From 324e48823a82001ee90d36b0d8b8a3607668bf41 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jun 2026 12:46:40 +0000 Subject: [PATCH] build(deps): Bump the actions group across 1 directory with 6 updates Bumps the actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6` | `7` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.1.0` | `8.2.0` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `8.0.0` | `8.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `3.0.0` | `3.0.1` | Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) Updates `astral-sh/setup-uv` from 8.1.0 to 8.2.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/08807647e7069bb48b6ef5acd8ec9567f424441b...fac544c07dec837d0ccb6301d7b5580bf5edae39) Updates `SonarSource/sonarqube-scan-action` from 8.0.0 to 8.2.0 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/59db25f34e16620e48ab4bb9e4a5dce155cb5432...713881670b6b3676cda39549040e2d88c70d582e) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf) Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/b4309332981a82ec1c5618f44dd2e27cc8bfbfda...718ea10b132b3b2eba29c1007bb80653f286566b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/ci.yml | 20 ++++++++++---------- .github/workflows/codeql.yml | 2 +- .github/workflows/dashboard-ui-build.yml | 6 +++--- .github/workflows/docusaurus-deploy.yml | 2 +- .github/workflows/eval-weekly.yml | 4 ++-- .github/workflows/release.yml | 14 +++++++------- .github/workflows/scorecard.yml | 2 +- .github/workflows/test-game-codegen.yml | 2 +- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 315fc28a7..7d358a8b3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Setup Go uses: actions/setup-go@v6 @@ -53,7 +53,7 @@ jobs: # `uv run --python ` and fails loudly if uv is missing # (see internal/eval_harness/python.go). Must match ci.yml. - name: Set up uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Get dependencies run: go mod download diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1d020e1e..3a572455f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: # SonarCloud needs full history to attribute blame and compute # "new code" metrics correctly. Shallow clones break both. @@ -36,7 +36,7 @@ jobs: # Python is installed. Update PinnedPythonVersion in # internal/eval_harness/python.go if the target moves. - name: Set up uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Install dependencies run: make deps @@ -155,7 +155,7 @@ jobs: # continue-on-error keeps CI green if the secret is missing or the scan # service has a hiccup — Sonar is a reporting layer, not a gate. - name: SonarCloud scan - uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # v7 + uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v7 continue-on-error: true env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -191,7 +191,7 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: # Avoid CRLF rewrites on test fixtures and golden files. # PowerShell + git autocrlf can otherwise mutate bytes between @@ -209,7 +209,7 @@ jobs: cache: true - name: Set up uv (provides Python for eval-harness Python runner tests) - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Install ailang to PATH (mirrors `make install`) shell: pwsh @@ -256,7 +256,7 @@ jobs: needs: test steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6 @@ -278,7 +278,7 @@ jobs: if: github.event_name == 'push' && github.ref == 'refs/heads/dev' steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Sync prompts/ to docs/prompts/ run: ./docs/scripts/sync-prompts.sh @@ -300,7 +300,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6 @@ -326,7 +326,7 @@ jobs: # allowlist entry past its expires date — forces re-review rather # than letting suppressions float forever. steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6 @@ -355,7 +355,7 @@ jobs: if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b7b185208..1bb399fc3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/dashboard-ui-build.yml b/.github/workflows/dashboard-ui-build.yml index 2c8375d87..3268770b9 100644 --- a/.github/workflows/dashboard-ui-build.yml +++ b/.github/workflows/dashboard-ui-build.yml @@ -23,13 +23,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build ui-builder stage - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . file: docker/Dockerfile.dashboard diff --git a/.github/workflows/docusaurus-deploy.yml b/.github/workflows/docusaurus-deploy.yml index d639f5654..b2b0e8e6d 100644 --- a/.github/workflows/docusaurus-deploy.yml +++ b/.github/workflows/docusaurus-deploy.yml @@ -61,7 +61,7 @@ jobs: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') || github.actor == 'github-actions[bot]' }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: fetch-depth: 0 # Fetch all history and tags for version generation diff --git a/.github/workflows/eval-weekly.yml b/.github/workflows/eval-weekly.yml index 99cba2104..032b9a39b 100644 --- a/.github/workflows/eval-weekly.yml +++ b/.github/workflows/eval-weekly.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6 @@ -37,7 +37,7 @@ jobs: # rather than a system `python3`. Update PinnedPythonVersion in # internal/eval_harness/python.go if the target moves. - name: Set up uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Install dependencies run: make deps diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c8f194609..5da2c2b42 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Setup Go uses: actions/setup-go@v6 @@ -106,7 +106,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Setup Go uses: actions/setup-go@v6 @@ -130,7 +130,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Create examples.zip run: | @@ -178,7 +178,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Setup Go uses: actions/setup-go@v6 @@ -232,7 +232,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Setup Go uses: actions/setup-go@v6 @@ -272,7 +272,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Download all artifacts uses: actions/download-artifact@v8 @@ -397,7 +397,7 @@ jobs: # with "Cannot upload assets to an immutable release". The # finalize-release job below flips draft=false after provenance # uploads its attestation. - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3 with: name: AILANG ${{ steps.get_version.outputs.VERSION }} body_path: changelog.md diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1d7e7e705..c36a46c91 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v7 with: persist-credentials: false diff --git a/.github/workflows/test-game-codegen.yml b/.github/workflows/test-game-codegen.yml index 8d0b982a8..5b31f5339 100644 --- a/.github/workflows/test-game-codegen.yml +++ b/.github/workflows/test-game-codegen.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Set up Go uses: actions/setup-go@v6