From 80aa37b9c5de2a9d185b029cc97952a17ec78d18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 30 May 2024 11:55:18 +1000
Subject: [PATCH] chore(deps): bump the all-actions group with 4 updates (#96)

* chore(deps): bump the all-actions group with 4 updates

Bumps the all-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-python](https://github.com/actions/setup-python), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `actions/checkout` from 3.5.3 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...a5ac7e51b41094c92402da3b24376905380afc29)

Updates `actions/setup-python` from 4.7.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/61a6322f88396a6271a6ee3565807d608ecaddd1...82c7e631bb3cdc910f68e0081d67478d79c6982d)

Updates `codecov/codecov-action` from 2.1.0 to 4.4.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/f32b3a3741e1053eb607407145bc9619351dc93b...125fc84a9a348dbcf27191600683ec096ec9021c)

Updates `pypa/gh-action-pypi-publish` from 1.8.8 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/f8c70e705ffc13c3b4d1221169b84f12a75d6ca8...81e9d935c883d0b210363ab89cf05f3894778450)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(actions): add semver to github actions

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Leon Hazen <leon.hazen@stax.io>
---
 .github/workflows/build.yml  | 9 +++------
 .github/workflows/deploy.yml | 8 ++++----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f777cba..91fd933 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -12,9 +12,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
       - name: Setup Python 3.9
-        uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
         with:
           python-version: '3.9'
       - name: Install dependencies
@@ -22,10 +22,7 @@ jobs:
       - name: Run tests
         run: make test
       - name: Upload coverage to Codecov 📝
-        # https://github.com/codecov/codecov-action codecov/2.1.0
-        # Pinned this to a git sha as per recommendations in GitHub actions hardening guide.
-        # see https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: "codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b"
+        uses: "codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c" # 4.4.1
         with:
           fail_ci_if_error: true
           files: ./coverage-reports/coverage-report.xml
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index e0b75ff..9d629ed 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
       - name: Setup Python 3.9
-        uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
         with:
           python-version: '3.9'
       - name: Install dependencies
@@ -24,12 +24,12 @@ jobs:
           pipenv run python setup.py sdist bdist_wheel
       - name: Publish distribution 📦 to Test PyPI
         if: github.event.release.prerelease == true
-        uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # 1.8.14
         with:
           password: ${{ secrets.TEST_PYPI_PASSWORD }}
           repository_url: https://test.pypi.org/legacy/
       - name: Publish distribution 📦 to PyPI
         if: github.event.release.prerelease != true
-        uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # 1.8.14
         with:
           password: ${{ secrets.PYPI_PASSWORD }}