From 1237c7b05e3e6bdc9291a59bbc5aa2e097168f4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Jul 2026 17:39:38 +0000 Subject: [PATCH] build(deps): Bump the github-actions group across 1 directory with 3 updates Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [taiki-e/cache-cargo-install-action](https://github.com/taiki-e/cache-cargo-install-action) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) Updates `taiki-e/cache-cargo-install-action` from 2 to 3 - [Release notes](https://github.com/taiki-e/cache-cargo-install-action/releases) - [Changelog](https://github.com/taiki-e/cache-cargo-install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/cache-cargo-install-action/compare/v2...v3) Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: taiki-e/cache-cargo-install-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/rust-ci.yml | 38 +++++++++++++++++------------------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d336e90..0c08ab3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: name: Pre-commit Checks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: actions/setup-python@v6 diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 99f4a00..589ea89 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -246,7 +246,7 @@ jobs: contents: read if: ${{ inputs.run-pre-commit }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: actions/setup-python@v6 @@ -280,7 +280,7 @@ jobs: CLIPPY_ARGS: ${{ inputs.clippy-args }} ALLOC_FEATURE: ${{ inputs.alloc-feature }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -311,7 +311,7 @@ jobs: env: FEATURE_FLAGS: ${{ inputs.feature-flags }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -335,7 +335,7 @@ jobs: NO_STD_TARGET: ${{ inputs.no-std-target }} ALLOC_FEATURE: ${{ inputs.alloc-feature }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -361,7 +361,7 @@ jobs: FEATURE_FLAGS: ${{ inputs.feature-flags }} UNIT_TEST_FILTER: ${{ inputs.unit-test-filter }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -396,7 +396,7 @@ jobs: PROPERTY_TEST_FILTER: ${{ inputs.property-test-filter }} PROPERTY_TEST_THREADS: ${{ inputs.property-test-threads }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -420,7 +420,7 @@ jobs: contents: read if: ${{ inputs.run-fuzz-tests }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -431,7 +431,7 @@ jobs: workspaces: fuzz # No prebuilt binaries upstream, so build once and cache the binary. - name: Install cargo-fuzz - uses: taiki-e/cache-cargo-install-action@v2 + uses: taiki-e/cache-cargo-install-action@v3 with: tool: cargo-fuzz - name: Build fuzz targets @@ -491,7 +491,7 @@ jobs: || (github.event_name == 'push' && (github.ref_type == 'tag' || github.ref_name == inputs.default-branch))) }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -518,7 +518,7 @@ jobs: env: FEATURE_FLAGS: ${{ inputs.feature-flags }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false # Single-source the MSRV from Cargo.toml's rust-version unless the @@ -558,7 +558,7 @@ jobs: # Only meaningful on PRs (catch breaks before merge) and release tags (final gate) if: ${{ inputs.run-semver-checks && (github.event_name == 'pull_request' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v'))) }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 persist-credentials: false @@ -576,7 +576,7 @@ jobs: contents: read if: ${{ inputs.run-security }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -603,7 +603,7 @@ jobs: runs-on: ubuntu-latest if: ${{ inputs.run-security && inputs.use-audit-check }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - name: Run cargo audit (check run) @@ -623,7 +623,7 @@ jobs: env: FEATURE_FLAGS: ${{ inputs.feature-flags }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -658,7 +658,7 @@ jobs: # release job on tag pushes; this job never needs a registry token. if: ${{ inputs.run-publish-dry-run && github.event_name == 'pull_request' }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -735,7 +735,7 @@ jobs: }} environment: ${{ inputs.publish-environment }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: dtolnay/rust-toolchain@fa04a1451ff1842e2626ccb99004d0195b455a88 # master 2026-07-14 @@ -753,7 +753,7 @@ jobs: cargo publish fi - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: generate_release_notes: ${{ inputs.generate-release-notes }} @@ -798,7 +798,7 @@ jobs: permission-contents: write # release-plz pushes the release tag with the checked-out credentials, # so this checkout intentionally persists them. - - uses: actions/checkout@v6 # zizmor: ignore[artipacked] + - uses: actions/checkout@v7 # zizmor: ignore[artipacked] with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token || secrets.release-plz-token || github.token }} @@ -846,7 +846,7 @@ jobs: permission-pull-requests: write # release-plz pushes the release-pr branch with the checked-out # credentials, so this checkout intentionally persists them. - - uses: actions/checkout@v6 # zizmor: ignore[artipacked] + - uses: actions/checkout@v7 # zizmor: ignore[artipacked] with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token || secrets.release-plz-token || github.token }}