[CI/CD] Dependabot GHA updates

.github/actions/upload-artifacts/action.yaml

@@ -20,15 +20,15 @@ runs:
         exit 0
 
     - name: Upload Test Reports
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
       with:
         name: test-reports-${{ github.job }}
         path: |
           tests/**/test_reports/**/*.html
           tests/**/test_reports/**/*.xml
 
     - name: Upload Test Logs
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
       with:
         name: test-logs-${{ github.job }}
         path: |

.github/resources/coverity-requirements.txt

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # This file is licensed under Apache 2.0 License.
 
-pip == 26.0
+pip == 26.0.1
 setuptools >= 78.1.1
-wheel == 0.46.2
+wheel == 0.46.3
 pybind11 == 3.0.2

.github/resources/requirements.txt

@@ -2,16 +2,16 @@
 # SPDX-License-Identifier: Apache-2.0
 # This file is licensed under Apache 2.0 License.
 
-pip == 26.0
+pip == 26.0.1
 pytest == 9.0.1
 numpy == 2.2.6
-selenium == 4.40.0
+selenium == 4.41.0
 selenium-wire == 5.1.0
 blinker == 1.9.0
 pyvirtualdisplay == 3.0
 opencv-python == 4.13.0.92
 setuptools >= 78.1.1
-xmltodict == 1.0.3
+xmltodict == 1.0.4
 PyYAML >=6.0.1,<7.0
-pylint [spelling] == 4.0.4
+pylint [spelling] == 4.0.5
 flake8 == 7.3.0

.github/workflows/clamav.yml

@@ -50,7 +50,7 @@ jobs:
           project-folder: .
       - name: Upload ClamAV Scan Report
         if: always()
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ env.CLAMAV_ARTIFACT_NAME }}
           path: ${{ env.SANITIZED_CLAMAV_REPORT_PATH }}

.github/workflows/codeql.yml

@@ -90,14 +90,14 @@ jobs:
           persist-credentials: false
 
       - name: "Initialize CodeQL build mode"
-        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           languages: ${{ matrix.language }}
           build-mode: none
           source-root: .
 
       - name: "Perform CodeQL analysis"
-        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           category: "/language:${{matrix.language}}"
 
@@ -109,7 +109,7 @@ jobs:
           outputDir: codeql-report-${{ matrix.language }}
 
       - name: "GitHub Upload Release Artifacts"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: codeql-report-${{ matrix.language }}
           path: ./codeql-report-${{ matrix.language }}/report.pdf
@@ -132,16 +132,16 @@ jobs:
           persist-credentials: false
 
       - name: "Initialize CodeQL"
-        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           languages: ${{ matrix.language }}
           dependency-caching: true
 
       - name: "Autobuild"
-        uses: github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
 
       - name: "Perform CodeQL Analysis"
-        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           category: "/language:${{ matrix.language }}"
 
@@ -153,7 +153,7 @@ jobs:
           outputDir: codeql-report-${{ matrix.language }}
 
       - name: "GitHub Upload Release Artifacts"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: codeql-report-${{ matrix.language }}
           path: ./codeql-report-${{ matrix.language }}/report.pdf

.github/workflows/coverity.yml

@@ -111,7 +111,7 @@ jobs:
                https://scan.coverity.com/builds?project=${{ secrets.COVERITY_PROJECT }}
 
       - name: Upload coverity results
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: coverity-results-${{ github.run_id }}
           path: ./scenescape-coverity.tgz

.github/workflows/gitleaks.yml

@@ -58,7 +58,7 @@ jobs:
           gitleaks dir . -v -c ci/.gitleaks.toml --baseline-path ci/gitleaks_baselines/gitleaks.json -r gitleaks.json
       - name: Upload Gitleaks Report
         if: always()
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: gitleaks-report
           path: gitleaks.json

.github/workflows/scorecard.yml

@@ -55,11 +55,11 @@ jobs:
           repo_token: ${{ secrets.SYS_EMF_GH_TOKEN }}
           publish_results: true
       - name: "Upload Scorecard Results"
-        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           sarif_file: scorecard-results.sarif
       - name: "Upload Scorecard Results"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: scorecard-results
           path: scorecard-results.sarif

.github/workflows/tracker-service.yaml

@@ -171,7 +171,7 @@ jobs:
         run: make -C tracker test-unit-coverage
 
       - name: "Upload coverage reports"
-        uses: actions/upload-artifact@ef09cdac3e2d3e60d8ccadda691f4f1cec5035cb # v4.5.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: coverage-reports
           path: |

.github/workflows/trivy.yml

@@ -94,7 +94,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Trivy Critical Filesystem Scan
-        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0
+        uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1
         with:
           version: "v0.69.2"
           scan-type: "fs"

.github/workflows/zizmor.yml

@@ -47,7 +47,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Run Zizmor scan"
-        uses: open-edge-platform/geti-ci/actions/zizmor@3a4b81ea648711eb638b34757427cd3ef71d19f1
+        uses: open-edge-platform/geti-ci/actions/zizmor@4d46c7fb444d8fae6390348e76d96bb0749c5632
         with:
           scan-scope: ${{ contains(fromJSON('["pull_request","merge_group"]'), github.event_name) && 'changed' || 'all' }}
           severity-level: ${{ contains(fromJSON('["pull_request","merge_group"]'), github.event_name) && 'HIGH' || 'LOW' }}

tests/perf_tests/compose/docker-compose-inference_performance.yml

@@ -51,7 +51,7 @@ services:
     init: true
 
   mediaserver:
-    image: bluenviron/mediamtx:1.16.1
+    image: bluenviron/mediamtx:1.16.3
     networks:
       scenescape-test:
         aliases:

tools/ppl_runner/docker-compose-ppl.yaml

@@ -17,7 +17,7 @@ secrets:
 
 services:
   mediaserver:
-    image: bluenviron/mediamtx:1.16.1
+    image: bluenviron/mediamtx:1.16.3
     profiles:
       - rtsp
     networks: