From e19d79a479e155afae738aa5e922f32b2fb21731 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Jun 2026 08:10:54 +0000 Subject: [PATCH] chore(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.0.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.82.0` | `2.82.4` | | [dawidd6/action-send-mail](https://github.com/dawidd6/action-send-mail) | `6e502825a508b867ab2954ad6343b68787624c01` | `994f270325d4f7257aff241a35488ef54ba364a4` | | [hyperpolymath/panic-attack/.github/workflows/scan-and-report.yml](https://github.com/hyperpolymath/panic-attack) | `3f7d0bbed133629b62052fd181a84e4e1c774f9a` | `1c38f3379a3491504c3ea8bf80c3ddc48a497af7` | Updates `actions/cache` from 5.0.5 to 6.0.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...2c8a9bd7457de244a408f35966fab2fb45fda9c8) Updates `actions/attest-build-provenance` from 2.4.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `taiki-e/install-action` from 2.82.0 to 2.82.4 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/b8cecb83565409bcc297b2df6e77f030b2a468d5...682e7d9e49c5e653d371fc6adbda67653461378a) Updates `dawidd6/action-send-mail` from 6e502825a508b867ab2954ad6343b68787624c01 to 994f270325d4f7257aff241a35488ef54ba364a4 - [Release notes](https://github.com/dawidd6/action-send-mail/releases) - [Commits](https://github.com/dawidd6/action-send-mail/compare/6e502825a508b867ab2954ad6343b68787624c01...994f270325d4f7257aff241a35488ef54ba364a4) Updates `hyperpolymath/panic-attack/.github/workflows/scan-and-report.yml` from 3f7d0bbed133629b62052fd181a84e4e1c774f9a to 1c38f3379a3491504c3ea8bf80c3ddc48a497af7 - [Release notes](https://github.com/hyperpolymath/panic-attack/releases) - [Changelog](https://github.com/hyperpolymath/panic-attack/blob/main/CHANGELOG.md) - [Commits](https://github.com/hyperpolymath/panic-attack/compare/3f7d0bbed133629b62052fd181a84e4e1c774f9a...1c38f3379a3491504c3ea8bf80c3ddc48a497af7) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: taiki-e/install-action dependency-version: 2.82.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: dawidd6/action-send-mail dependency-version: 994f270325d4f7257aff241a35488ef54ba364a4 dependency-type: direct:production dependency-group: actions - dependency-name: hyperpolymath/panic-attack/.github/workflows/scan-and-report.yml dependency-version: 1c38f3379a3491504c3ea8bf80c3ddc48a497af7 dependency-type: direct:production dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/agda-meta-checker.yml | 2 +- .github/workflows/ghcr-publish.yml | 4 ++-- .github/workflows/mvp-smoke.yml | 2 +- .github/workflows/push-email-notify.yml | 2 +- .github/workflows/s4-loop.yml | 2 +- .github/workflows/security-scan.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/agda-meta-checker.yml b/.github/workflows/agda-meta-checker.yml index 34af031..5b97e72 100644 --- a/.github/workflows/agda-meta-checker.yml +++ b/.github/workflows/agda-meta-checker.yml @@ -68,7 +68,7 @@ jobs: - name: Cache Agda if: steps.detect.outputs.relevant == 'true' - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: | ~/.cabal diff --git a/.github/workflows/ghcr-publish.yml b/.github/workflows/ghcr-publish.yml index 595b84e..e96a851 100644 --- a/.github/workflows/ghcr-publish.yml +++ b/.github/workflows/ghcr-publish.yml @@ -88,14 +88,14 @@ jobs: # gh attest verify oci://ghcr.io/${{ github.repository }}: \ # --repo ${{ github.repository }} - name: Attest container provenance (minimal image) - uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.min_digest }} push-to-registry: true - name: Attest container provenance (full image) - uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.full_digest }} diff --git a/.github/workflows/mvp-smoke.yml b/.github/workflows/mvp-smoke.yml index 1cdc476..c2b331a 100644 --- a/.github/workflows/mvp-smoke.yml +++ b/.github/workflows/mvp-smoke.yml @@ -39,7 +39,7 @@ jobs: uses: Swatinem/rust-cache@65012b490220f477f20ab979e35ae732e6de4e68 # v2 - name: Install just - uses: taiki-e/install-action@b8cecb83565409bcc297b2df6e77f030b2a468d5 # v2.82.0 + uses: taiki-e/install-action@682e7d9e49c5e653d371fc6adbda67653461378a # v2.82.4 with: # Governance R1 requires versioned family-tool pins # (just|must|trust|adjust|bust|dust|intend); bare `tool: just` diff --git a/.github/workflows/push-email-notify.yml b/.github/workflows/push-email-notify.yml index 4b4e754..9abf263 100644 --- a/.github/workflows/push-email-notify.yml +++ b/.github/workflows/push-email-notify.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Send push notification email - uses: dawidd6/action-send-mail@6e502825a508b867ab2954ad6343b68787624c01 # pinned + uses: dawidd6/action-send-mail@994f270325d4f7257aff241a35488ef54ba364a4 # pinned with: server_address: ${{ secrets.SMTP_HOST }} server_port: ${{ secrets.SMTP_PORT }} diff --git a/.github/workflows/s4-loop.yml b/.github/workflows/s4-loop.yml index a9b8b15..d500cff 100644 --- a/.github/workflows/s4-loop.yml +++ b/.github/workflows/s4-loop.yml @@ -39,7 +39,7 @@ jobs: - name: Cache Cargo uses: Swatinem/rust-cache@65012b490220f477f20ab979e35ae732e6de4e68 # v2 - name: Install just - uses: taiki-e/install-action@b8cecb83565409bcc297b2df6e77f030b2a468d5 # v2.82.0 + uses: taiki-e/install-action@682e7d9e49c5e653d371fc6adbda67653461378a # v2.82.4 with: tool: just@1.51.0 - name: Install system dependencies diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 32e26aa..0bc54b1 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -20,6 +20,6 @@ permissions: jobs: scan: - uses: hyperpolymath/panic-attack/.github/workflows/scan-and-report.yml@3f7d0bbed133629b62052fd181a84e4e1c774f9a # main 2026-05-20 + uses: hyperpolymath/panic-attack/.github/workflows/scan-and-report.yml@1c38f3379a3491504c3ea8bf80c3ddc48a497af7 # main 2026-05-20 secrets: VERISIMDB_PAT: ${{ secrets.VERISIMDB_PAT }}