Bump the gh-dependency group across 1 directory with 6 updates

dependabot[bot] · web-flow · commit b1a0f92aeb8f · 2025-12-01T18:47:20.000Z
Bumps the gh-dependency group with 6 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/checkout](https://github.com/actions/checkout) | `5` | `6` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `8` | `9` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `5` | `6` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `5` | `6` | Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v5) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) Updates `golangci/golangci-lint-action` from 8 to 9 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v8...v9) Updates `actions/download-artifact` from 5 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v5...v6) Updates `SonarSource/sonarqube-scan-action` from 5 to 6 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](SonarSource/sonarqube-scan-action@v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency - dependency-name: golangci/golangci-lint-action dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency - dependency-name: SonarSource/sonarqube-scan-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-dependency ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -30,15 +30,15 @@ jobs:
        output-sarif: true
 
    - name: Upload Crash
-     uses: actions/upload-artifact@v4
+     uses: actions/upload-artifact@v5
      if: failure() && steps.build.outcome == 'success'
      with:
        name: artifacts
        path: ./out/artifacts
 
    - name: Upload Sarif
      if: always() && steps.build.outcome == 'success'
-     uses: github/codeql-action/upload-sarif@v3
+     uses: github/codeql-action/upload-sarif@v4
      with:
       # Path to SARIF file relative to the root of the repository
       sarif_file: cifuzz-sarif/results.sarif
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Go 1.20+
         uses: actions/setup-go@v6
@@ -27,7 +27,7 @@ jobs:
       - run: go version
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v8
+        uses: golangci/golangci-lint-action@v9
         with:
           version: v2.4.0
           args: --timeout=5m
diff --git a/.github/workflows/staticAnalysis.yml b/.github/workflows/staticAnalysis.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Set up Go 1.20+
         uses: actions/setup-go@v6
diff --git a/.github/workflows/test-for-fork.yml b/.github/workflows/test-for-fork.yml
@@ -24,7 +24,7 @@ jobs:
 
       # Checks-out repository under $GITHUB_WORKSPACE
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       # Build everything
       - name: Run a build
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
 
       # Checks-out repository under $GITHUB_WORKSPACE with tags and history (needed by "SonarCloud Scan" step)
       - name: Full checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0 # Full clone for SonarCloud
 
@@ -60,7 +60,7 @@ jobs:
         shell: bash
 
       - name: Upload coverage and report files
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ hashFiles('./outputs') || 'none' }}
           path: ./outputs
@@ -73,12 +73,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
       - name: Download artifacts
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: ./outputs
 
@@ -96,7 +96,7 @@ jobs:
           directory: .tmp/
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5
+        uses: SonarSource/sonarqube-scan-action@v6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -119,7 +119,7 @@ jobs:
       - run: go version
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Run a build
         run: go build ./...
