Skip to content

deps(actions): bump the actions group with 5 updates #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(actions): bump the actions group with 5 updates #257

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
# --- CodeQL init ---

- name: Initialize CodeQL
uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
Expand All @@ -128,7 +128,7 @@ jobs:
# --- Analysis (fails build on real errors) ---

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
category: "/language:${{ matrix.language }}"
upload: never
Expand Down Expand Up @@ -162,7 +162,7 @@ jobs:
# --- Upload (tolerates GHAS unavailability) ---

- name: Upload SARIF to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true # Requires GitHub Advanced Security
with:
Expand All @@ -188,7 +188,7 @@ jobs:
persist-credentials: false

- name: Initialize CodeQL
uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
languages: swift
build-mode: manual
Expand All @@ -199,7 +199,7 @@ jobs:
run: swift build

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
with:
category: "/language:swift"
upload: never
Expand All @@ -225,7 +225,7 @@ jobs:
done

- name: Upload SARIF to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true # Requires GitHub Advanced Security
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-kotlin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
java-version: '17'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v5.0.2 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot Apr 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: Update the inline version comment to match the new version bumped in this PR (6.1.0).

Leaving the old version number in the comment can cause confusion and makes it harder to verify the current version without looking up the commit hash.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/release-kotlin.yml, line 41:

<comment>Update the inline version comment to match the new version bumped in this PR (6.1.0).

Leaving the old version number in the comment can cause confusion and makes it harder to verify the current version without looking up the commit hash.</comment>

<file context>
@@ -38,7 +38,7 @@ jobs:
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
+        uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v5.0.2 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
 
       - name: Build
</file context>
Fix with Cubic


- name: Build
run: ./gradlew :basecamp-sdk:build
Expand Down Expand Up @@ -86,7 +86,7 @@ jobs:
java-version: '17'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v5.0.2 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache

- name: Extract version
id: version
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-python.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
persist-credentials: false

- name: Install uv
uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot Apr 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P3: The pinned setup-uv SHA was updated, but the inline version comment is still v6.0.0; update it to match the pinned release (v8.0.0) to avoid misleading workflow maintenance.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/release-python.yml, line 35:

<comment>The pinned setup-uv SHA was updated, but the inline version comment is still `v6.0.0`; update it to match the pinned release (`v8.0.0`) to avoid misleading workflow maintenance.</comment>

<file context>
@@ -32,7 +32,7 @@ jobs:
 
       - name: Install uv
-        uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
+        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
 
       - name: Set up Python
</file context>
Suggested change
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
Fix with Cubic


- name: Set up Python
run: uv python install 3.13
Expand Down Expand Up @@ -87,7 +87,7 @@ jobs:
git merge-base --is-ancestor "$GITHUB_SHA" origin/main

- name: Install uv
uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v6.0.0 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache

- name: Set up Python
run: uv python install 3.13
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-ruby.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
persist-credentials: false

- name: Set up Ruby
uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot Apr 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Update the version comment to v1.301.0 to match the new commit hash. Dependabot often misses inline comments when they contain additional text like a zizmor ignore.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/release-ruby.yml, line 35:

<comment>Update the version comment to `v1.301.0` to match the new commit hash. Dependabot often misses inline comments when they contain additional text like a zizmor ignore.</comment>

<file context>
@@ -32,7 +32,7 @@ jobs:
 
       - name: Set up Ruby
-        uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
+        uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cached deps are for testing, not release artifact generation
         with:
           ruby-version: '3.3'
</file context>
Fix with Cubic

with:
ruby-version: '3.3'
bundler-cache: true
Expand Down Expand Up @@ -68,7 +68,7 @@ jobs:
git merge-base --is-ancestor "$GITHUB_SHA" origin/main

- name: Set up Ruby
uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache
uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.293.0 # zizmor: ignore[cache-poisoning] -- cache is branch-isolated; fork PRs cannot write to this cache
with:
ruby-version: '3.3'
bundler-cache: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
path: results.sarif
retention-days: 5

- uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
- uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
continue-on-error: true
with:
sarif_file: results.sarif
12 changes: 6 additions & 6 deletions .github/workflows/security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
output: 'trivy-go-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true # Requires GitHub Advanced Security
with:
Expand Down Expand Up @@ -67,7 +67,7 @@ jobs:
output: 'trivy-ts-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true # Requires GitHub Advanced Security
with:
Expand Down Expand Up @@ -128,7 +128,7 @@ jobs:
run: gosec -severity high -exclude-dir=pkg/generated -fmt sarif -out gosec-results.sarif ./...

- name: Upload gosec results
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true
with:
Expand Down Expand Up @@ -184,7 +184,7 @@ jobs:
output: 'trivy-ruby-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
if: always()
continue-on-error: true
with:
Expand All @@ -206,7 +206,7 @@ jobs:
persist-credentials: false

- name: Set up Ruby
uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0
uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.301.0
with:
ruby-version: '3.3'
bundler-cache: true
Expand Down Expand Up @@ -242,7 +242,7 @@ jobs:
java-version: '17'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0

- name: Run dependency verification
run: ./gradlew :basecamp-sdk:dependencies --scan
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
persist-credentials: false

- name: Run actionlint
uses: rhysd/actionlint@393031adb9afb225ee52ae2ccd7a5af5525e03e8 # v1.7.11
uses: rhysd/actionlint@914e7df21a07ef503a81201c76d2b11c789d3fca # v1.7.12

- name: Run zizmor
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
Expand Down Expand Up @@ -143,7 +143,7 @@ jobs:
persist-credentials: false

- name: Set up Ruby
uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0
uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.301.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true
Expand Down Expand Up @@ -175,7 +175,7 @@ jobs:
persist-credentials: false

- name: Install uv
uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0

- name: Set up Python
run: uv python install ${{ matrix.python }}
Expand Down Expand Up @@ -249,7 +249,7 @@ jobs:
java-version: '17'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0

- name: Build
run: ./gradlew :basecamp-sdk:build
Expand Down Expand Up @@ -301,7 +301,7 @@ jobs:
java-version: '17'

- name: Setup Gradle
uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0

- name: Run Kotlin conformance tests
working-directory: kotlin
Expand All @@ -327,7 +327,7 @@ jobs:
npm test

- name: Set up Ruby
uses: ruby/setup-ruby@dffb23f65a78bba8db45d387d5ea1bbd6be3ef18 # v1.293.0
uses: ruby/setup-ruby@4c56a21280b36d862b5fc31348f463d60bdc55d5 # v1.301.0
with:
ruby-version: '3.3'
bundler-cache: true
Expand All @@ -338,7 +338,7 @@ jobs:
run: ruby runner.rb

- name: Install uv (Python)
uses: astral-sh/setup-uv@c7f87aa956e4c323abf06d5dec078e358f6b4d04 # v6.0.0
uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0

- name: Run Python conformance tests
working-directory: conformance/runner/python
Expand Down
Loading