--- a/.github/workflows/reusable-pre-commit.yaml
+++ b/.github/workflows/reusable-pre-commit.yaml
@@ -68,7 +68,7 @@ jobs:
 
     - name: Run Checkov Github Action
       id: checkov
-      uses: bridgecrewio/checkov-action@c903af70b3b45a75049af3b64f5e15db11ea76de # v12.3046.0
+      uses: bridgecrewio/checkov-action@649c937994abeb41d49eb821f09f110ff721dd2e # v12.3047.0
       with:
         log_level: WARNING
         quiet: false