ci: bump action versions, fix persist-credentials

Ran `zizmor swallowjson` to report issues. We do not need subsequent git actions to work against the repo, so do not need to persist credentials. Bump action versions while I'm here.
PennockTech · Jan 3, 2025 · d7048f2 · d7048f2
1 parent 63ca382
commit d7048f2
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/.github/workflows/pushes.yaml b/.github/workflows/pushes.yaml
@@ -28,12 +28,14 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          # security posture improvement:
+          persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go }}
 
@@ -51,7 +53,7 @@ jobs:
         # These are independent of how the matrix is setup, or if a matrix is even used.
 
       - name: Go caches
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # (This bit copied from the actions/setup-go@v2 version)
           # In order: