From 37815e1e1244933d294b1185a3a7e23f784d2119 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 21:06:11 +0000 Subject: [PATCH] build(deps): bump the actions group across 1 directory with 3 updates Bumps the actions group with 3 updates in the /{{cookiecutter.project_slug}}/.github/workflows directory: [actions/download-artifact](https://github.com/actions/download-artifact), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `actions/attest-build-provenance` from 3.2.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/96278af6caaf10aea03fd8d33a09a777ca52d62f...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- {{cookiecutter.project_slug}}/.github/workflows/release.yml | 6 +++--- {{cookiecutter.project_slug}}/.github/workflows/zizmor.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/{{cookiecutter.project_slug}}/.github/workflows/release.yml b/{{cookiecutter.project_slug}}/.github/workflows/release.yml index a26e312..7b78c4b 100644 --- a/{{cookiecutter.project_slug}}/.github/workflows/release.yml +++ b/{{cookiecutter.project_slug}}/.github/workflows/release.yml @@ -39,12 +39,12 @@ jobs: attestations: write # To persist the attestation files. steps: - name: Download distributions - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: distributions path: dist/ - name: Generate build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: 'dist/*' @@ -61,7 +61,7 @@ jobs: id-token: write steps: - name: Download distributions - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: distributions path: dist/ diff --git a/{{cookiecutter.project_slug}}/.github/workflows/zizmor.yml b/{{cookiecutter.project_slug}}/.github/workflows/zizmor.yml index 24f5b03..3dc6e1d 100644 --- a/{{cookiecutter.project_slug}}/.github/workflows/zizmor.yml +++ b/{{cookiecutter.project_slug}}/.github/workflows/zizmor.yml @@ -22,4 +22,4 @@ jobs: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0 + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2