chore(deps): bump the github-actions-updates group with 7 updates (#95)

dependabot[bot] · web-flow · commit c10abcb189d8 · 2026-04-14T03:36:02.000-07:00
Bumps the github-actions-updates group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `930440c6817aa426f625c392392d41129b016a7a` | `5e19c1aa7acd2e02c5110eaf77eacd29039cca28` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` | Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...bcafcac) Updates `aws-actions/configure-aws-credentials` from 930440c6817aa426f625c392392d41129b016a7a to 5e19c1aa7acd2e02c5110eaf77eacd29039cca28 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@930440c...5e19c1a) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@ed59741...3a2844b) Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@153bb8e...b430933) Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@c0f553f...5f6978f) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-updates - dependency-name: aws-actions/configure-aws-credentials dependency-version: 5e19c1aa7acd2e02c5110eaf77eacd29039cca28 dependency-type: direct:production dependency-group: github-actions-updates - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-updates - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/api-docs-pages.yml b/.github/workflows/api-docs-pages.yml
@@ -109,7 +109,7 @@ jobs:
 
       - name: Upload Pages artifact
         if: steps.pages_check.outputs.enabled == 'true'
-        uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
         with:
           path: .pages-site
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -81,7 +81,7 @@ jobs:
     # reviewable even when code-scanning API access is limited.
     - name: Upload CodeQL SARIF results
       if: always()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
       with:
         name: codeql-sarif-${{ matrix.language }}
         path: results/*.sarif
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -125,7 +125,7 @@ jobs:
             type=raw,value=latest,enable={{is_default_branch}}
       
       - name: Build and push Docker image
-        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
         with:
           context: .
           file: ./Dockerfile
@@ -441,7 +441,7 @@ jobs:
 
       - name: Configure AWS Credentials
         if: steps.phase3d_inputs.outputs.ready == 'true'
-        uses: aws-actions/configure-aws-credentials@930440c6817aa426f625c392392d41129b016a7a
+        uses: aws-actions/configure-aws-credentials@5e19c1aa7acd2e02c5110eaf77eacd29039cca28
         with:
           role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_REGION }}
@@ -493,7 +493,7 @@ jobs:
 
       - name: Configure AWS Credentials
         if: steps.cdn_inputs.outputs.ready == 'true'
-        uses: aws-actions/configure-aws-credentials@930440c6817aa426f625c392392d41129b016a7a
+        uses: aws-actions/configure-aws-credentials@5e19c1aa7acd2e02c5110eaf77eacd29039cca28
         with:
           role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_REGION }}
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -37,7 +37,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and Push Backend
-        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
         with:
           context: .
           file: ./Dockerfile
diff --git a/.github/workflows/fedavg-benchmark-compare.yml b/.github/workflows/fedavg-benchmark-compare.yml
@@ -55,7 +55,7 @@ jobs:
 
       - name: Upload FedAvg benchmark report
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4
         with:
           name: fedavg-benchmark-report
           path: results/metrics/fedavg_benchmark_compare.md
diff --git a/.github/workflows/full-validation-pr-gate.yml b/.github/workflows/full-validation-pr-gate.yml
@@ -61,7 +61,7 @@ jobs:
 
       - name: Upload full validation artifacts
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: full-validation-pr-${{ github.run_id }}
           path: test-results/full-validation
diff --git a/.github/workflows/full-validation-scheduled-deep.yml b/.github/workflows/full-validation-scheduled-deep.yml
@@ -57,7 +57,7 @@ jobs:
 
       - name: Upload deep validation artifacts
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: full-validation-deep-${{ github.run_id }}
           path: test-results/full-validation
diff --git a/.github/workflows/phase3d-production-deploy.yml b/.github/workflows/phase3d-production-deploy.yml
@@ -40,7 +40,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@930440c6817aa426f625c392392d41129b016a7a
+        uses: aws-actions/configure-aws-credentials@5e19c1aa7acd2e02c5110eaf77eacd29039cca28
         with:
           role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_REGION }}
diff --git a/.github/workflows/sdk-channels.yml b/.github/workflows/sdk-channels.yml
@@ -82,7 +82,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Create deployment
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
         with:
           script: |
             const deployment = await github.rest.repos.createDeployment({
@@ -105,7 +105,7 @@ jobs:
 
       - name: Comment on commit
         if: success()
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
         with:
           script: |
             github.rest.issues.createComment({
diff --git a/.github/workflows/sdk-provenance.yml b/.github/workflows/sdk-provenance.yml
@@ -101,7 +101,7 @@ jobs:
           cat /tmp/provenance.json
 
       - name: Upload provenance as artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: provenance-record
           path: /tmp/provenance.json
@@ -165,7 +165,7 @@ jobs:
           cat /tmp/slsa-report.md
 
       - name: Upload SLSA report
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: slsa-compliance
           path: /tmp/slsa-report.md
diff --git a/.github/workflows/sdk-publish.yml b/.github/workflows/sdk-publish.yml
@@ -112,7 +112,7 @@ jobs:
         run: bash scripts/generate-release-notes.sh ${{ steps.version.outputs.sdk_version }} | tee /tmp/release-notes.md
       - name: Create GitHub Release with SBOM
         if: steps.npm_token.outputs.present == 'true' && github.event_name == 'push'
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
         with:
           tag_name: v${{ steps.version.outputs.sdk_version }}
           name: v${{ steps.version.outputs.sdk_version }}
diff --git a/.github/workflows/sdk-security.yml b/.github/workflows/sdk-security.yml
@@ -235,7 +235,7 @@ jobs:
           cat /tmp/security-report.md
 
       - name: Upload security report
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: security-scan-report
           path: /tmp/security-report.md
diff --git a/.github/workflows/sdk-version.yml b/.github/workflows/sdk-version.yml
@@ -82,7 +82,7 @@ jobs:
         if: success()
         id: create_pr
         continue-on-error: true
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1
         with:
           commit-message: 'chore(release): Sovereign Map SDK v${{ steps.version.outputs.core_version }}'
           title: 'chore(release): Sovereign Map SDK v${{ steps.version.outputs.core_version }}'
diff --git a/.github/workflows/security-supply-chain.yml b/.github/workflows/security-supply-chain.yml
@@ -43,7 +43,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       - name: Upload SBOM artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: sbom-backend-cdx
           path: sbom-backend.cdx.json
diff --git a/.github/workflows/test-artifacts-review.yml b/.github/workflows/test-artifacts-review.yml
@@ -47,7 +47,7 @@ jobs:
           python tests/scripts/python/generate-byzantine-test-suite-plots.py
 
       - name: Upload stress suite plot artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4
         with:
           name: stress-suite-plots-${{ github.run_id }}
           if-no-files-found: error
@@ -84,7 +84,7 @@ jobs:
           } > test-artifact-manifest.md
 
       - name: Upload test artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4
         with:
           name: npu-and-stress-test-artifacts-${{ github.run_id }}
           if-no-files-found: warn
diff --git a/.github/workflows/windows-client-exe.yml b/.github/workflows/windows-client-exe.yml
@@ -41,7 +41,7 @@ jobs:
           powershell -ExecutionPolicy Bypass -File windows/build_windows_client_exe.ps1 -OneDir
 
       - name: Upload Windows client artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
         with:
           name: sovereignmap-windows-client-exe
           path: |
