From 8a9d5b2c11296d93cad5f2587e113acc85d34b5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 09:20:55 +0000 Subject: [PATCH] chore(deps): bump the actions group with 3 updates Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [renovatebot/github-action](https://github.com/renovatebot/github-action) and [rust-lang/crates-io-auth-action](https://github.com/rust-lang/crates-io-auth-action). Updates `actions/checkout` from 6.0.3 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `renovatebot/github-action` from 46.1.15 to 46.1.16 - [Release notes](https://github.com/renovatebot/github-action/releases) - [Changelog](https://github.com/renovatebot/github-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/renovatebot/github-action/compare/8217b3fc286df088d7c27f3255fe8414463bc0fd...6d859fc95779be83a0335ca704879b47e5d79641) Updates `rust-lang/crates-io-auth-action` from 1.0.4 to 1.0.5 - [Release notes](https://github.com/rust-lang/crates-io-auth-action/releases) - [Commits](https://github.com/rust-lang/crates-io-auth-action/compare/bbd81622f20ce9e2dd9622e3218b975523e45bbe...c6f97d42243bad5fab37ca0427f495c86d5b1a18) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: renovatebot/github-action dependency-version: 46.1.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: rust-lang/crates-io-auth-action dependency-version: 1.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/javascript-npm-packages.yml | 4 ++-- .github/workflows/renovate.yml | 2 +- .github/workflows/rust-packages.yml | 16 ++++++++-------- .github/workflows/security-gate.yml | 4 ++-- .github/workflows/security.yml | 4 ++-- .github/workflows/self-lint.yml | 6 +++--- .github/workflows/self-release.yml | 2 +- .github/workflows/self-security.yml | 4 ++-- .github/workflows/self-test.yml | 18 +++++++++--------- 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/javascript-npm-packages.yml b/.github/workflows/javascript-npm-packages.yml index ad7fd9e..b4b3098 100644 --- a/.github/workflows/javascript-npm-packages.yml +++ b/.github/workflows/javascript-npm-packages.yml @@ -36,7 +36,7 @@ jobs: if: ${{ github.ref_type == 'branch' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: coroboros/ci/.github/actions/check-docs@v0 - uses: coroboros/ci/.github/actions/javascript/base@v0 @@ -51,7 +51,7 @@ jobs: contents: write # for GitHub Release creation + commit-back to main id-token: write # for npm OIDC Trusted Publisher steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: main fetch-depth: 0 diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 9611533..4e224ff 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -17,7 +17,7 @@ jobs: renovate: runs-on: ubuntu-latest steps: - - uses: renovatebot/github-action@8217b3fc286df088d7c27f3255fe8414463bc0fd # v46.1.15 + - uses: renovatebot/github-action@6d859fc95779be83a0335ca704879b47e5d79641 # v46.1.16 with: token: ${{ secrets.RENOVATE_TOKEN }} env: diff --git a/.github/workflows/rust-packages.yml b/.github/workflows/rust-packages.yml index 5094f25..0593e07 100644 --- a/.github/workflows/rust-packages.yml +++ b/.github/workflows/rust-packages.yml @@ -29,7 +29,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: coroboros/ci/.github/actions/check-docs@v0 - uses: coroboros/ci/.github/actions/rust/base@v0 @@ -40,7 +40,7 @@ jobs: if: ${{ github.ref_type == 'branch' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: coroboros/ci/.github/actions/rust/native-deps@v0 - name: Verify the published crate builds shell: bash @@ -54,7 +54,7 @@ jobs: matrix: ${{ steps.plan.outputs.matrix }} tap: ${{ steps.detect.outputs.tap }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} @@ -112,7 +112,7 @@ jobs: env: CARGO_DIST_TARGET: "${{ join(matrix.targets, ' ') }}" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} @@ -155,7 +155,7 @@ jobs: env: CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: main fetch-depth: 0 @@ -173,7 +173,7 @@ jobs: - name: Mint a short-lived crates.io token via OIDC id: auth if: ${{ env.CARGO_REGISTRY_TOKEN == '' }} - uses: rust-lang/crates-io-auth-action@bbd81622f20ce9e2dd9622e3218b975523e45bbe # v1.0.4 + uses: rust-lang/crates-io-auth-action@c6f97d42243bad5fab37ca0427f495c86d5b1a18 # v1.0.5 - name: Publish to crates.io shell: bash @@ -208,7 +208,7 @@ jobs: permissions: contents: write # upload release assets + undraft the release publish created steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} @@ -324,7 +324,7 @@ jobs: - name: Checkout Homebrew tap if: ${{ env.HOMEBREW_TAP_TOKEN != '' && needs.dist-plan.outputs.tap != '' }} - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: ${{ needs.dist-plan.outputs.tap }} token: ${{ secrets.HOMEBREW_TAP_TOKEN }} diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml index 900dfa5..c970213 100644 --- a/.github/workflows/security-gate.yml +++ b/.github/workflows/security-gate.yml @@ -11,7 +11,7 @@ jobs: scan-supply-chain: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - id: detect name: Route supply-chain scan by ecosystem @@ -38,7 +38,7 @@ jobs: scan-secrets: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: coroboros/ci/.github/actions/security/gitleaks@v0 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index ce4c9fd..cb2cfd0 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v4 with: fail-on-severity: high @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - id: detect name: Detect a Rust manifest shell: bash diff --git a/.github/workflows/self-lint.yml b/.github/workflows/self-lint.yml index fd8746d..9fbacf8 100644 --- a/.github/workflows/self-lint.yml +++ b/.github/workflows/self-lint.yml @@ -18,7 +18,7 @@ jobs: check-actions: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install actionlint shell: bash @@ -41,7 +41,7 @@ jobs: check-yaml: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install yamllint shell: bash @@ -54,7 +54,7 @@ jobs: check-shell: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Run shellcheck on inline workflow scripts uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 env: diff --git a/.github/workflows/self-release.yml b/.github/workflows/self-release.yml index 1f817cc..c0c97f3 100644 --- a/.github/workflows/self-release.yml +++ b/.github/workflows/self-release.yml @@ -18,7 +18,7 @@ jobs: permissions: contents: write # force-push the rolling major tag steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Move rolling major tag shell: bash diff --git a/.github/workflows/self-security.yml b/.github/workflows/self-security.yml index 44020ee..8f207ff 100644 --- a/.github/workflows/self-security.yml +++ b/.github/workflows/self-security.yml @@ -14,7 +14,7 @@ jobs: scan-secrets: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: ./.github/actions/security/gitleaks @@ -22,7 +22,7 @@ jobs: scan-deps: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/security/osv-scanner security-gate: diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml index 0b66149..53cef7f 100644 --- a/.github/workflows/self-test.yml +++ b/.github/workflows/self-test.yml @@ -19,7 +19,7 @@ jobs: test-verify-tag: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Pass — HEAD matches the run SHA uses: ./.github/actions/release/verify-tag - name: Move HEAD so it diverges from the run SHA @@ -42,7 +42,7 @@ jobs: test-generate-changelog: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: SemVer gate rejects a non-tag ref id: gate continue-on-error: true @@ -57,7 +57,7 @@ jobs: test-commit-artifacts: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: _src - name: Build a fixture repo + local bare remote @@ -105,7 +105,7 @@ jobs: test-cargo-deny: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Plant a forbidden consumer override shell: bash run: | @@ -131,7 +131,7 @@ jobs: os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: ./.github/actions/rust/install-dist - name: Assert dist is installed and runnable shell: bash @@ -143,7 +143,7 @@ jobs: test-native-deps: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Plant a fixture ci/setup.sh that records CARGO_DIST_TARGET shell: bash run: | @@ -177,7 +177,7 @@ jobs: test-test-deps: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Absent hooks → no-op uses: ./.github/actions/rust/test-deps - name: Plant ci/test.env and ci/test-setup.sh @@ -205,7 +205,7 @@ jobs: env: NPM_CONFIG_FILE: "registry=https://registry.npmjs.org/" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: _src - name: Stage the npm fixture at the workspace root @@ -224,7 +224,7 @@ jobs: test-rust-base: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: _src - name: Stage the rust fixture at the workspace root