chore <hotfix>: package updates and action version increases (#59)

rflinnenbank · web-flow · commit 4334fab3dd2f · 2025-11-09T15:16:17.000+01:00
Signed-off-by: Raoul Linnenbank &lt;58594297+rflinnenbank@users.noreply.github.com&gt;
diff --git a/.github/workflows/gh-pages-deployment.yaml b/.github/workflows/gh-pages-deployment.yaml
@@ -15,12 +15,12 @@ jobs:
   deploy-gh-pages:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Configure Git user
         run: |
           git config user.name github-actions[bot]
           git config user.email 41898282+github-actions[bot]@users.noreply.github.com
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: ${{ env.MAIN_PYTHON_VERSION }}
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
@@ -34,12 +34,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -73,6 +73,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/pr-quality-gate.yaml.yml b/.github/workflows/pr-quality-gate.yaml.yml
@@ -19,7 +19,7 @@ jobs:
     if: ${{ !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       # NOTE: point "uses:" to the DIRECTORY that contains action.yaml
       # If your composite is at ./pre-commit/action.yaml, use "./pre-commit"
       - name: Run pre-commit composite
@@ -35,7 +35,7 @@ jobs:
       matrix:
         python-version: ${{ fromJSON(env.SUPPORTED_PYTHON_VERSIONS) }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run pytest composite
         uses: ./.github/workflows/pytest
         with:
@@ -50,7 +50,7 @@ jobs:
       matrix:
         python-version: ${{ fromJSON(env.SUPPORTED_PYTHON_VERSIONS) }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run pytest composite
         uses: ./.github/workflows/pytest
         with:
@@ -62,7 +62,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ pytest ]        # starts only after pytest completes
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run SonarCloud composite
         uses: ./.github/workflows/sonar
         with:
