chore(deps): update workflows (google#1413)

renovate-bot · cuixq · web-flow · commit ca76ff42da90 · 2024-12-23T12:08:26.000+11:00
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://redirect.github.com/actions/cache) | action | minor | `v4.1.1` -> `v4.2.0` | | [actions/cache](https://redirect.github.com/actions/cache) | action | minor | `v4.1.2` -> `v4.2.0` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | patch | `v4.2.1` -> `v4.2.2` | | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.1.0` -> `v5.2.0` | | [actions/setup-java](https://redirect.github.com/actions/setup-java) | action | minor | `v4.5.0` -> `v4.6.0` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5.2.0` -> `v5.3.0` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.4.3` -> `v4.5.0` | | [codecov/codecov-action](https://redirect.github.com/codecov/codecov-action) | action | minor | `v5.0.2` -> `v5.1.2` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | digest | `c47758b` -> `6524bf6` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.27.4` -> `v3.28.0` | | [r-lib/actions](https://redirect.github.com/r-lib/actions) | action | patch | `v2.11.0` -> `v2.11.1` | | [ruby/setup-ruby](https://redirect.github.com/ruby/setup-ruby) | action | minor | `v1.202.0` -> `v1.204.0` | --- ### Release Notes <details> <summary>actions/cache (actions/cache)</summary> ### [`v4.2.0`](https://redirect.github.com/actions/cache/releases/tag/v4.2.0) [Compare Source](https://redirect.github.com/actions/cache/compare/v4.1.2...v4.2.0) #### ⚠️ Important Changes The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://redirect.github.com/actions/cache) now integrates with the new cache service (v2) APIs. The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**. **We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below). If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0` If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://redirect.github.com/actions/cache) will fail. Upgrading to the recommended versions will not break your workflows. Read more about the change & access the migration guide: [reference to the announcement](https://redirect.github.com/actions/cache/discussions/1510). ##### Minor changes Minor and patch version updates for these dependencies: - [@&#8203;actions/core](https://redirect.github.com/actions/core): `1.11.1` - [@&#8203;actions/io](https://redirect.github.com/actions/io): `1.1.3` - [@&#8203;vercel/ncc](https://redirect.github.com/vercel/ncc): `0.38.3` **Full Changelog**: actions/cache@v4...v4.2.0 ### [`v4.1.2`](https://redirect.github.com/actions/cache/releases/tag/v4.1.2) [Compare Source](https://redirect.github.com/actions/cache/compare/v4.1.1...v4.1.2) ##### What's Changed - Add Bun example by [@&#8203;idleberg](https://redirect.github.com/idleberg) in [https://github.com/actions/cache/pull/1456](https://redirect.github.com/actions/cache/pull/1456) - Revise `isGhes` logic by [@&#8203;jww3](https://redirect.github.com/jww3) in [https://github.com/actions/cache/pull/1474](https://redirect.github.com/actions/cache/pull/1474) - Bump braces from 3.0.2 to 3.0.3 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/cache/pull/1475](https://redirect.github.com/actions/cache/pull/1475) - Add dependabot.yml to enable automatic dependency upgrades by [@&#8203;Link-](https://redirect.github.com/Link-) in [https://github.com/actions/cache/pull/1476](https://redirect.github.com/actions/cache/pull/1476) - Bump actions/checkout from 3 to 4 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/cache/pull/1478](https://redirect.github.com/actions/cache/pull/1478) - Bump actions/stale from 3 to 9 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/cache/pull/1479](https://redirect.github.com/actions/cache/pull/1479) - Bump github/codeql-action from 2 to 3 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/cache/pull/1483](https://redirect.github.com/actions/cache/pull/1483) - Bump actions/setup-node from 3 to 4 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/cache/pull/1481](https://redirect.github.com/actions/cache/pull/1481) - Prepare `4.1.2` release by [@&#8203;Link-](https://redirect.github.com/Link-) in [https://github.com/actions/cache/pull/1477](https://redirect.github.com/actions/cache/pull/1477) ##### New Contributors - [@&#8203;idleberg](https://redirect.github.com/idleberg) made their first contribution in [https://github.com/actions/cache/pull/1456](https://redirect.github.com/actions/cache/pull/1456) - [@&#8203;jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/cache/pull/1474](https://redirect.github.com/actions/cache/pull/1474) - [@&#8203;Link-](https://redirect.github.com/Link-) made their first contribution in [https://github.com/actions/cache/pull/1476](https://redirect.github.com/actions/cache/pull/1476) **Full Changelog**: actions/cache@v4...v4.1.2 </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.2.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v422) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.1...v4.2.2) - `url-helper.ts` now leverages well-known environment variables by [@&#8203;jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1941](https://redirect.github.com/actions/checkout/pull/1941) - Expand unit test coverage for `isGhes` by [@&#8203;jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1946](https://redirect.github.com/actions/checkout/pull/1946) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.2.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.1.0...v5.2.0) #### What's Changed - Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by [@&#8203;Shegox](https://redirect.github.com/Shegox) in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) #### New Contributors - [@&#8203;Shegox](https://redirect.github.com/Shegox) made their first contribution in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) **Full Changelog**: actions/setup-go@v5...v5.2.0 </details> <details> <summary>actions/setup-java (actions/setup-java)</summary> ### [`v4.6.0`](https://redirect.github.com/actions/setup-java/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.5.0...v4.6.0) #### What's Changed **Add-ons:** - Add Support for JetBrains Runtime by [@&#8203;gmitch215](https://redirect.github.com/gmitch215) in [https://github.com/actions/setup-java/pull/637](https://redirect.github.com/actions/setup-java/pull/637) ```steps: - name: Checkout uses: actions/checkout@v4 - name: Setup-java uses: actions/setup-java@v4 with: distribution: ‘jetbrains’ java-version: '21' ``` **Bug fixes:** - Fix Ubuntu-latest CI failures by [@&#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/693](https://redirect.github.com/actions/setup-java/pull/693) #### New Contributors - [@&#8203;gmitch215](https://redirect.github.com/gmitch215) made their first contribution in [https://github.com/actions/setup-java/pull/637](https://redirect.github.com/actions/setup-java/pull/637) **Full Changelog**: actions/setup-java@v4...v4.6.0 </details> <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5.3.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.2.0...v5.3.0) ##### What's Changed - Add workflow file for publishing releases to immutable action package by [@&#8203;Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-python/pull/941](https://redirect.github.com/actions/setup-python/pull/941) - Upgrade IA publish by [@&#8203;Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-python/pull/943](https://redirect.github.com/actions/setup-python/pull/943) ##### Bug Fixes: - Normalise Line Endings to Ensure Cross-Platform Consistency by [@&#8203;priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/938](https://redirect.github.com/actions/setup-python/pull/938) - Revise `isGhes` logic by [@&#8203;jww3](https://redirect.github.com/jww3) in [https://github.com/actions/setup-python/pull/963](https://redirect.github.com/actions/setup-python/pull/963) - Bump pillow from 7.2 to 10.2.0 by [@&#8203;aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-python/pull/956](https://redirect.github.com/actions/setup-python/pull/956) ##### Enhancements: - Enhance workflows and documentation updates by [@&#8203;priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/965](https://redirect.github.com/actions/setup-python/pull/965) - Bump default versions to latest by [@&#8203;jeffwidman](https://redirect.github.com/jeffwidman) in [https://github.com/actions/setup-python/pull/905](https://redirect.github.com/actions/setup-python/pull/905) ##### New Contributors - [@&#8203;Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/setup-python/pull/941](https://redirect.github.com/actions/setup-python/pull/941) - [@&#8203;jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/setup-python/pull/963](https://redirect.github.com/actions/setup-python/pull/963) **Full Changelog**: actions/setup-python@v5...v5.3.0 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.5.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) </details> <details> <summary>codecov/codecov-action (codecov/codecov-action)</summary> ### [`v5.1.2`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v512) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.1.1...v5.1.2) ##### What's Changed - fix: update statment by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1726](https://redirect.github.com/codecov/codecov-action/pull/1726) - fix: update action script by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1725](https://redirect.github.com/codecov/codecov-action/pull/1725) - fix: prevent oidc on tokenless due to permissioning by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1724](https://redirect.github.com/codecov/codecov-action/pull/1724) - chore(release): wrapper-0.0.31 by [@&#8203;app/codecov-releaser-app](https://redirect.github.com/app/codecov-releaser-app) in [https://github.com/codecov/codecov-action/pull/1723](https://redirect.github.com/codecov/codecov-action/pull/1723) - Put quotes around `${{ inputs.token }}` in `action.yml` by [@&#8203;jwodder](https://redirect.github.com/jwodder) in [https://github.com/codecov/codecov-action/pull/1721](https://redirect.github.com/codecov/codecov-action/pull/1721) - build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by [@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in [https://github.com/codecov/codecov-action/pull/1722](https://redirect.github.com/codecov/codecov-action/pull/1722) - Remove mistake from options table by [@&#8203;Acconut](https://redirect.github.com/Acconut) in [https://github.com/codecov/codecov-action/pull/1718](https://redirect.github.com/codecov/codecov-action/pull/1718) - build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by [@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in [https://github.com/codecov/codecov-action/pull/1717](https://redirect.github.com/codecov/codecov-action/pull/1717) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2 ### [`v5.1.1`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v511) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.1.0...v5.1.1) ##### What's Changed **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1 ### [`v5.1.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v510) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.7...v5.1.0) ##### What's Changed - fix: hide unnecessary error on shasum by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1692](https://redirect.github.com/codecov/codecov-action/pull/1692) - build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by [@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in [https://github.com/codecov/codecov-action/pull/1701](https://redirect.github.com/codecov/codecov-action/pull/1701) - chore(release): wrapper-0.0.29 by [@&#8203;app/codecov-releaser-app](https://redirect.github.com/app/codecov-releaser-app) in [https://github.com/codecov/codecov-action/pull/1713](https://redirect.github.com/codecov/codecov-action/pull/1713) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0 ### [`v5.0.7`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v507) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.6...v5.0.7) ##### What's Changed - fix: use HEAD_REPO by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1690](https://redirect.github.com/codecov/codecov-action/pull/1690) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7 ### [`v5.0.6`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v506) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.5...v5.0.6) ##### What's Changed - fix: update CODECOV_TOKEN and fix tokenless by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1688](https://redirect.github.com/codecov/codecov-action/pull/1688) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6 ### [`v5.0.5`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v505) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.4...v5.0.5) ##### What's Changed - chore(release): wrapper-0.0.27 by [@&#8203;app/codecov-releaser-app](https://redirect.github.com/app/codecov-releaser-app) in [https://github.com/codecov/codecov-action/pull/1685](https://redirect.github.com/codecov/codecov-action/pull/1685) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.4..v5.0.5 ### [`v5.0.4`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v504) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.3...v5.0.4) ##### What's Changed - chore(deps): bump wrapper to 0.0.26 by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1681](https://redirect.github.com/codecov/codecov-action/pull/1681) - fix: strip out a trailing /n from input tokens by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1679](https://redirect.github.com/codecov/codecov-action/pull/1679) - fix: add action version by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1678](https://redirect.github.com/codecov/codecov-action/pull/1678) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4 ### [`v5.0.3`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v503) [Compare Source](https://redirect.github.com/codecov/codecov-action/compare/v5.0.2...v5.0.3) ##### What's Changed - fix: update OIDC audience by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1675](https://redirect.github.com/codecov/codecov-action/pull/1675) - fix: use double-quotes for OIDC by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1669](https://redirect.github.com/codecov/codecov-action/pull/1669) - fix: prevent always setting tokenless to be true by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1673](https://redirect.github.com/codecov/codecov-action/pull/1673) - fix: update CHANGELOG and automate by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1674](https://redirect.github.com/codecov/codecov-action/pull/1674) - fix: bump to v5 and update README by [@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov) in [https://github.com/codecov/codecov-action/pull/1655](https://redirect.github.com/codecov/codecov-action/pull/1655) - build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by [@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in [https://github.com/codecov/codecov-action/pull/1665](https://redirect.github.com/codecov/codecov-action/pull/1665) - fix: typo in `inputs.disable_safe_directory` by [@&#8203;mkroening](https://redirect.github.com/mkroening) in [https://github.com/codecov/codecov-action/pull/1666](https://redirect.github.com/codecov/codecov-action/pull/1666) **Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.0.2..v5.0.3 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.0`](https://redirect.github.com/github/codeql-action/compare/v3.27.9...v3.28.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.9...v3.28.0) ### [`v3.27.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.8...v3.27.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.9 - 12 Dec 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.9/CHANGELOG.md) for more information. ### [`v3.27.8`](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) ### [`v3.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.6...v3.27.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.7 - 10 Dec 2024 - We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. [#&#8203;2631](https://redirect.github.com/github/codeql-action/pull/2631) - Update default CodeQL bundle version to 2.20.0. [#&#8203;2636](https://redirect.github.com/github/codeql-action/pull/2636) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md) for more information. ### [`v3.27.6`](https://redirect.github.com/github/codeql-action/compare/v3.27.5...v3.27.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.5...v3.27.6) ### [`v3.27.5`](https://redirect.github.com/github/codeql-action/compare/v3.27.4...v3.27.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.4...v3.27.5) </details> <details> <summary>r-lib/actions (r-lib/actions)</summary> ### [`v2.11.1`](https://redirect.github.com/r-lib/actions/compare/v2.11.0...v2.11.1) [Compare Source](https://redirect.github.com/r-lib/actions/compare/v2.11.0...v2.11.1) </details> <details> <summary>ruby/setup-ruby (ruby/setup-ruby)</summary> ### [`v1.204.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.204.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.203.0...v1.204.0) ##### What's Changed - Add ruby-3.4.0-rc1 by [@&#8203;ruby-builder-bot](https://redirect.github.com/ruby-builder-bot) in [https://github.com/ruby/setup-ruby/pull/675](https://redirect.github.com/ruby/setup-ruby/pull/675) **Full Changelog**: ruby/setup-ruby@v1.203.0...v1.204.0 ### [`v1.203.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.203.0) [Compare Source](https://redirect.github.com/ruby/setup-ruby/compare/v1.202.0...v1.203.0) **Full Changelog**: ruby/setup-ruby@v1.202.0...v1.203.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv-scanner).  Co-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -64,7 +64,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
@@ -80,7 +80,7 @@ jobs:
         with:
           persist-credentials: false
       - run: scripts/build_test_images.sh
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/*.tar
@@ -106,7 +106,7 @@ jobs:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,12 +43,12 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       # Update go to the latest version to support minor go versions is go.mod file
       - name: Install Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
@@ -26,12 +26,12 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
       - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
-      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
+      - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
       - name: ghcr-login
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
         with:
diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -86,28 +86,28 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: "!cancelled()"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: ${{ inputs.results-file-name }}
           retention-days: 5
       - name: "Upload old scan json results"
         if: "!cancelled()"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: old-json-results
           path: old-results.json
           retention-days: 5
       - name: "Upload new scan json results"
         if: "!cancelled()"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: new-json-results
           path: new-results.json
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml
@@ -83,14 +83,14 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: "!cancelled()"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: ${{ inputs.results-file-name }}
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: ${{ inputs.results-file-name }}
diff --git a/.github/workflows/prerelease-check.yml b/.github/workflows/prerelease-check.yml
@@ -54,7 +54,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
@@ -70,7 +70,7 @@ jobs:
         with:
           persist-credentials: false
       - run: scripts/build_test_images.sh
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/*.tar
@@ -97,7 +97,7 @@ jobs:
           name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }}
           path: internal/image/fixtures/
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
@@ -117,7 +117,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           check-latest: true
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -60,14 +60,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml
@@ -34,7 +34,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: /tmp/debian-versions-generator-cache.csv
           key: ${{ runner.os }}-
@@ -49,12 +49,12 @@ jobs:
       - run: python3 scripts/generators/generate-debian-versions.py
       - run: git status
       - run: stat debian-db.zip
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-debian-versions
           path: internal/semantic/fixtures/debian-versions-generated.txt
 
-      - uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+      - uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: /tmp/debian-versions-generator-cache.csv
           key: ${{ runner.os }}-${{ hashFiles('debian-db.zip') }}
@@ -64,30 +64,30 @@ jobs:
       contents: read # to fetch code (actions/checkout)
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+      - uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: /tmp/redhat-versions-generator-cache.csv
           key: ${{ runner.os }}-
 
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: "3.10"
       - run: sudo apt install rpm
       - run: rpm --version
       - run: python3 scripts/generators/generate-redhat-versions.py
       - run: git status
       - run: stat redhat-db.zip
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-redhat-versions
           path: internal/semantic/fixtures/redhat-versions-generated.txt
 
-      - uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+      - uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: /tmp/redhat-versions-generator-cache.csv
           key: ${{ runner.os }}-${{ hashFiles('redhat-db.zip') }}
@@ -106,7 +106,7 @@ jobs:
           extensions: zip
       - run: php scripts/generators/generate-packagist-versions.php
       - run: git status
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-packagist-versions
           path: internal/semantic/fixtures/packagist-versions-generated.txt
@@ -126,7 +126,7 @@ jobs:
         run: pip install packaging==21.3
       - run: python3 scripts/generators/generate-pypi-versions.py
       - run: git status
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-pypi-versions
           path: internal/semantic/fixtures/pypi-versions-generated.txt
@@ -139,14 +139,14 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
+      - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
         with:
           ruby-version: "3.1"
       - name: setup dependencies
         run: gem install rubyzip
       - run: ruby scripts/generators/generate-rubygems-versions.rb
       - run: git status
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-rubygems-versions
           path: internal/semantic/fixtures/rubygems-versions-generated.txt
@@ -159,7 +159,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
+      - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
         with:
           java-version: 17
           distribution: oracle
@@ -172,7 +172,7 @@ jobs:
             -o scripts/generators/lib/maven-artifact-3.8.5.jar
       - run: java -cp 'scripts/generators/lib/*' scripts/generators/GenerateMavenVersions.java
       - run: git status
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-maven-versions
           path: internal/semantic/fixtures/maven-versions-generated.txt
@@ -185,12 +185,12 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: r-lib/actions/setup-r@e8c60692f29164895fbcdbebf2fde501a1f7e07f # v2.11.0
+      - uses: r-lib/actions/setup-r@473c68190595b311a74f208fba61a8d8c0d4c247 # v2.11.1
         with:
           r-version: "3.5.3"
       - run: Rscript scripts/generators/generate-cran-versions.R
       - run: git status
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: generated-cran-versions
           path: internal/semantic/fixtures/cran-versions-generated.txt
@@ -212,7 +212,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: stable
           cache: true
diff --git a/.github/workflows/test-action/action.yml b/.github/workflows/test-action/action.yml
@@ -32,7 +32,7 @@ runs:
       # codecov is currently being flakey on macOS
       # https://github.com/codecov/codecov-action/issues/1416
       if: ${{ runner.os != 'macOS' }}
-      uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
+      uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
       with:
         token: ${{ inputs.codecov_token }}
         fail_ci_if_error: true
