From 9a49b7cf33793c56214b0cc221578c1cbb9c04c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 15:39:27 +0000 Subject: [PATCH] Bump the github-actions group with 6 updates Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.3` | `4.3.3` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.1.4` | | [actions/setup-python](https://github.com/actions/setup-python) | `4.7.1` | `5.1.0` | | [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) | `2.7.0` | `2.9.0` | | [tj-actions/glob](https://github.com/tj-actions/glob) | `17.3.0` | `21.0.0` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `1.9.0` | `2.0.0` | Updates `actions/upload-artifact` from 3.1.3 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...65462800fd760344b1a7b4382951275a0abb4808) Updates `actions/checkout` from 4.1.1 to 4.1.4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...0ad4b8fadaa221de15dcec353f45205ec38ea70b) Updates `actions/setup-python` from 4.7.1 to 5.1.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236...82c7e631bb3cdc910f68e0081d67478d79c6982d) Updates `svenstaro/upload-release-action` from 2.7.0 to 2.9.0 - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/1beeb572c19a9242f4361f4cee78f8e0d9aec5df...04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd) Updates `tj-actions/glob` from 17.3.0 to 21.0.0 - [Release notes](https://github.com/tj-actions/glob/releases) - [Changelog](https://github.com/tj-actions/glob/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/glob/compare/ac7d983dd3677ab0879d703cfdbde78676cdfaad...2b2eb154193dc39d3012743ab3bf2c89e3aa6019) Updates `slsa-framework/slsa-github-generator` from 1.9.0 to 2.0.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.9.0...v2.0.0) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: tj-actions/glob dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/cifuzz.yml | 2 +- .github/workflows/cmake.yml | 8 ++++---- .github/workflows/cross_build.yml | 2 +- .github/workflows/wheel.yml | 12 ++++++------ 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index b93b8449..13d099d2 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -23,7 +23,7 @@ jobs: dry-run: false language: c++ - name: Upload Crash - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: failure() && steps.build.outcome == 'success' with: name: artifacts diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 651a174a..5642a75b 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -26,8 +26,8 @@ jobs: contents: write # svenstaro/upload-release-action steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3.x' architecture: ${{matrix.arch}} @@ -67,13 +67,13 @@ jobs: python setup.py bdist_wheel - name: Upload artifcacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: path: ./build/*.7z - name: Upload Release Assets if: startsWith(github.ref, 'refs/tags/') - uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2.7.0 + uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ./build/*.7z diff --git a/.github/workflows/cross_build.yml b/.github/workflows/cross_build.yml index 17340ef1..bbf28d7c 100644 --- a/.github/workflows/cross_build.yml +++ b/.github/workflows/cross_build.yml @@ -20,7 +20,7 @@ jobs: arch: [ i686, arm, aarch64, riscv64, powerpc, powerpc64, powerpc64le, s390x, sparc64, m68k, sh4, alpha ] steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install cross tools run: | diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml index b9eebdfc..87d0fd65 100644 --- a/.github/workflows/wheel.yml +++ b/.github/workflows/wheel.yml @@ -27,8 +27,8 @@ jobs: contents: write # svenstaro/upload-release-action steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: "3.x" @@ -74,7 +74,7 @@ jobs: run: sh build_sdist.sh - name: Fetch sdist archive - uses: tj-actions/glob@ac7d983dd3677ab0879d703cfdbde78676cdfaad # v17.3.0 + uses: tj-actions/glob@2b2eb154193dc39d3012743ab3bf2c89e3aa6019 # v21.0.0 id: sdist with: files: ./python/dist/*.tar.gz @@ -88,7 +88,7 @@ jobs: run: cp -f dist/*.tar.gz wheelhouse/ - name: Upload artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: path: | ./python/wheelhouse/*.whl @@ -96,7 +96,7 @@ jobs: - name: Upload wheel release if: startsWith(github.ref, 'refs/tags/') - uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2.7.0 + uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2.9.0 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ./python/wheelhouse/* @@ -146,7 +146,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.gather-disgests.outputs.digests }}" upload-assets: true # Optional: Upload to a new release