From afe0c5d3c8494f3a98dd45c0feb8b3d3dfdd222e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Apr 2026 13:26:03 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 8 updates Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.35.1` | | [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7` | `8` | | [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `2.6.1` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.4.1` | `0.5.2` | Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) Updates `github/codeql-action` from 4.31.9 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.31.9...c10b8064de6f491fea524254123dbe5e09572f13) Updates `dorny/paths-filter` from 3.0.2 to 4.0.1 - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/de90cc6fb38fc0963ad72b210f1f284cd68cea36...fbd0ab8f3e69293af611ebaee6363fc25e6d187d) Updates `actions/deploy-pages` from 4 to 5 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/v4...v5) Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v7...v8) Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/gh-action-sigstore-python/compare/a5caf349bc536fbef3668a10ed7f5cd309a4b53d...04cffa1d795717b140764e8b640de88853c92acc) Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe) Updates `zizmorcore/zizmor-action` from 0.4.1 to 0.5.2 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/135698455da5c3b3e55f73f4419e481ab68cdd95...71321a20a9ded102f6e9ce5718a2fcec2c4f70d8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: dorny/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/deploy-pages dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/email-check.yaml | 2 +- .github/workflows/pr-code-format.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/sycl-bandit.yml | 2 +- .github/workflows/sycl-detect-changes.yml | 2 +- .github/workflows/sycl-docs.yml | 2 +- .github/workflows/sycl-hardening-check.yml | 8 ++++---- .github/workflows/sycl-linux-build.yml | 4 ++-- .github/workflows/sycl-linux-precommit.yml | 2 +- .github/workflows/sycl-linux-run-tests.yml | 2 +- .github/workflows/sycl-nightly.yml | 10 +++++----- .github/workflows/sycl-prebuilt-e2e-container.yml | 4 ++-- .github/workflows/sycl-weekly.yml | 2 +- .github/workflows/sycl-windows-build.yml | 6 +++--- .github/workflows/sycl-windows-run-tests.yml | 2 +- .github/workflows/sycl-zizmor.yml | 2 +- 16 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml index 9e5321d172d70..a41fc2ac3ab11 100644 --- a/.github/workflows/email-check.yaml +++ b/.github/workflows/email-check.yaml @@ -40,7 +40,7 @@ jobs: [{"body" : "$COMMENT"}] EOF - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0 if: always() with: name: workflow-args diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index c1672d16ac4dc..cdd7bb61462df 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -84,7 +84,7 @@ jobs: --end-rev HEAD \ --changed-files "$CHANGED_FILES" - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0 if: always() with: name: workflow-args diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a3023a6f01406..47327518ebb63 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif diff --git a/.github/workflows/sycl-bandit.yml b/.github/workflows/sycl-bandit.yml index 0f55e69345897..0769b3ab3cdda 100644 --- a/.github/workflows/sycl-bandit.yml +++ b/.github/workflows/sycl-bandit.yml @@ -35,6 +35,6 @@ jobs: run: | bandit -c devops/bandit.config -r . --exit-zero -f sarif -o bandit_results.sarif - - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: bandit_results.sarif diff --git a/.github/workflows/sycl-detect-changes.yml b/.github/workflows/sycl-detect-changes.yml index 2d3ba4367a931..c8bf15707b4fb 100644 --- a/.github/workflows/sycl-detect-changes.yml +++ b/.github/workflows/sycl-detect-changes.yml @@ -24,7 +24,7 @@ jobs: echo "changed_file_cnt=${{ github.event.pull_request.changed_files }}" >> $GITHUB_OUTPUT - name: Check file changes - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d if: steps.changed_files.outputs.changed_file_cnt < 500 id: changes with: diff --git a/.github/workflows/sycl-docs.yml b/.github/workflows/sycl-docs.yml index 44ab7f8d085f7..87fbe1c1036ea 100644 --- a/.github/workflows/sycl-docs.yml +++ b/.github/workflows/sycl-docs.yml @@ -74,4 +74,4 @@ jobs: path: ./install_docs - name: Deploy to GitHub Pages if: ${{ github.event_name == 'push' || inputs.update_gh_pages == 'true' }} - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@v5 diff --git a/.github/workflows/sycl-hardening-check.yml b/.github/workflows/sycl-hardening-check.yml index 26e90b61ad936..671566ef304b6 100644 --- a/.github/workflows/sycl-hardening-check.yml +++ b/.github/workflows/sycl-hardening-check.yml @@ -28,7 +28,7 @@ jobs: sudo apt install -y devscripts - name: Download SYCL toolchain - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: ${{ inputs.sycl_linux_artifact }} @@ -47,7 +47,7 @@ jobs: hardening-check "$file" | tee -a "./hardening-check.txt" done - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 with: name: hardening-check path: hardening-check.txt @@ -63,7 +63,7 @@ jobs: unzip "windows.x64.Release.zip" -d winchecksec - name: Download SYCL toolchain - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: ${{ inputs.sycl_windows_artifact }} @@ -84,7 +84,7 @@ jobs: ./winchecksec/build/Release/winchecksec.exe "$file" | tee -a "./winchecksec.txt" done - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 with: name: winchecksec path: winchecksec.txt diff --git a/.github/workflows/sycl-linux-build.yml b/.github/workflows/sycl-linux-build.yml index 8bba9a4c08be0..2131106caaf55 100644 --- a/.github/workflows/sycl-linux-build.yml +++ b/.github/workflows/sycl-linux-build.yml @@ -279,7 +279,7 @@ jobs: run: tar -I '${{ steps.artifact_info.outputs.COMPRESS }}' -cf ${{ steps.artifact_info.outputs.ARCHIVE_NAME }} -C $GITHUB_WORKSPACE/toolchain . - name: Upload toolchain release if: ${{ !cancelled() && steps.build.conclusion == 'success' && inputs.release_toolchain_artifact != '' }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ inputs.release_toolchain_artifact }} path: ${{ steps.artifact_info.outputs.ARCHIVE_NAME }} @@ -302,7 +302,7 @@ jobs: run: tar -I '${{ steps.artifact_info.outputs.COMPRESS }}' -cf ${{ steps.artifact_info.outputs.ARCHIVE_NAME }} -C $GITHUB_WORKSPACE/toolchain . - name: Upload toolchain if: ${{ !cancelled() && steps.build.conclusion == 'success' }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ inputs.toolchain_artifact }} path: ${{ steps.artifact_info.outputs.ARCHIVE_NAME }} diff --git a/.github/workflows/sycl-linux-precommit.yml b/.github/workflows/sycl-linux-precommit.yml index f9ed0e8734f05..89016b90bfe4e 100644 --- a/.github/workflows/sycl-linux-precommit.yml +++ b/.github/workflows/sycl-linux-precommit.yml @@ -85,7 +85,7 @@ jobs: # download build artefact - name: Download toolchain - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: sycl_linux_default - name: Extract SYCL toolchain diff --git a/.github/workflows/sycl-linux-run-tests.yml b/.github/workflows/sycl-linux-run-tests.yml index 90b8cc6677545..f65a4ac2bf048 100644 --- a/.github/workflows/sycl-linux-run-tests.yml +++ b/.github/workflows/sycl-linux-run-tests.yml @@ -269,7 +269,7 @@ jobs: uses: ./devops/actions/setup-vulkan/linux - name: Download SYCL toolchain if: inputs.toolchain_artifact != '' && github.event_name != 'workflow_run' - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: ${{ inputs.toolchain_artifact }} - name: Download SYCL toolchain [workflow_run] diff --git a/.github/workflows/sycl-nightly.yml b/.github/workflows/sycl-nightly.yml index 90629faa9cfa8..d6c8b477c6438 100644 --- a/.github/workflows/sycl-nightly.yml +++ b/.github/workflows/sycl-nightly.yml @@ -417,14 +417,14 @@ jobs: contents: write id-token: write steps: - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: sycl_linux_default - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: sycl_windows_default - name: Sign with sigstore/cosign - uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d # v3.2.0 + uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc # v3.3.0 with: inputs: sycl_linux.tar.gz sycl_windows.tar.gz - name: Compute tag @@ -437,7 +437,7 @@ jobs: echo "TAG=${{ needs.get_date.outputs.date }}-${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" fi - name: Upload binaries - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: files: | sycl_linux.tar.gz @@ -458,7 +458,7 @@ jobs: needs: ubuntu2204_build steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: sycl_linux_default path: devops/ diff --git a/.github/workflows/sycl-prebuilt-e2e-container.yml b/.github/workflows/sycl-prebuilt-e2e-container.yml index 78386fcbc65ab..04a8753d8f2fc 100644 --- a/.github/workflows/sycl-prebuilt-e2e-container.yml +++ b/.github/workflows/sycl-prebuilt-e2e-container.yml @@ -63,12 +63,12 @@ jobs: tar -I 'zstd -9' -cf devops/e2e_sources.tar.zst -C ./llvm . - name: Download toolchain - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: toolchain path: devops/ - name: Download E2E binaries - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: e2e_bin path: devops/ diff --git a/.github/workflows/sycl-weekly.yml b/.github/workflows/sycl-weekly.yml index 2e9499fe36876..143008c950c00 100644 --- a/.github/workflows/sycl-weekly.yml +++ b/.github/workflows/sycl-weekly.yml @@ -106,7 +106,7 @@ jobs: python3 scripts/run_gen.py --target dpcpp --std sycl -t 60 -j 2 - name: Pack results run: tar -czf yarpgen_results.tar.gz yarpgen/testing - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 with: name: yarpgen_results path: yarpgen_results.tar.gz diff --git a/.github/workflows/sycl-windows-build.yml b/.github/workflows/sycl-windows-build.yml index 9f36da3c455d1..6e225bc772c22 100644 --- a/.github/workflows/sycl-windows-build.yml +++ b/.github/workflows/sycl-windows-build.yml @@ -197,7 +197,7 @@ jobs: diff -Naur src/sycl/test/abi/sycl_symbols_windows.dump build/new_sycl_symbols_windows.dump || true - name: Upload new ABI symbols if: ${{ !cancelled() && contains(inputs.changes, 'sycl') }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: sycl_windows_abi_symbols path: build/new_sycl_symbols_windows.dump @@ -212,7 +212,7 @@ jobs: run: tar -czf ${{ inputs.toolchain_artifact_filename }} -C install . - name: Upload toolchain release if: ${{ !cancelled() && steps.build.conclusion == 'success' && inputs.release_toolchain_artifact != '' }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ inputs.release_toolchain_artifact }} path: ${{ inputs.toolchain_artifact_filename }} @@ -231,7 +231,7 @@ jobs: tar -czf ${{ inputs.toolchain_artifact_filename }} -C install . - name: Upload toolchain if: ${{ !cancelled() && steps.build.conclusion == 'success' }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: sycl_windows_default path: ${{ inputs.toolchain_artifact_filename }} diff --git a/.github/workflows/sycl-windows-run-tests.yml b/.github/workflows/sycl-windows-run-tests.yml index 4798d8e70c9a5..89f8acc725258 100644 --- a/.github/workflows/sycl-windows-run-tests.yml +++ b/.github/workflows/sycl-windows-run-tests.yml @@ -121,7 +121,7 @@ jobs: llvm/utils/lit sycl/test-e2e - name: Download compiler toolchain - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: name: ${{ inputs.toolchain_artifact }} - name: Extract SYCL toolchain diff --git a/.github/workflows/sycl-zizmor.yml b/.github/workflows/sycl-zizmor.yml index b6ac427a28056..74fefdc175a08 100644 --- a/.github/workflows/sycl-zizmor.yml +++ b/.github/workflows/sycl-zizmor.yml @@ -40,4 +40,4 @@ jobs: devops/actions/**/*.yml - name: Run zizmor - uses: zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95 # v0.4.1 + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2