From db0f8a27087da5dabaae295d035d60ff5784ac48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 18:06:18 +0000 Subject: [PATCH] Bump the all-actions group with 9 updates Bumps the all-actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [advanced-security/reusable-workflows/.github/workflows/codeql-ql.yml](https://github.com/advanced-security/reusable-workflows) | `a0e88ede84d03cd069b01d18540db7fc86c52cf8` | `c803ebcd54d7d848a28a895c465a9df0ecb9c320` | | [advanced-security/codeql-development-mcp-server](https://github.com/advanced-security/codeql-development-mcp-server) | `2.25.0` | `2.25.6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `actions/cache` from 4.3.0 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `advanced-security/reusable-workflows/.github/workflows/codeql-ql.yml` from a0e88ede84d03cd069b01d18540db7fc86c52cf8 to c803ebcd54d7d848a28a895c465a9df0ecb9c320 - [Release notes](https://github.com/advanced-security/reusable-workflows/releases) - [Commits](https://github.com/advanced-security/reusable-workflows/compare/a0e88ede84d03cd069b01d18540db7fc86c52cf8...c803ebcd54d7d848a28a895c465a9df0ecb9c320) Updates `advanced-security/codeql-development-mcp-server` from 2.25.0 to 2.25.6 - [Release notes](https://github.com/advanced-security/codeql-development-mcp-server/releases) - [Changelog](https://github.com/advanced-security/codeql-development-mcp-server/blob/main/CHANGELOG.md) - [Commits](https://github.com/advanced-security/codeql-development-mcp-server/compare/de78423de19152f49ed45d1df6e7b70f721132c8...b3a4b770e475ffc8f974830d084a51b417ead8ae) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: advanced-security/reusable-workflows/.github/workflows/codeql-ql.yml dependency-version: c803ebcd54d7d848a28a895c465a9df0ecb9c320 dependency-type: direct:production dependency-group: all-actions - dependency-name: advanced-security/codeql-development-mcp-server dependency-version: 2.25.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/cds-extractor-dist-bundle.yml | 2 +- .github/workflows/code_scanning.yml | 6 +++--- .github/workflows/codeql-ql.yml | 2 +- .github/workflows/copilot-setup-steps.yml | 4 ++-- .github/workflows/ql-unit-tests-linux.yml | 6 +++--- .github/workflows/ql-unit-tests-windows.yml | 8 ++++---- .github/workflows/release-codeql.yml | 2 +- .github/workflows/release-tag.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/update-codeql.yml | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/cds-extractor-dist-bundle.yml b/.github/workflows/cds-extractor-dist-bundle.yml index 00ec6c9fb..1e43bead6 100644 --- a/.github/workflows/cds-extractor-dist-bundle.yml +++ b/.github/workflows/cds-extractor-dist-bundle.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: '20' cache: 'npm' diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 49bdfc8eb..16ef752f5 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -63,11 +63,11 @@ jobs: CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"run-queries":["--additional-packs","${{ github.workspace }}/javascript/frameworks/xsjs/ext:${{ github.workspace }}/javascript/frameworks/cap/ext:${{ github.workspace }}/javascript/frameworks/ui5/ext"],"interpret-results":["--additional-packs","${{ github.workspace }}/javascript/frameworks/xsjs/ext:${{ github.workspace }}/javascript/frameworks/cap/ext:${{ github.workspace }}/javascript/frameworks/ui5/ext"]}}' - name: Setup Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.10" - - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip @@ -84,7 +84,7 @@ jobs: - name: Upload sarif change if: steps.validate.outcome != 'success' - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: sarif path: | diff --git a/.github/workflows/codeql-ql.yml b/.github/workflows/codeql-ql.yml index 448d4d507..d6a3cdebb 100644 --- a/.github/workflows/codeql-ql.yml +++ b/.github/workflows/codeql-ql.yml @@ -12,5 +12,5 @@ permissions: jobs: codeql: - uses: advanced-security/reusable-workflows/.github/workflows/codeql-ql.yml@a0e88ede84d03cd069b01d18540db7fc86c52cf8 # main + uses: advanced-security/reusable-workflows/.github/workflows/codeql-ql.yml@c803ebcd54d7d848a28a895c465a9df0ecb9c320 # main secrets: inherit diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 507050fcb..d37a5f241 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Copilot Setup - Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: cache: 'npm' cache-dependency-path: 'extractors/cds/tools/package-lock.json' @@ -52,7 +52,7 @@ jobs: echo "Generated .codeql-version: $(cat .codeql-version)" - name: Copilot Setup - Setup CodeQL environment - uses: advanced-security/codeql-development-mcp-server/.github/actions/setup-codeql-environment@de78423de19152f49ed45d1df6e7b70f721132c8 # main + uses: advanced-security/codeql-development-mcp-server/.github/actions/setup-codeql-environment@b3a4b770e475ffc8f974830d084a51b417ead8ae # main with: install-language-runtimes: false diff --git a/.github/workflows/ql-unit-tests-linux.yml b/.github/workflows/ql-unit-tests-linux.yml index 875008c23..9e83418e6 100644 --- a/.github/workflows/ql-unit-tests-linux.yml +++ b/.github/workflows/ql-unit-tests-linux.yml @@ -80,7 +80,7 @@ jobs: qlt query run install-packs - name: Setup Node.js for CDS compilation - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: '20' cache: 'npm' @@ -123,7 +123,7 @@ jobs: --work-dir $RUNNER_TMP - name: Upload test results - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }} path: | @@ -148,7 +148,7 @@ jobs: - name: Collect test results - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 - name: Validate test results run: | diff --git a/.github/workflows/ql-unit-tests-windows.yml b/.github/workflows/ql-unit-tests-windows.yml index 6544b4edb..0de9c1b3e 100644 --- a/.github/workflows/ql-unit-tests-windows.yml +++ b/.github/workflows/ql-unit-tests-windows.yml @@ -155,7 +155,7 @@ jobs: Write-Host "QL pack installation complete" - name: Setup Node.js for CDS compilation - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: "20" cache: "npm" @@ -287,7 +287,7 @@ jobs: - name: Upload test results if: ${{ always() }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: windows-test-results-${{ matrix.test_suite }} path: | @@ -297,7 +297,7 @@ jobs: - name: Upload CAP test artifacts if: ${{ always() && (matrix.test_suite == 'cap-models' || matrix.test_suite == 'cap-queries') }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: windows-cap-debug-${{ matrix.test_suite }} path: | @@ -315,7 +315,7 @@ jobs: uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download test results - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: windows-test-results-* path: test-results/ diff --git a/.github/workflows/release-codeql.yml b/.github/workflows/release-codeql.yml index 9a3998da3..51a357259 100644 --- a/.github/workflows/release-codeql.yml +++ b/.github/workflows/release-codeql.yml @@ -101,7 +101,7 @@ jobs: run: ./scripts/bundle-packs.sh --output-dir dist-packs - name: CodeQL - Upload pack artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codeql-pack-bundles-${{ steps.version.outputs.version }} path: dist-packs/*.tar.gz diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 85e7bfe12..bd9e86c77 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -149,7 +149,7 @@ jobs: - name: Tag - Setup Node.js for CDS compilation if: steps.needs-creation.outputs.needed == 'true' - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: '20' cache: 'npm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1c7bbd694..39ed5137a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -130,13 +130,13 @@ jobs: steps: - name: Release - Download CodeQL pack artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: codeql-pack-bundles-${{ needs.resolve-version.outputs.version }} path: dist-packs - name: Release - Create GitHub Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: files: | dist-packs/*.tar.gz diff --git a/.github/workflows/update-codeql.yml b/.github/workflows/update-codeql.yml index ca3ef80f9..a0f6608ad 100644 --- a/.github/workflows/update-codeql.yml +++ b/.github/workflows/update-codeql.yml @@ -130,7 +130,7 @@ jobs: run: ./scripts/upgrade-packs.sh - name: Update - Setup Node.js for CDS compilation - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: '20' cache: 'npm' @@ -153,7 +153,7 @@ jobs: -- javascript/ - name: Update - Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: title: 'Upgrade CodeQL CLI dependency to ${{ needs.detect-update.outputs.version }}' body: |