chore(deps): bump the actions-updates group with 3 updates (#56)

Bumps the actions-updates group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `step-security/harden-runner` from 2.13.2 to 2.14.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](95d9a5deda...20cf305ff2) Updates `astral-sh/setup-uv` from 7.1.2 to 7.1.6 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](85856786d1...681c641aba) Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](330a01c490...b7c566a772) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-updates - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-04 18:30:17 +00:00 · 2025-12-23 18:54:25 -08:00
parent 6a57c72869
commit 45270d3bf3
5 changed files with 9 additions and 9 deletions
--- a/.github/workflows/ci-actions.yml
+++ b/.github/workflows/ci-actions.yml
@@ -25,7 +25,7 @@ jobs:
      actions: read # Needed to analyze action metadata.
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

@@ -35,7 +35,7 @@ jobs:
        persist-credentials: false

    - name: setup uv
-      uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
+      uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6

    - name: zizmor
      run: uvx zizmor --pedantic --format sarif . > results.sarif
--- a/.github/workflows/ci-code.yml
+++ b/.github/workflows/ci-code.yml
@@ -21,7 +21,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

@@ -51,7 +51,7 @@ jobs:
    name: 'build ${{ matrix.arch }}'
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

@@ -80,7 +80,7 @@ jobs:
    name: 'clippy ${{ matrix.arch }}'
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -37,7 +37,7 @@ jobs:
          build-mode: none
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -25,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit

@@ -43,7 +43,7 @@ jobs:

    - name: 'upload artifacts'
      id: upload
-      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
      with:
        name: artifacts
        path: target/assemble/*
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit