From eb2c7a841050ccc382bcca3ac6fa1bb7725a5b9c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 13:12:24 -0400
Subject: [PATCH] build(deps): bump the github-actions group across 1 directory
 with 5 updates (#133)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.7` |
`4.2.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`3.25.15` | `3.26.9` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.0.3`
| `4.0.4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `4.3.4` | `4.4.0` |
|
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
| `1.10.3` | `1.11.0` |


Updates `actions/checkout` from 4.1.7 to 4.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependabot updates in <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>
&amp; <a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yasonk"><code>@​yasonk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li>
<li><a href="https://github.com/lucacome"><code>@​lucacome</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho"><code>@​dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436">Update to
node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark
test scripts with Bash'isms to be run via Bash</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/d632683dd7b4114ad314bca15554477dd762a938"><code>d632683</code></a>
Prepare 4.2.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/1878">#1878</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/6d193bf28034eafb982f37bd894289fe649468fc"><code>6d193bf</code></a>
Bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/1777">#1777</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/db0cee9a514becbbd4a101a5fbbbf47865ee316c"><code>db0cee9</code></a>
Bump the minor-npm-dependencies group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/1872">#1872</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/b6849436894e144dbce29d7d7fda2ae3bf9d8365"><code>b684943</code></a>
Add Ref and Commit outputs (<a
href="https://redirect.github.com/actions/checkout/issues/1180">#1180</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/2d7d9f7ff5b310f983d059b68785b3c74d8b8edd"><code>2d7d9f7</code></a>
Provide explanation for where user email came from (<a
href="https://redirect.github.com/actions/checkout/issues/1869">#1869</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9a9194f87191a7e9055e3e9b95b8cfb13023bb08"><code>9a9194f</code></a>
Bump docker/build-push-action from 5.3.0 to 6.5.0 (<a
href="https://redirect.github.com/actions/checkout/issues/1832">#1832</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/dd960bd3c3f080561a1810e32349ac211ecec7d4"><code>dd960bd</code></a>
Bump docker/login-action in the minor-actions-dependencies group (<a
href="https://redirect.github.com/actions/checkout/issues/1831">#1831</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3.25.15 to 3.26.9
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/461ef6c76dfe95d5c364de2f431ddbd31a417628"><code>461ef6c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2503">#2503</a>
from github/update-v3.26.9-f861efb2b</li>
<li><a
href="https://github.com/github/codeql-action/commit/00b1146c45021691af6c1c3c45e04d65d3c3f1e8"><code>00b1146</code></a>
Update changelog for v3.26.9</li>
<li><a
href="https://github.com/github/codeql-action/commit/f861efb2b37e018668a6943ba7b408a7083627cc"><code>f861efb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2498">#2498</a>
from github/dependabot/npm_and_yarn/npm-9874b37b58</li>
<li><a
href="https://github.com/github/codeql-action/commit/426821d8037e3b86d3806660c6b0c3926f8e95a3"><code>426821d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2485">#2485</a>
from github/dependabot/github_actions/actions-a88a8c...</li>
<li><a
href="https://github.com/github/codeql-action/commit/07e813397109ab65b7a34b35817b7d6e7c744249"><code>07e8133</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2501">#2501</a>
from github/henrymercer/missing-autobuild-config-error</li>
<li><a
href="https://github.com/github/codeql-action/commit/e0a151e64e041db2626a774166ee4f18cfaa921e"><code>e0a151e</code></a>
Fix inconsistency in autobuild error tracking</li>
<li><a
href="https://github.com/github/codeql-action/commit/6b0ce4e2741238edebdaf9eda41eff6a31d1442f"><code>6b0ce4e</code></a>
revert eslint-plugin-import to 2.29.1</li>
<li><a
href="https://github.com/github/codeql-action/commit/07fd497921a761793bd5e42363cdf4a271604343"><code>07fd497</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-a88a8c5a24</li>
<li><a
href="https://github.com/github/codeql-action/commit/2cddcb1990ab3bcd0bc078d26775b026e5100f43"><code>2cddcb1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2499">#2499</a>
from github/aeisenberg/no-upload-sarif</li>
<li><a
href="https://github.com/github/codeql-action/commit/6225a95822b60309e4b8d0ef4c2be093e584d203"><code>6225a95</code></a>
Don't upload during cancelled jobs</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...461ef6c76dfe95d5c364de2f431ddbd31a417628">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/setup-node` from 4.0.3 to 4.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1125">actions/setup-node#1125</a></li>
<li>Enhance Windows ARM64 Setup and Update micromatch Dependency by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1126">actions/setup-node#1126</a></li>
</ul>
<h3>Documentation changes:</h3>
<ul>
<li>Documentation update in the README file by <a
href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1106">actions/setup-node#1106</a></li>
<li>Correct invalid 'lts' version string reference by <a
href="https://github.com/fulldecent"><code>@​fulldecent</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1124">actions/setup-node#1124</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/suyashgaonkar"><code>@​suyashgaonkar</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1106">actions/setup-node#1106</a></li>
<li><a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1126">actions/setup-node#1126</a></li>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1125">actions/setup-node#1125</a></li>
<li><a
href="https://github.com/fulldecent"><code>@​fulldecent</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1124">actions/setup-node#1124</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v4.0.4">https://github.com/actions/setup-node/compare/v4...v4.0.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-node/commit/0a44ba7841725637a19e28fa30b79a866c81b0a6"><code>0a44ba7</code></a>
Correct version string (<a
href="https://redirect.github.com/actions/setup-node/issues/1124">#1124</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/97ca147735c170fb35096b39ef17a0fc5d9270ac"><code>97ca147</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-node/issues/1125">#1125</a>
from actions/add-is-release-workflow</li>
<li><a
href="https://github.com/actions/setup-node/commit/aa363ded8fefb1e43b7a6cb669a222a98c09eb57"><code>aa363de</code></a>
Create publish-immutable-action.yml</li>
<li><a
href="https://github.com/actions/setup-node/commit/1c7b2db92075f828bee89d7e19d33a911d15e7b3"><code>1c7b2db</code></a>
Fix: windows arm64 setup (<a
href="https://redirect.github.com/actions/setup-node/issues/1126">#1126</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/26961cf329f22f6837d5f54c3efd76b480300ace"><code>26961cf</code></a>
Documentation update in the README file (<a
href="https://redirect.github.com/actions/setup-node/issues/1106">#1106</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-node/compare/1e60f620b9541d16bece96c5465dc8ee9832be0b...0a44ba7841725637a19e28fa30b79a866c81b0a6">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 4.3.4 to 4.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<h2>Notice: Breaking Changes :warning:</h2>
<p>We will no longer include hidden files and folders by default in the
<code>upload-artifact</code> action of this version. This reduces the
risk that credentials are accidentally uploaded into artifacts.
Customers who need to continue to upload these files can use a new
option, <code>include-hidden-files</code>, to continue to do so.</p>
<p>See <a
href="https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/">&quot;Notice
of upcoming deprecations and breaking changes in GitHub Actions
runners&quot;</a> changelog and <a
href="https://redirect.github.com/actions/upload-artifact/issues/602">this
issue</a> for more details.</p>
<h2>What's Changed</h2>
<ul>
<li>Exclude hidden files by default by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/598">actions/upload-artifact#598</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0">https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0</a></p>
<h2>v4.3.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert to <code>@​actions/artifact</code> 2.1.8 by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/594">actions/upload-artifact#594</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.3.6">https://github.com/actions/upload-artifact/compare/v4...v4.3.6</a></p>
<h2>v4.3.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/artifact</code> to v2.1.9 by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/588">actions/upload-artifact#588</a>
<ul>
<li>Fixed artifact upload chunk timeout logic <a
href="https://redirect.github.com/actions/toolkit/pull/1774">#1774</a></li>
<li>Use lazy stream to prevent issues with open file limits <a
href="https://redirect.github.com/actions/toolkit/pull/1771">#1771</a></li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5">https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/50769540e7f4bd5e21e526ee35c689e35e0d6874"><code>5076954</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/598">#598</a>
from actions/joshmgross/exclude-hidden-files</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/d52396ac5d312b1bda1b9fe2ae55d862c65abd68"><code>d52396a</code></a>
Add a warning about enabling <code>include-hidden-files</code></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/710f36207581d49e465ccbed3e007c317290fe11"><code>710f362</code></a>
Remove &quot;merged&quot; from <code>include-hidden-files</code> input
description</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/3b315f26f6f828f74089e1863e67e60e48e37563"><code>3b315f2</code></a>
<code>npm run release</code> again 🙂</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/3be2180eb79b56341b1b127ca06a5adba2a5a3e4"><code>3be2180</code></a>
Remove another trailing comma</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/453e8d0a40444939146df5febed0b1221b9dd073"><code>453e8d0</code></a>
Update glob license</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/0a398c14804ead69f18a166f0a99f91239261ee5"><code>0a398c1</code></a>
<code>npm run release</code></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/a0c40cf60283f329afac2bc0fa77f1a59fa11e6e"><code>a0c40cf</code></a>
Update to latest <code>@actions/glob</code> and fix tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/acb59e47763b6e601a344d04cf3c082ee336b709"><code>acb59e4</code></a>
<code>lint</code></li>
<li><a
href="https://github.com/actions/upload-artifact/commit/cb6558bb10fe4afe4054d0be4b3136e673eb5e7f"><code>cb6558b</code></a>
Exclude hidden files by default</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/0b2256b8c012f0828dc542b3febcab082c67f72b...50769540e7f4bd5e21e526ee35c689e35e0d6874">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/create-github-app-token` from 1.10.3 to 1.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v1.11.0</h2>
<h2>What's Changed</h2>
<h3>Features</h3>
<ul>
<li>Allow repositories input to be comma or newline-separated by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/actions/create-github-app-token/pull/169">actions/create-github-app-token#169</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/169">actions/create-github-app-token#169</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0">https://github.com/actions/create-github-app-token/compare/v1.10.4...v1.11.0</a></p>
<h2>v1.10.4</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump the development-dependencies group with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/150">actions/create-github-app-token#150</a></li>
<li>docs(README): fix the <code>git committer string</code> and
<code>Configure git CLI</code> examples by <a
href="https://github.com/maboloshi"><code>@​maboloshi</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/151">actions/create-github-app-token#151</a></li>
<li>docs(readme): document how a Base64 private key could be decoded by
<a href="https://github.com/vleon1a"><code>@​vleon1a</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/155">actions/create-github-app-token#155</a></li>
<li>test: fix test file extensions and inputs for repositories by <a
href="https://github.com/parkerbxyz"><code>@​parkerbxyz</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/161">actions/create-github-app-token#161</a></li>
<li>build(deps-dev): bump the development-dependencies group across 1
directory with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/167">actions/create-github-app-token#167</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>bump the production-dependencies group across 1 directory with 3
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/166">actions/create-github-app-token#166</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vleon1a"><code>@​vleon1a</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/create-github-app-token/pull/155">actions/create-github-app-token#155</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4">https://github.com/actions/create-github-app-token/compare/v1.10.3...v1.10.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/5d869da34e18e7287c1daad50e0b8ea0f506ce69"><code>5d869da</code></a>
build(release): 1.11.0 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/796b88dc585016182c9da7fa3e5dfe98e0a9b19f"><code>796b88d</code></a>
feat: allow repositories input to be comma or newline-separated (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/169">#169</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/3378cda945da322a8db4b193e19d46352ebe2de5"><code>3378cda</code></a>
build(release): 1.10.4 [skip ci]</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/e177c20e0f736e68f4a37ffee6aa32c73da13988"><code>e177c20</code></a>
fix(deps): bump the production-dependencies group across 1 directory
with 3 u...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/961c2284dca935f5bd10e0044b3986c3df64595d"><code>961c228</code></a>
build(deps-dev): bump the development-dependencies group across 1
directory w...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/15db0371dad2d605879bcac268eeaeafcf23a859"><code>15db037</code></a>
test: fix test file extensions and inputs for repositories (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/161">#161</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/9ccc6dbd71f2a82bbf749c2d2288eebba653eae6"><code>9ccc6db</code></a>
ci(test): add <code>workflow_dispatch</code> trigger</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/000e2a0d29976e250bb49dade8bddb037c5187c5"><code>000e2a0</code></a>
docs(readme): document how a Base64 private key could be decoded (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/155">#155</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/d0ac2addd11ed098fdfa86566abc8d715759aaa9"><code>d0ac2ad</code></a>
docs(README): fix the <code>git committer string</code> and
<code>Configure git CLI</code> examples...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/040c2598aacc31cdff32d3527b574e70a22707f8"><code>040c259</code></a>
build(deps-dev): bump the development-dependencies group with 4 updates
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/150">#150</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/create-github-app-token/compare/31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4...5d869da34e18e7287c1daad50e0b8ea0f506ce69">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/check-exec.yaml         | 2 +-
 .github/workflows/check-helpers.yaml      | 2 +-
 .github/workflows/check-kubernetes.yaml   | 2 +-
 .github/workflows/check-oci.yaml          | 2 +-
 .github/workflows/codeql.yaml             | 6 +++---
 .github/workflows/commitlint.yaml         | 4 ++--
 .github/workflows/dependency-review.yml   | 2 +-
 .github/workflows/lint.yaml               | 2 +-
 .github/workflows/openssf.yaml            | 6 +++---
 .github/workflows/release-exec.yaml       | 6 +++---
 .github/workflows/release-helpers.yaml    | 6 +++---
 .github/workflows/release-kubernetes.yaml | 6 +++---
 .github/workflows/release-oci.yaml        | 6 +++---
 .github/workflows/scan-cves.yaml          | 2 +-
 .github/workflows/test-unit.yaml          | 2 +-
 15 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/check-exec.yaml b/.github/workflows/check-exec.yaml
index 5a6990c..638178d 100644
--- a/.github/workflows/check-exec.yaml
+++ b/.github/workflows/check-exec.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/check-helpers.yaml b/.github/workflows/check-helpers.yaml
index b8efa09..8c25319 100644
--- a/.github/workflows/check-helpers.yaml
+++ b/.github/workflows/check-helpers.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/check-kubernetes.yaml b/.github/workflows/check-kubernetes.yaml
index 3577a7f..4f4966d 100644
--- a/.github/workflows/check-kubernetes.yaml
+++ b/.github/workflows/check-kubernetes.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/check-oci.yaml b/.github/workflows/check-oci.yaml
index 13bee31..2692019 100644
--- a/.github/workflows/check-oci.yaml
+++ b/.github/workflows/check-oci.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index e444e49..563f969 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -28,13 +28,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Install tools
         uses: ./.github/actions/install-tools
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           languages: go
           config-file: ./.github/codeql.yaml
@@ -42,6 +42,6 @@ jobs:
       - run: make build
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           category: "/language:go"
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index a540ffb..8e2c288 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -16,12 +16,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
       - name: Setup Node.js
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
 
       - name: Install commitlint
         run: npm install --save-dev @commitlint/{config-conventional,cli}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index f86aae4..41da472 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -9,6 +9,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
       - name: Dependency Review
         uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 976a9fe..40c4e30 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Install tools
         uses: ./.github/actions/install-tools
diff --git a/.github/workflows/openssf.yaml b/.github/workflows/openssf.yaml
index f380b49..7f92d3d 100644
--- a/.github/workflows/openssf.yaml
+++ b/.github/workflows/openssf.yaml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           persist-credentials: false
 
@@ -47,13 +47,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/release-exec.yaml b/.github/workflows/release-exec.yaml
index e33de78..17dd155 100644
--- a/.github/workflows/release-exec.yaml
+++ b/.github/workflows/release-exec.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -34,7 +34,7 @@ jobs:
     environment: release
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Get pkg app token
         id: pkg-app-token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ vars.PKG_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.PKG_WORKFLOW_GITHUB_APP_SECRET }}
diff --git a/.github/workflows/release-helpers.yaml b/.github/workflows/release-helpers.yaml
index adf97d8..872d5e8 100644
--- a/.github/workflows/release-helpers.yaml
+++ b/.github/workflows/release-helpers.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -34,7 +34,7 @@ jobs:
     environment: release
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Get pkg app token
         id: pkg-app-token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ vars.PKG_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.PKG_WORKFLOW_GITHUB_APP_SECRET }}
diff --git a/.github/workflows/release-kubernetes.yaml b/.github/workflows/release-kubernetes.yaml
index 0b97971..c0db258 100644
--- a/.github/workflows/release-kubernetes.yaml
+++ b/.github/workflows/release-kubernetes.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -34,7 +34,7 @@ jobs:
     environment: release
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Get pkg app token
         id: pkg-app-token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ vars.PKG_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.PKG_WORKFLOW_GITHUB_APP_SECRET }}
diff --git a/.github/workflows/release-oci.yaml b/.github/workflows/release-oci.yaml
index 6b663f3..fcff8fc 100644
--- a/.github/workflows/release-oci.yaml
+++ b/.github/workflows/release-oci.yaml
@@ -17,7 +17,7 @@ jobs:
       new-version: ${{ steps.bump-version.outputs.new-version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -34,7 +34,7 @@ jobs:
     environment: release
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 
@@ -45,7 +45,7 @@ jobs:
 
       - name: Get pkg app token
         id: pkg-app-token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
           app-id: ${{ vars.PKG_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.PKG_WORKFLOW_GITHUB_APP_SECRET }}
diff --git a/.github/workflows/scan-cves.yaml b/.github/workflows/scan-cves.yaml
index a7de9b5..c95867d 100644
--- a/.github/workflows/scan-cves.yaml
+++ b/.github/workflows/scan-cves.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Install tools
         uses: ./.github/actions/install-tools
diff --git a/.github/workflows/test-unit.yaml b/.github/workflows/test-unit.yaml
index 3bf07a2..8ed6ed1 100644
--- a/.github/workflows/test-unit.yaml
+++ b/.github/workflows/test-unit.yaml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Install tools
         uses: ./.github/actions/install-tools