Bump the github-actions group across 1 directory with 2 updates

Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action). Updates `github/codeql-action` from 3.30.6 to 4.30.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](64d10c1313...f443b600d9) Updates `stefanzweifel/git-auto-commit-action` from 6.0.1 to 7.0.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](778341af66...28e16e8177) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.30.8 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
2025-10-16 22:38:36 +08:00 · 2025-10-13 23:15:12 +00:00 · 2025-10-13 23:15:12 +00:00 · bcb3d5ee5d
commit bcb3d5ee5d
parent 6a96db5a3f
3 changed files with 4 additions and 4 deletions
--- a/.github/workflows/ci-codeql.yml
+++ b/.github/workflows/ci-codeql.yml
@ -35,7 +35,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+      uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
      with:
        languages: ${{ matrix.language }}
        config: |
@ -43,4 +43,4 @@ jobs:
          - sources/src

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+      uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
--- a/.github/workflows/ci-ossf-scorecard.yml
+++ b/.github/workflows/ci-ossf-scorecard.yml
@ -52,6 +52,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+        uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
        with:
          sarif_file: results.sarif
--- a/.github/workflows/ci-update-dist.yml
+++ b/.github/workflows/ci-update-dist.yml
@ -66,7 +66,7 @@ jobs:
    # Important: The push event will not trigger any other workflows, see
    # https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
    - name: Commit & push changes
-      uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+      uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
      with:
        commit_author: bot-githubaction <bot-githubaction@gradle.com>
        commit_user_name: bot-githubaction