From 93f31dd834ad0b7a60698a34080c9aef061ade5a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Oct 2025 19:26:05 +0000
Subject: [PATCH] Bump the actions group in /.github/workflows with 3 updates

Bumps the actions group in /.github/workflows with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `actions/setup-python` from 5.6.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...e797f83bcb11b83ae66e0230d6156d7c80228e7c)

Updates `actions/attest-build-provenance` from 2.4.0 to 3.0.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...977bb373ede98d70efdf65b84cb5f73e068dcc2a)

Updates `zizmorcore/zizmor-action` from 0.1.2 to 0.2.0
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/5ca5fc7a4779c5263a3ffa0e1f693009994446d1...e673c3917a1aef3c65c972347ed84ccd013ecda4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/check.yml   |  2 +-
 .github/workflows/linux.yml   | 10 +++++-----
 .github/workflows/macos.yml   |  4 ++--
 .github/workflows/release.yml |  2 +-
 .github/workflows/windows.yml |  4 ++--
 .github/workflows/zizmor.yml  |  2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index ccf2ab86..5165792e 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -22,7 +22,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.12"
 
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index bcbac1c8..8d05a86f 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -72,7 +72,7 @@ jobs:
           persist-credentials: false
 
       - name: Install Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.11"
 
@@ -223,7 +223,7 @@ jobs:
           persist-credentials: false
 
       - name: Install Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.11"
 
@@ -277,7 +277,7 @@ jobs:
           MATRIX_BUILD_OPTIONS: ${{ matrix.build_options }}
 
       - name: Generate attestations
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         if: ${{ github.ref == 'refs/heads/main' }}
         with:
           subject-path: dist/*
@@ -331,7 +331,7 @@ jobs:
           persist-credentials: false
 
       - name: Install Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.11"
 
@@ -385,7 +385,7 @@ jobs:
           MATRIX_BUILD_OPTIONS: ${{ matrix.build_options }}
 
       - name: Generate attestations
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         if: ${{ github.ref == 'refs/heads/main' }}
         with:
           subject-path: dist/*
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 941b48dd..ed58b3d8 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -129,7 +129,7 @@ jobs:
           persist-credentials: false
 
       - name: Install Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.11"
 
@@ -149,7 +149,7 @@ jobs:
           MATRIX_BUILD_OPTIONS: ${{ matrix.build_options }}
 
       - name: Generate attestations
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         if: ${{ github.ref == 'refs/heads/main' }}
         with:
           subject-path: dist/*
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index be9c3d11..3ec62442 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -91,7 +91,7 @@ jobs:
           GITHUB_EVENT_INPUTS_SHA: ${{ github.event.inputs.sha }}
           GITHUB_EVENT_INPUTS_TAG: ${{ github.event.inputs.tag }}
       - name: Generate attestations
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         if: ${{ github.event.inputs.dry-run == 'false' }}
         with:
           subject-path: |
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index fc8c9886..86d02af7 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -135,7 +135,7 @@ jobs:
           packages: autoconf automake libtool
 
       - name: Install Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: "3.12"
 
@@ -162,7 +162,7 @@ jobs:
           MATRIX_BUILD_OPTIONS: ${{ matrix.build_options }}
 
       - name: Generate attestations
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         if: ${{ github.ref == 'refs/heads/main' }}
         with:
           subject-path: dist/*
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 86011342..f5252e07 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -21,4 +21,4 @@ jobs:
           persist-credentials: false
 
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@5ca5fc7a4779c5263a3ffa0e1f693009994446d1 # v0.1.2
+        uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0