chore(deps): bump the github-actions group with 3 updates (#747)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-23 08:47:33 +00:00 · 2025-05-05 09:52:39 -04:00 · 2025-05-05 09:52:39 -04:00 · 7714e13917
commit 7714e13917
parent 87ec786488
5 changed files with 7 additions and 7 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -33,7 +33,7 @@ jobs:

    - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2

-    - uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
+    - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1

    - name: Test dependencies
      run: |
@ -57,7 +57,7 @@ jobs:
        with:
          persist-credentials: false

-      - uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
+      - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1

      - name: Test site
        run: make site
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@ -163,7 +163,7 @@ jobs:
    steps:
      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2
+        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2
        with:
          subject-path: 'wheels-*/*'
      - name: Publish to PyPI
--- a/.github/workflows/site.yml
+++ b/.github/workflows/site.yml
@ -30,7 +30,7 @@ jobs:
          persist-credentials: false

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1

      - name: build site
        run: make site
--- a/.github/workflows/test-output.yml
+++ b/.github/workflows/test-output.yml
@ -29,7 +29,7 @@ jobs:
          cargo run -- --format sarif . > results.sarif

      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
        with:
          sarif_file: results.sarif
          category: zizmor-test-sarif-presentation
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@ -21,13 +21,13 @@ jobs:
        with:
          persist-credentials: false
      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
      - name: Run zizmor 🌈
        run: uvx zizmor --format sarif .github/workflows > results.sarif
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
        with:
          sarif_file: results.sarif
          category: zizmor