chore(deps): update workflows (#2653)

renovate-bot · web-flow · commit 5f4a97eaedee · 2024-09-25T19:47:10.000+10:00
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v2.26.7` -> `v2.26.9` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.26.7` -> `v3.26.9` | | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | patch | `v1.10.1` -> `v1.10.2` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.26.9`](https://redirect.github.com/github/codeql-action/compare/v2.26.8...v2.26.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.8...v2.26.9) ### [`v2.26.8`](https://redirect.github.com/github/codeql-action/compare/v2.26.7...v2.26.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.26.7...v2.26.8) </details> <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.10.2`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.2) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2) #### 💅 Cosmetic Output Improvements In [#&#8203;250](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/250) and [#&#8203;258](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/258), [@&#8203;facutuesca](https://redirect.github.com/facutuesca)[💰](https://redirect.github.com/sponsors/facutuesca) added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! 🦄 #### 🛠️ Internal Dependencies [@&#8203;woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) bumped `pypi-attestations` to v0.0.12 in [#&#8203;262](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/262), ~hopefully fixing [#&#8203;263](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263). 🤞~ Nah.. that wasn't it. > \[!TIP] > Please keep in mind that reusable workflows are not yet supported, even though they sometimes work, mostly by accident. #### 💪 New Contributors [@&#8203;facutuesca](https://redirect.github.com/facutuesca) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/258](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/258) **🪞 Full Diff**: pypa/gh-action-pypi-publish@v1.10.1...v1.10.2 **🧔‍♂️ Release Manager:** [@&#8203;webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) **🙏 Special Thanks** to [@&#8203;henryiii](https://redirect.github.com/henryiii)[💰](https://redirect.github.com/sponsors/henryiii) for promptly pointing up possible fixes for [#&#8203;263](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev).
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+      uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+      uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+      uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
@@ -44,7 +44,7 @@ jobs:
         build
         --sdist --wheel --outdir dist/ .
     - name: Publish distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
+      uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2
       with:
         password: ${{ secrets.PYPI_API_TOKEN }}
         packages_dir: dist/
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2fe1a3da42c8b4f96ced91264bda7407d8c65539 # v2.26.7
+        uses: github/codeql-action/upload-sarif@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2.26.9
         with:
           sarif_file: results.sarif
