Bump the github_actions group with 4 updates (#1614)

dependabot[bot] · web-flow · commit 9d32c3616245 · 2025-12-22T12:14:48.000-05:00
Bumps the github_actions group with 4 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@e468171...8d2750c) Updates `actions/attest-build-provenance` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@977bb37...00014ed) Updates `stefanzweifel/git-auto-commit-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@28e16e8...04702ed) Updates `github/codeql-action` from 4.31.8 to 4.31.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b168cd...5d4e8d1) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions - dependency-name: actions/attest-build-provenance dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github_actions - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github_actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/build-ci-image.yml b/.github/workflows/build-ci-image.yml
@@ -50,7 +50,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # 3.12.0
 
       # Lowercase image name and append -ci
       - name: Generate Image Name
@@ -129,7 +129,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # 3.12.0
 
       # Lowercase image name and append -ci
       - name: Generate Image Name
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -196,7 +196,7 @@ jobs:
           repository-url: https://test.pypi.org/legacy/
 
       - name: Attest
-        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # 3.0.0
+        uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # 3.1.0
         id: attest
         with:
           subject-path: |
diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -109,7 +109,7 @@ jobs:
         run: sudo chown -Rc $UID .git/
 
       - name: Commit and push applied linter fixes
-        uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # 7.0.0
+        uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # 7.1.0
         if: env.APPLY_FIXES_IF_COMMIT == 'true'
         with:
           branch: >-
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -61,6 +61,6 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: ${{ github.event_name == 'schedule' }}
-        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # 4.31.8
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # 4.31.9
         with:
           sarif_file: "trivy-results.sarif"
