Bump the github-actions group across 1 directory with 4 updates

Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/checkout` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](9bb56186c3...1d96c772d1) Updates `actions/upload-artifact` from 3.1.3 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](a8a3f3ad30...65462800fd) Updates `slsa-framework/slsa-github-generator` from 1.10.0 to 2.0.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) Updates `actions/download-artifact` from 3.0.2 to 4.1.6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](9bc31d5ccc...9c19ed7fe5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 23:50:43 +00:00 · 2024-04-23 23:50:43 +00:00 · b7278186c4
commit b7278186c4
parent ccf125bf30
2 changed files with 7 additions and 7 deletions
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -9,7 +9,7 @@ jobs:
    outputs:
      hash: ${{ steps.hash.outputs.hash }}
    steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
        with:
          python-version: '3.x'
@ -23,7 +23,7 @@ jobs:
      - name: generate hash
        id: hash
        run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          path: ./dist
  provenance:
@ -33,7 +33,7 @@ jobs:
      id-token: write
      contents: write
    # Can't pin with hash due to how this workflow works.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
      base64-subjects: ${{ needs.build.outputs.hash }}
  create-release:
@ -44,7 +44,7 @@ jobs:
    permissions:
      contents: write
    steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
      - name: create release
        run: >
          gh release create --draft --repo ${{ github.repository }}
@ -63,7 +63,7 @@ jobs:
    permissions:
      id-token: write
    steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/download-artifact@9c19ed7fe5d278cd354c7dfd5d3b88589c7e2395 # v4.1.6
      - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
        with:
          repository-url: https://test.pypi.org/legacy/
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -32,7 +32,7 @@ jobs:
          - {name: Minimum Versions, python: '3.12', tox: py-min}
          - {name: Development Versions, python: '3.8', tox: py-dev}
    steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
        with:
          python-version: ${{ matrix.python }}
@ -44,7 +44,7 @@ jobs:
  typing:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
        with:
          python-version: '3.x'