From 6d631b9c5e33e3b042fabd4372090fb6d2277001 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 May 2026 03:54:39 +0000
Subject: [PATCH] deps(deps): bump the actions-updates group with 4 updates

Bumps the actions-updates group with 4 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `astral-sh/setup-uv` from 94527f2e458b27549849d47d273a16bec83a01e9 to 37802adc94f370d6bfd71619e3f0bf239e1f3b78
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/94527f2e458b27549849d47d273a16bec83a01e9...37802adc94f370d6bfd71619e3f0bf239e1f3b78)

Updates `actions/attest-build-provenance` from b3e506e8c389afc651c5bacf2b8f2a1ea0557215 to a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/b3e506e8c389afc651c5bacf2b8f2a1ea0557215...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32)

Updates `aquasecurity/trivy-action` from a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 to ed142fd0673e97e23eac54620cfb913e5ce36c25
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8...ed142fd0673e97e23eac54620cfb913e5ce36c25)

Updates `github/codeql-action` from 7c1e4cf0b20d7c1872b26569c00ba908797a59bf to 9e0d7b8d25671d64c341c19c0152d693099fb5ba
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7c1e4cf0b20d7c1872b26569c00ba908797a59bf...9e0d7b8d25671d64c341c19c0152d693099fb5ba)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 37802adc94f370d6bfd71619e3f0bf239e1f3b78
  dependency-type: direct:production
  dependency-group: actions-updates
- dependency-name: actions/attest-build-provenance
  dependency-version: a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
  dependency-type: direct:production
  dependency-group: actions-updates
- dependency-name: aquasecurity/trivy-action
  dependency-version: ed142fd0673e97e23eac54620cfb913e5ce36c25
  dependency-type: direct:production
  dependency-group: actions-updates
- dependency-name: github/codeql-action
  dependency-version: 9e0d7b8d25671d64c341c19c0152d693099fb5ba
  dependency-type: direct:production
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cd.yml       | 4 ++--
 .github/workflows/ci.yml       | 6 +++---
 .github/workflows/docker.yml   | 4 ++--
 .github/workflows/security.yml | 6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index a51421c..5624810 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -123,7 +123,7 @@ jobs:
         with:
           python-version: '3.12'
 
-      - uses: astral-sh/setup-uv@94527f2e458b27549849d47d273a16bec83a01e9 # v7
+      - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
 
@@ -156,7 +156,7 @@ jobs:
       - run: python -m build
 
       - name: Attest build provenance
-        uses: actions/attest-build-provenance@b3e506e8c389afc651c5bacf2b8f2a1ea0557215 # v4
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4
         with:
           subject-path: 'dist/*'
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1409cb7..cac3a38 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -63,7 +63,7 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
-      - uses: astral-sh/setup-uv@94527f2e458b27549849d47d273a16bec83a01e9 # v7
+      - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
 
@@ -113,7 +113,7 @@ jobs:
         with:
           python-version: "3.12"
 
-      - uses: astral-sh/setup-uv@94527f2e458b27549849d47d273a16bec83a01e9 # v7
+      - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
 
@@ -182,7 +182,7 @@ jobs:
         with:
           python-version: "3.12"
 
-      - uses: astral-sh/setup-uv@94527f2e458b27549849d47d273a16bec83a01e9 # v7
+      - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
 
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 9f66d44..66169c9 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -104,7 +104,7 @@ jobs:
           cache-to: type=gha,mode=max,scope=${{ matrix.component }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           image-ref: ${{ steps.image.outputs.name }}:${{ steps.tag.outputs.value }}
           format: 'sarif'
@@ -112,7 +112,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4
+        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
         if: always()
         continue-on-error: true
         with:
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 5b96084..5d6f50a 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -21,13 +21,13 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
         with:
           languages: python
           build-mode: none
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
         with:
           category: "/language:python"
 
@@ -54,7 +54,7 @@ jobs:
           bandit -r src/ -f txt || true
 
       - name: Upload SARIF to GitHub Security
-        uses: github/codeql-action/upload-sarif@7c1e4cf0b20d7c1872b26569c00ba908797a59bf # v4
+        uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
         if: always()
         with:
           sarif_file: bandit-results.sarif