From 07c6bbc2c1fa66d11dc4fbff34891378d885d052 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Mar 2024 13:10:43 +0100
Subject: [PATCH] Bump the github-dependencies group with 4 updates (#562)

Bumps the github-dependencies group with 4 updates: [actions/download-artifact](https://github.com/actions/download-artifact), [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact), [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/download-artifact` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/eaceaf801fd36c7dee90939fad912460b18a1ffe...87c55149d96e628cc2ef7e6fc2aab372015aec85)

Updates `actions/upload-pages-artifact` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/0252fc4ba7626f0298f0cf00902a25c6afc77fa8...56afc609e74202658d3ffba0e8f6dda462b719fa)

Updates `peter-evans/create-pull-request` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/b1ddad2c994a25fbc81a28b3ec0e368bb2021c50...a4f52f8033a6168103c2538976c07b467e8163bc)

Updates `github/codeql-action` from 3.24.0 to 3.24.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e8893c57a1f3a2b659b6b55564fdfdbbd2982911...8a470fddafa5cbb6266ee11b37ef4d8aae19c571)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: actions/upload-pages-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pierre-Louis <6655696+guidezpl@users.noreply.github.com>
---
 .github/workflows/deploy_github_pages.yml | 4 ++--
 .github/workflows/google_fonts_update.yml | 2 +-
 .github/workflows/scorecard.yml           | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy_github_pages.yml b/.github/workflows/deploy_github_pages.yml
index 2dbb68af..aa294c64 100644
--- a/.github/workflows/deploy_github_pages.yml
+++ b/.github/workflows/deploy_github_pages.yml
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all web builds
-        uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
+        uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3
 
       - name: Upload pages artifact
-        uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: '.'
 
diff --git a/.github/workflows/google_fonts_update.yml b/.github/workflows/google_fonts_update.yml
index 9f7d7a2a..886f7def 100644
--- a/.github/workflows/google_fonts_update.yml
+++ b/.github/workflows/google_fonts_update.yml
@@ -52,7 +52,7 @@ jobs:
         shell: bash
         if: steps.get_families_diff.outputs.result == ''
 
-      - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
+      - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1
         with:
           token: ${{ secrets.MATERIAL_ROBOT_TOKEN }}
           committer: material-robot <featherless+materialrobot@google.com>
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e65deeaf..50e57b53 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
+        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           sarif_file: results.sarif