From d90afa04d31d8cffb45dd1e62241b135d8b3b4f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 23:22:13 +0000 Subject: [PATCH] Bump the github-dependencies group with 7 updates Bumps the github-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.3` | `4.3.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.0` | `4.1.2` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.2` | `4.0.4` | | [andymckay/cancel-action](https://github.com/andymckay/cancel-action) | `0.3` | `0.4` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `5.0.2` | `6.0.0` | | [actions/labeler](https://github.com/actions/labeler) | `4.3.0` | `5.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.22.12` | `3.24.0` | Updates `actions/upload-artifact` from 3.1.3 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...5d5d22a31266ced268874388b861e4b58bb5c2f3) Updates `actions/download-artifact` from 4.1.0 to 4.1.2 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110...eaceaf801fd36c7dee90939fad912460b18a1ffe) Updates `actions/deploy-pages` from 4.0.2 to 4.0.4 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/7a9bd943aa5e5175aeb8502edcc6c1c02d398e10...decdde0ac072f6dcbe43649d82d9c635fff5b4e4) Updates `andymckay/cancel-action` from 0.3 to 0.4 - [Release notes](https://github.com/andymckay/cancel-action/releases) - [Commits](https://github.com/andymckay/cancel-action/compare/b9280e3f8986d7a8e91c7462efc0fa318010c8b1...271cfbfa11ca9222f7be99a47e8f929574549e0a) Updates `peter-evans/create-pull-request` from 5.0.2 to 6.0.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/153407881ec5c347639a548ade7d8ad1d6740e38...b1ddad2c994a25fbc81a28b3ec0e368bb2021c50) Updates `actions/labeler` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/ac9175f8a1f3625fd0d4fb234536d26811351594...8558fd74291d67161a8a78ce36a881fa63b766a9) Updates `github/codeql-action` from 3.22.12 to 3.24.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e8893c57a1f3a2b659b6b55564fdfdbbd2982911) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-dependencies - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: actions/deploy-pages dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: andymckay/cancel-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-dependencies - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy_github_pages.yml | 6 +++--- .github/workflows/google_fonts_update.yml | 4 ++-- .github/workflows/label_pull_requests.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy_github_pages.yml b/.github/workflows/deploy_github_pages.yml index 0545f828..2dbb68af 100644 --- a/.github/workflows/deploy_github_pages.yml +++ b/.github/workflows/deploy_github_pages.yml @@ -52,7 +52,7 @@ jobs: working-directory: packages/${{ matrix.package }}/example - name: Upload web build temporarily - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ matrix.package }} path: /tmp/${{ matrix.package }} @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all web builds - uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 - name: Upload pages artifact uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0 @@ -87,4 +87,4 @@ jobs: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@7a9bd943aa5e5175aeb8502edcc6c1c02d398e10 # v4.0.2 + uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4 diff --git a/.github/workflows/google_fonts_update.yml b/.github/workflows/google_fonts_update.yml index 36c6e059..9f7d7a2a 100644 --- a/.github/workflows/google_fonts_update.yml +++ b/.github/workflows/google_fonts_update.yml @@ -44,7 +44,7 @@ jobs: result-encoding: string - name: Cancel workflow if there is no diff - uses: andymckay/cancel-action@b9280e3f8986d7a8e91c7462efc0fa318010c8b1 # v0.3 + uses: andymckay/cancel-action@271cfbfa11ca9222f7be99a47e8f929574549e0a # v0.4 if: steps.get_families_diff.outputs.result == '' - name: If cancelling workflow, allow for enough time to do so @@ -52,7 +52,7 @@ jobs: shell: bash if: steps.get_families_diff.outputs.result == '' - - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 with: token: ${{ secrets.MATERIAL_ROBOT_TOKEN }} committer: material-robot diff --git a/.github/workflows/label_pull_requests.yml b/.github/workflows/label_pull_requests.yml index 22abf29a..855cf6e4 100644 --- a/.github/workflows/label_pull_requests.yml +++ b/.github/workflows/label_pull_requests.yml @@ -20,7 +20,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" sync-labels: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 86286f0a..e65deeaf 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: sarif_file: results.sarif