Bump the github-dependencies group with 4 updates (#562)

Bumps the github-dependencies group with 4 updates: [actions/download-artifact](https://github.com/actions/download-artifact), [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact), [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/download-artifact` from 4.1.2 to 4.1.3 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@eaceaf8...87c5514) Updates `actions/upload-pages-artifact` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@0252fc4...56afc60) Updates `peter-evans/create-pull-request` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@b1ddad2...a4f52f8) Updates `github/codeql-action` from 3.24.0 to 3.24.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e8893c5...8a470fd) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: actions/upload-pages-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pierre-Louis <[email protected]>
material-foundation · Mar 1, 2024 · 07c6bbc · 07c6bbc
1 parent ab8f361
commit 07c6bbc
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/.github/workflows/deploy_github_pages.yml b/.github/workflows/deploy_github_pages.yml
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all web builds
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3
 
       - name: Upload pages artifact
-        uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: '.'
 

diff --git a/.github/workflows/google_fonts_update.yml b/.github/workflows/google_fonts_update.yml
@@ -52,7 +52,7 @@ jobs:
         shell: bash
         if: steps.get_families_diff.outputs.result == ''
 
-      - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
+      - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1
         with:
           token: ${{ secrets.MATERIAL_ROBOT_TOKEN }}
           committer: material-robot <[email protected]>

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
+        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           sarif_file: results.sarif