Bump the minor-and-patch group with 5 updates (#745)

Bumps the minor-and-patch group with 5 updates: | Package | From | To | | --- | --- | --- | | [vmactions/freebsd-vm](https://github.com/vmactions/freebsd-vm) | `1.1.9` | `1.2.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `2.3.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.0` | `5.4.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.13` | `3.28.16` | | [uraimo/run-on-arch-action](https://github.com/uraimo/run-on-arch-action) | `3.0.0` | `3.0.1` | Updates `vmactions/freebsd-vm` from 1.1.9 to 1.2.0 - [Release notes](https://github.com/vmactions/freebsd-vm/releases) - [Commits](8873d98fd1...c3ae29a132) Updates `actions/attest-build-provenance` from 2.2.3 to 2.3.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](c074443f1a...db473fddc0) Updates `codecov/codecov-action` from 5.4.0 to 5.4.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](0565863a31...ad3126e916) Updates `github/codeql-action` from 3.28.13 to 3.28.16 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](1b549b9259...28deaeda66) Updates `uraimo/run-on-arch-action` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/uraimo/run-on-arch-action/releases) - [Commits](4141da824f...d94c13912e) ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-17 23:57:23 +08:00 · 2025-05-02 11:18:53 +01:00
parent 3cd3e92fb3
commit d8a0219f02
5 changed files with 9 additions and 9 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -283,7 +283,7 @@ jobs:
        run: ./autogen.sh

      - name: Build & test
-        uses: vmactions/freebsd-vm@8873d98fd1413b5977cb2f7348fe329775159892 # v1.1.9
+        uses: vmactions/freebsd-vm@c3ae29a132c8ef1924775414107a97cac042aad5 # v1.2.0
        with:
          envs: 'CFLAGS_GCC_STYLE'
          usesh: true
@@ -497,7 +497,7 @@ jobs:
          if-no-files-found: error

      - name: Attest
-        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0
        if: |
          github.event_name != 'pull_request' &&
          (startsWith(github.ref, 'refs/heads/release/') ||
@@ -575,7 +575,7 @@ jobs:
          if-no-files-found: error

      - name: Upload report to Codecov
-        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          fail_ci_if_error: true
--- a/.github/workflows/clang-analyzer.yml
+++ b/.github/workflows/clang-analyzer.yml
@@ -66,7 +66,7 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          sarif_file: build/clang.sarif
          category: clang-analyzer
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -49,7 +49,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+      uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -74,4 +74,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -430,7 +430,7 @@ jobs:
      - name: Prepare
        run: ./autogen.sh

-      - uses: uraimo/run-on-arch-action@4141da824ffb5eda88d221d9cf835f6a61ed98d9 # v3.0.0
+      - uses: uraimo/run-on-arch-action@d94c13912ea685de38fccc1109385b83fd79427d # v3.0.1
        name: Configure, build, and test
        with:
          arch: ${{ matrix.arch }}
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -52,7 +52,7 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          sarif_file: results.sarif
          category: ossf-scorecard