From 4052fb010e88bb6d073d88f3c5300569e128dc0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Dec 2025 19:02:20 +0000 Subject: [PATCH] chore(deps): bump the github group across 1 directory with 3 updates Bumps the github group with 3 updates in the / directory: [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [actions/cache](https://github.com/actions/cache). Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f) Updates `actions/attest-build-provenance` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/977bb373ede98d70efdf65b84cb5f73e068dcc2a...00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8) Updates `actions/cache` from 4.3.0 to 5.0.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github - dependency-name: actions/attest-build-provenance dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github - dependency-name: actions/cache dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github ... Signed-off-by: dependabot[bot] --- .github/workflows/lambda.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/terraform.yml | 6 +++--- .github/workflows/update-docs.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml index 4b9103fcd0..a14a3a0dc3 100644 --- a/.github/workflows/lambda.yml +++ b/.github/workflows/lambda.yml @@ -46,7 +46,7 @@ jobs: - name: Build distribution run: yarn build - name: Upload coverage report - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: ${{ failure() }} with: name: coverage-reports diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index f4b284c78e..a097c27344 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e449cfef7..dd69c19333 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,7 +58,7 @@ jobs: - name: Attest if: ${{ steps.release.outputs.releases_created == 'true' }} id: attest - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 with: subject-path: '${{ github.workspace }}/lambdas/functions/**/*.zip' - name: Update release notes with attestation diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 33d0740dbf..2f6c8d6ba1 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -57,7 +57,7 @@ jobs: run: apk add --no-cache tar continue-on-error: true - if: contains(matrix.terraform, '1.5.') - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 name: Cache TFLint plugin dir with: path: ~/.tflint.d/plugins @@ -123,7 +123,7 @@ jobs: run: apk add --no-cache tar continue-on-error: true - if: contains(matrix.terraform, '1.3.') - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 name: Cache TFLint plugin dir with: path: ~/.tflint.d/plugins @@ -188,7 +188,7 @@ jobs: run: apk add --no-cache tar continue-on-error: true - if: contains(matrix.terraform, '1.5.') - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 name: Cache TFLint plugin dir with: path: ~/.tflint.d/plugins diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index ba282c6a08..565f893f23 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -87,7 +87,7 @@ jobs: with: python-version: 3.x - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: key: mkdocs-material-${{ env.cache_id }} path: .cache