[llvm] Update [Github] Update GHA Dependencies (PR #161107)
Mend Renovate via llvm-commits
llvm-commits at lists.llvm.org
Sun Sep 28 17:04:38 PDT 2025
https://github.com/renovate-bot created https://github.com/llvm/llvm-project/pull/161107
This PR contains the following updates:
| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [EnricoMi/publish-unit-test-result-action](https://redirect.github.com/EnricoMi/publish-unit-test-result-action) | action | digest | `170bf24` -> `3a74b29` | |
| [actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance) | action | minor | `v1.0.0` -> `v1.4.4` | |
| [actions/checkout](https://redirect.github.com/actions/checkout) | action | minor | `v4.1.1` -> `v4.3.0` | |
| [actions/github-script](https://redirect.github.com/actions/github-script) | action | minor | `v7.0.1` -> `v7.1.0` | |
| [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v4.2.0` -> `v4.4.0` | |
| [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5.4.0` -> `v5.6.0` | |
| actions/setup-python | action | digest | `39cd149` -> `2e3e4b1` | |
| [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | patch | `v4.6.0` -> `v4.6.2` | |
| [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.3.3` -> `v4.6.2` | |
| [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | patch | `4.6.0` -> `4.6.2` | |
| [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.3.0` -> `v4.6.2` | |
| [aminya/setup-cpp](https://redirect.github.com/aminya/setup-cpp) | action | minor | `v1.1.1` -> `v1.7.1` | |
| [docker/login-action](https://redirect.github.com/docker/login-action) | action | minor | `v3.3.0` -> `v3.5.0` | |
| [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v2.20.6` -> `v2.28.1` | |
| [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.30.3` -> `v3.30.4` | `v3.30.5` |
| [hendrikmuhs/ccache-action](https://redirect.github.com/hendrikmuhs/ccache-action) | action | patch | `v1.2.17` -> `v1.2.19` | |
| llvm/actions | action | digest | `22e9f90` -> `a1ea791` | |
| [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | patch | `v2.4.1` -> `v2.4.2` | |
| [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | minor | `v1.12.4` -> `v1.13.0` | |
| [python](https://redirect.github.com/actions/python-versions) | uses-with | minor | `3.12` -> `3.13` | |
| [python](https://redirect.github.com/actions/python-versions) | uses-with | minor | `3.11` -> `3.13` | |
| [python](https://redirect.github.com/actions/python-versions) | uses-with | minor | `3.10` -> `3.13` | |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/attest-build-provenance (actions/attest-build-provenance)</summary>
### [`v1.4.4`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.4)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.3...v1.4.4)
##### What's Changed
- Bump predicate action from 1.1.3 to 1.1.4 by [@bdehamer](https://redirect.github.com/bdehamer) in [#310](https://redirect.github.com/actions/attest-build-provenance/pull/310)
- Bump [@actions/core](https://redirect.github.com/actions/core) from 1.10.1 to 1.11.1 by [@dependabot](https://redirect.github.com/dependabot) in [#275](https://redirect.github.com/actions/attest-build-provenance/pull/275)
- Bump [@actions/attest](https://redirect.github.com/actions/attest) from 1.4.2 to 1.5.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#309](https://redirect.github.com/actions/attest-build-provenance/pull/309)
- Fix SLSA provenance bug related to `workflow_ref` OIDC token claims containing the "@" symbol in the tag name ([actions/toolkit#1863](https://redirect.github.com/actions/toolkit/pull/1863))
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.4.3...v1.4.4>
### [`v1.4.3`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.3)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.2...v1.4.3)
##### What's Changed
- Bump predicate from 1.1.2 to 1.1.3 by [@bdehamer](https://redirect.github.com/bdehamer) in [#226](https://redirect.github.com/actions/attest-build-provenance/pull/226)
- Bump [@actions/attest](https://redirect.github.com/actions/attest) from 1.3.1 to 1.4.1 by [@dependabot](https://redirect.github.com/dependabot) in [#212](https://redirect.github.com/actions/attest-build-provenance/pull/212)
- Bump [@actions/attest](https://redirect.github.com/actions/attest) from 1.4.1 to 1.4.2 by [@bdehamer](https://redirect.github.com/bdehamer) in [#225](https://redirect.github.com/actions/attest-build-provenance/pull/225)
- Fix bug w/ customized OIDC issuer URL for enterprise accounts ([#222](https://redirect.github.com/actions/attest-build-provenance/issues/222))
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.4.2...v1.4.3>
### [`v1.4.2`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.2)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.1...v1.4.2)
##### What's Changed
- Bump actions/attest from 1.4.0 to 1.4.1 by [@bdehamer](https://redirect.github.com/bdehamer) in [#209](https://redirect.github.com/actions/attest-build-provenance/pull/209)
- Includes bug fix for issue with authenticated proxies ([actions/toolkit#1798](https://redirect.github.com/actions/toolkit/issues/1798))
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.4.1...v1.4.2>
### [`v1.4.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.1)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.4.0...v1.4.1)
##### What's Changed
- Update predicate action to 1.1.2 by [@bdehamer](https://redirect.github.com/bdehamer) in [#197](https://redirect.github.com/actions/attest-build-provenance/pull/197)
- Dynamic construction of oidc issuer by [@bdehamer](https://redirect.github.com/bdehamer) in [#195](https://redirect.github.com/actions/attest-build-provenance/pull/195)
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.4.0...v1.4.1>
### [`v1.4.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.4.0)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.3.3...v1.4.0)
##### What's Changed
- Bump predicate action from 1.1.0 to 1.1.1 by [@bdehamer](https://redirect.github.com/bdehamer) in [#182](https://redirect.github.com/actions/attest-build-provenance/pull/182)
- Fix for JWKS proxy bug
- Bump actions/attest from 1.3.3 to 1.4.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#183](https://redirect.github.com/actions/attest-build-provenance/pull/183)
- Add `show-summary` input
- Format summary output as list
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.3.3...v1.4.0>
### [`v1.3.3`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.3.3)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.3.2...v1.3.3)
##### What's Changed
- Bump actions/attest from 1.3.2 to 1.3.3 by [@bdehamer](https://redirect.github.com/bdehamer) in [#152](https://redirect.github.com/actions/attest-build-provenance/pull/152)
- Bugfix for properly handling glob exclusion patterns in `subject-path` input
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.3.2...v1.3.3>
### [`v1.3.2`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.3.2)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.3.1...v1.3.2)
##### What's Changed
- Bump actions/attest from 1.3.1 to 1.3.2 by [@bdehamer](https://redirect.github.com/bdehamer) in [#123](https://redirect.github.com/actions/attest-build-provenance/pull/123)
- Increase timeout for OCI operations
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.3.1...v1.3.2>
### [`v1.3.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.3.1)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1)
##### What's Changed
- Bump actions/attest from 1.3.0 to 1.3.1 by [@bdehamer](https://redirect.github.com/bdehamer) in [#117](https://redirect.github.com/actions/attest-build-provenance/pull/117)
- Bugfix when detecting support for the referrers API with OCI registries
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1>
### [`v1.3.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.3.0)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0)
##### What's Changed
- Bump actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#116](https://redirect.github.com/actions/attest-build-provenance/pull/116)
- Switch to new GH provenance [build type](https://actions.github.io/buildtypes/workflow/v1)
- Bump actions/attest from 1.2.0 to 1.3.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#116](https://redirect.github.com/actions/attest-build-provenance/pull/116)
- Dynamic construction of GitHub API URLs based on GITHUB\_SERVER\_URL
- Improved handling of Rekor 409 responses
- Bugfix - detection of registries with support for the OCI referrers API
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0>
### [`v1.2.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.2.0)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.1.2...v1.2.0)
##### What's Changed
- Bump actions/attest from 1.1.2 to 1.2.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#101](https://redirect.github.com/actions/attest-build-provenance/pull/101)
- Batch processing w/ exponential backoff
- Bugfix when pushing attestation to OCI registry
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.1.2...v1.2.0>
### [`v1.1.2`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.1.2)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.1.1...v1.1.2)
##### What's Changed
- Bump actions/attest from 1.1.1 to 1.1.2 by [@bdehamer](https://redirect.github.com/bdehamer) in [#79](https://redirect.github.com/actions/attest-build-provenance/pull/79)
- Downcase subject name for OCI images
- Fix accept header when retrieving image manifest
- Support variants of the Docker Hub registry name
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.1.1...v1.1.2>
### [`v1.1.1`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.1.1)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.1.0...v1.1.1)
##### What's Changed
- Bump actions/attest from v1.1.0 to v1.1.1 by [@bdehamer](https://redirect.github.com/bdehamer) in [#67](https://redirect.github.com/actions/attest-build-provenance/pull/67)
- Bump [@sigstore/sign](https://redirect.github.com/sigstore/sign) from 2.3.0 to 2.3.1
- Bump [@sigstore/oci](https://redirect.github.com/sigstore/oci) from 0.3.0 to 0.3.2
- Include more detail in error logging
- Send API errors to GHA debug log
- Fix bug preventing failed API requests from being retried
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.1.0...v1.1.1>
### [`v1.1.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v1.1.0)
[Compare Source](https://redirect.github.com/actions/attest-build-provenance/compare/v1.0.0...v1.1.0)
##### What's Changed
- Bump actions/attest to v1.1.0 by [@bdehamer](https://redirect.github.com/bdehamer) in [#65](https://redirect.github.com/actions/attest-build-provenance/pull/65)
- adds list support for `subjectPath` input
- limit attestation subject count
- ensure subject globs match only files
**Full Changelog**: <https://github.com/actions/attest-build-provenance/compare/v1.0.0...v1.1.0>
</details>
<details>
<summary>actions/checkout (actions/checkout)</summary>
### [`v4.3.0`](https://redirect.github.com/actions/checkout/releases/tag/v4.3.0)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.2...v4.3.0)
##### What's Changed
- docs: update README.md by [@motss](https://redirect.github.com/motss) in [https://github.com/actions/checkout/pull/1971](https://redirect.github.com/actions/checkout/pull/1971)
- Add internal repos for checking out multiple repositories by [@mouismail](https://redirect.github.com/mouismail) in [https://github.com/actions/checkout/pull/1977](https://redirect.github.com/actions/checkout/pull/1977)
- Documentation update - add recommended permissions to Readme by [@benwells](https://redirect.github.com/benwells) in [https://github.com/actions/checkout/pull/2043](https://redirect.github.com/actions/checkout/pull/2043)
- Adjust positioning of user email note and permissions heading by [@joshmgross](https://redirect.github.com/joshmgross) in [https://github.com/actions/checkout/pull/2044](https://redirect.github.com/actions/checkout/pull/2044)
- Update README.md by [@nebuk89](https://redirect.github.com/nebuk89) in [https://github.com/actions/checkout/pull/2194](https://redirect.github.com/actions/checkout/pull/2194)
- Update CODEOWNERS for actions by [@TingluoHuang](https://redirect.github.com/TingluoHuang) in [https://github.com/actions/checkout/pull/2224](https://redirect.github.com/actions/checkout/pull/2224)
- Update package dependencies by [@salmanmkc](https://redirect.github.com/salmanmkc) in [https://github.com/actions/checkout/pull/2236](https://redirect.github.com/actions/checkout/pull/2236)
- Prepare release v4.3.0 by [@salmanmkc](https://redirect.github.com/salmanmkc) in [https://github.com/actions/checkout/pull/2237](https://redirect.github.com/actions/checkout/pull/2237)
##### New Contributors
- [@motss](https://redirect.github.com/motss) made their first contribution in [https://github.com/actions/checkout/pull/1971](https://redirect.github.com/actions/checkout/pull/1971)
- [@mouismail](https://redirect.github.com/mouismail) made their first contribution in [https://github.com/actions/checkout/pull/1977](https://redirect.github.com/actions/checkout/pull/1977)
- [@benwells](https://redirect.github.com/benwells) made their first contribution in [https://github.com/actions/checkout/pull/2043](https://redirect.github.com/actions/checkout/pull/2043)
- [@nebuk89](https://redirect.github.com/nebuk89) made their first contribution in [https://github.com/actions/checkout/pull/2194](https://redirect.github.com/actions/checkout/pull/2194)
- [@salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [https://github.com/actions/checkout/pull/2236](https://redirect.github.com/actions/checkout/pull/2236)
**Full Changelog**: https://github.com/actions/checkout/compare/v4...v4.3.0
### [`v4.2.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v422)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.1...v4.2.2)
- `url-helper.ts` now leverages well-known environment variables by [@jww3](https://redirect.github.com/jww3) in [#1941](https://redirect.github.com/actions/checkout/pull/1941)
- Expand unit test coverage for `isGhes` by [@jww3](https://redirect.github.com/jww3) in [#1946](https://redirect.github.com/actions/checkout/pull/1946)
### [`v4.2.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v421)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.0...v4.2.1)
- Check out other refs/\* by commit if provided, fall back to ref by [@orhantoy](https://redirect.github.com/orhantoy) in [#1924](https://redirect.github.com/actions/checkout/pull/1924)
### [`v4.2.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v420)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.7...v4.2.0)
- Add Ref and Commit outputs by [@lucacome](https://redirect.github.com/lucacome) in [#1180](https://redirect.github.com/actions/checkout/pull/1180)
- Dependency updates by [@dependabot-](https://redirect.github.com/dependabot-) [#1777](https://redirect.github.com/actions/checkout/pull/1777), [#1872](https://redirect.github.com/actions/checkout/pull/1872)
### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7)
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@dependabot](https://redirect.github.com/dependabot) in [#1739](https://redirect.github.com/actions/checkout/pull/1739)
- Bump actions/checkout from 3 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [#1697](https://redirect.github.com/actions/checkout/pull/1697)
- Check out other refs/\* by commit by [@orhantoy](https://redirect.github.com/orhantoy) in [#1774](https://redirect.github.com/actions/checkout/pull/1774)
- Pin actions/checkout's own workflows to a known, good, stable version. by [@jww3](https://redirect.github.com/jww3) in [#1776](https://redirect.github.com/actions/checkout/pull/1776)
### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6)
- Check platform to set archive extension appropriately by [@cory-miller](https://redirect.github.com/cory-miller) in [#1732](https://redirect.github.com/actions/checkout/pull/1732)
### [`v4.1.5`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v415)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5)
- Update NPM dependencies by [@cory-miller](https://redirect.github.com/cory-miller) in [#1703](https://redirect.github.com/actions/checkout/pull/1703)
- Bump github/codeql-action from 2 to 3 by [@dependabot](https://redirect.github.com/dependabot) in [#1694](https://redirect.github.com/actions/checkout/pull/1694)
- Bump actions/setup-node from 1 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [#1696](https://redirect.github.com/actions/checkout/pull/1696)
- Bump actions/upload-artifact from 2 to 4 by [@dependabot](https://redirect.github.com/dependabot) in [#1695](https://redirect.github.com/actions/checkout/pull/1695)
- README: Suggest `user.email` to be `41898282+github-actions[bot]@users.noreply.github.com` by [@cory-miller](https://redirect.github.com/cory-miller) in [#1707](https://redirect.github.com/actions/checkout/pull/1707)
### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4)
- Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@jww3](https://redirect.github.com/jww3) in [#1692](https://redirect.github.com/actions/checkout/pull/1692)
- Add dependabot config by [@cory-miller](https://redirect.github.com/cory-miller) in [#1688](https://redirect.github.com/actions/checkout/pull/1688)
- Bump the minor-actions-dependencies group with 2 updates by [@dependabot](https://redirect.github.com/dependabot) in [#1693](https://redirect.github.com/actions/checkout/pull/1693)
- Bump word-wrap from 1.2.3 to 1.2.5 by [@dependabot](https://redirect.github.com/dependabot) in [#1643](https://redirect.github.com/actions/checkout/pull/1643)
### [`v4.1.3`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3)
- Check git version before attempting to disable `sparse-checkout` by [@jww3](https://redirect.github.com/jww3) in [#1656](https://redirect.github.com/actions/checkout/pull/1656)
- Add SSH user parameter by [@cory-miller](https://redirect.github.com/cory-miller) in [#1685](https://redirect.github.com/actions/checkout/pull/1685)
- Update `actions/checkout` version in `update-main-version.yml` by [@jww3](https://redirect.github.com/jww3) in [#1650](https://redirect.github.com/actions/checkout/pull/1650)
### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412)
[Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2)
- Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@dscho](https://redirect.github.com/dscho) in [#1598](https://redirect.github.com/actions/checkout/pull/1598)
</details>
<details>
<summary>actions/github-script (actions/github-script)</summary>
### [`v7.1.0`](https://redirect.github.com/actions/github-script/releases/tag/v7.1.0)
[Compare Source](https://redirect.github.com/actions/github-script/compare/v7.0.1...v7.1.0)
#### What's Changed
- Upgrade husky to v9 by [@benelan](https://redirect.github.com/benelan) in [#482](https://redirect.github.com/actions/github-script/pull/482)
- Add workflow file for publishing releases to immutable action package by [@Jcambass](https://redirect.github.com/Jcambass) in [#485](https://redirect.github.com/actions/github-script/pull/485)
- Upgrade IA Publish by [@Jcambass](https://redirect.github.com/Jcambass) in [#486](https://redirect.github.com/actions/github-script/pull/486)
- Fix workflow status badges by [@joshmgross](https://redirect.github.com/joshmgross) in [#497](https://redirect.github.com/actions/github-script/pull/497)
- Update usage of `actions/upload-artifact` by [@joshmgross](https://redirect.github.com/joshmgross) in [#512](https://redirect.github.com/actions/github-script/pull/512)
- Clear up package name confusion by [@joshmgross](https://redirect.github.com/joshmgross) in [#514](https://redirect.github.com/actions/github-script/pull/514)
- Update dependencies with `npm audit fix` by [@joshmgross](https://redirect.github.com/joshmgross) in [#515](https://redirect.github.com/actions/github-script/pull/515)
- Specify that the used script is JavaScript by [@timotk](https://redirect.github.com/timotk) in [#478](https://redirect.github.com/actions/github-script/pull/478)
- chore: Add Dependabot for NPM and Actions by [@nschonni](https://redirect.github.com/nschonni) in [#472](https://redirect.github.com/actions/github-script/pull/472)
- Define `permissions` in workflows and update actions by [@joshmgross](https://redirect.github.com/joshmgross) in [#531](https://redirect.github.com/actions/github-script/pull/531)
- chore: Add Dependabot for .github/actions/install-dependencies by [@nschonni](https://redirect.github.com/nschonni) in [#532](https://redirect.github.com/actions/github-script/pull/532)
- chore: Remove .vscode settings by [@nschonni](https://redirect.github.com/nschonni) in [#533](https://redirect.github.com/actions/github-script/pull/533)
- ci: Use github/setup-licensed by [@nschonni](https://redirect.github.com/nschonni) in [#473](https://redirect.github.com/actions/github-script/pull/473)
- make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by [@iamstarkov](https://redirect.github.com/iamstarkov) in [#508](https://redirect.github.com/actions/github-script/pull/508)
- Remove `octokit` README updates for v7 by [@joshmgross](https://redirect.github.com/joshmgross) in [#557](https://redirect.github.com/actions/github-script/pull/557)
- docs: add "exec" usage examples by [@neilime](https://redirect.github.com/neilime) in [#546](https://redirect.github.com/actions/github-script/pull/546)
- Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [#563](https://redirect.github.com/actions/github-script/pull/563)
- Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [#575](https://redirect.github.com/actions/github-script/pull/575)
- Clearly document passing inputs to the `script` by [@joshmgross](https://redirect.github.com/joshmgross) in [#603](https://redirect.github.com/actions/github-script/pull/603)
- Update README.md by [@nebuk89](https://redirect.github.com/nebuk89) in [#610](https://redirect.github.com/actions/github-script/pull/610)
#### New Contributors
- [@benelan](https://redirect.github.com/benelan) made their first contribution in [#482](https://redirect.github.com/actions/github-script/pull/482)
- [@Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [#485](https://redirect.github.com/actions/github-script/pull/485)
- [@timotk](https://redirect.github.com/timotk) made their first contribution in [#478](https://redirect.github.com/actions/github-script/pull/478)
- [@iamstarkov](https://redirect.github.com/iamstarkov) made their first contribution in [#508](https://redirect.github.com/actions/github-script/pull/508)
- [@neilime](https://redirect.github.com/neilime) made their first contribution in [#546](https://redirect.github.com/actions/github-script/pull/546)
- [@nebuk89](https://redirect.github.com/nebuk89) made their first contribution in [#610](https://redirect.github.com/actions/github-script/pull/610)
**Full Changelog**: <https://github.com/actions/github-script/compare/v7...v7.1.0>
</details>
<details>
<summary>actions/setup-node (actions/setup-node)</summary>
### [`v4.4.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.4.0)
[Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.3.0...v4.4.0)
##### What's Changed
##### Bug fixes:
- Make eslint-compact matcher compatible with Stylelint by [@FloEdelmann](https://redirect.github.com/FloEdelmann) in [#98](https://redirect.github.com/actions/setup-node/pull/98)
- Add support for indented eslint output by [@fregante](https://redirect.github.com/fregante) in [#1245](https://redirect.github.com/actions/setup-node/pull/1245)
##### Enhancement:
- Support private mirrors by [@marco-ippolito](https://redirect.github.com/marco-ippolito) in [#1240](https://redirect.github.com/actions/setup-node/pull/1240)
##### Dependency update:
- Upgrade [@action/cache](https://redirect.github.com/action/cache) from 4.0.2 to 4.0.3 by [@aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#1262](https://redirect.github.com/actions/setup-node/pull/1262)
##### New Contributors
- [@FloEdelmann](https://redirect.github.com/FloEdelmann) made their first contribution in [#98](https://redirect.github.com/actions/setup-node/pull/98)
- [@fregante](https://redirect.github.com/fregante) made their first contribution in [#1245](https://redirect.github.com/actions/setup-node/pull/1245)
- [@marco-ippolito](https://redirect.github.com/marco-ippolito) made their first contribution in [#1240](https://redirect.github.com/actions/setup-node/pull/1240)
**Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.4.0>
### [`v4.3.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.3.0)
[Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.2.0...v4.3.0)
#### What's Changed
##### Dependency updates
- Upgrade [@actions/glob](https://redirect.github.com/actions/glob) from 0.4.0 to 0.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [#1200](https://redirect.github.com/actions/setup-node/pull/1200)
- Upgrade [@action/cache](https://redirect.github.com/action/cache) from 4.0.0 to 4.0.2 by [@gowridurgad](https://redirect.github.com/gowridurgad) in [#1251](https://redirect.github.com/actions/setup-node/pull/1251)
- Upgrade [@vercel/ncc](https://redirect.github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@dependabot](https://redirect.github.com/dependabot) in [#1203](https://redirect.github.com/actions/setup-node/pull/1203)
- Upgrade [@actions/tool-cache](https://redirect.github.com/actions/tool-cache) from 2.0.1 to 2.0.2 by [@dependabot](https://redirect.github.com/dependabot) in [#1220](https://redirect.github.com/actions/setup-node/pull/1220)
#### New Contributors
- [@gowridurgad](https://redirect.github.com/gowridurgad) made their first contribution in [#1251](https://redirect.github.com/actions/setup-node/pull/1251)
**Full Changelog**: <https://github.com/actions/setup-node/compare/v4...v4.3.0>
</details>
<details>
<summary>actions/setup-python (actions/setup-python)</summary>
### [`v5.6.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.6.0)
[Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.5.0...v5.6.0)
##### What's Changed
- Workflow updates related to Ubuntu 20.04 by [@aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#1065](https://redirect.github.com/actions/setup-python/pull/1065)
- Fix for Candidate Not Iterable Error by [@aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#1082](https://redirect.github.com/actions/setup-python/pull/1082)
- Upgrade semver and [@types/semver](https://redirect.github.com/types/semver) by [@dependabot](https://redirect.github.com/dependabot) in [#1091](https://redirect.github.com/actions/setup-python/pull/1091)
- Upgrade prettier from 2.8.8 to 3.5.3 by [@dependabot](https://redirect.github.com/dependabot) in [#1046](https://redirect.github.com/actions/setup-python/pull/1046)
- Upgrade ts-jest from 29.1.2 to 29.3.2 by [@dependabot](https://redirect.github.com/dependabot) in [#1081](https://redirect.github.com/actions/setup-python/pull/1081)
**Full Changelog**: <https://github.com/actions/setup-python/compare/v5...v5.6.0>
### [`v5.5.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.5.0)
[Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.4.0...v5.5.0)
##### What's Changed
##### Enhancements:
- Support free threaded Python versions like '3.13t' by [@colesbury](https://redirect.github.com/colesbury) in [#973](https://redirect.github.com/actions/setup-python/pull/973)
- Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade [@action/cache](https://redirect.github.com/action/cache) from 4.0.0 to 4.0.3 by [@priya-kinthali](https://redirect.github.com/priya-kinthali) in [#1056](https://redirect.github.com/actions/setup-python/pull/1056)
- Add support for .tool-versions file in setup-python by [@mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [#1043](https://redirect.github.com/actions/setup-python/pull/1043)
##### Bug fixes:
- Fix architecture for pypy on Linux ARM64 by [@mayeut](https://redirect.github.com/mayeut) in [#1011](https://redirect.github.com/actions/setup-python/pull/1011)
This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
##### Dependency updates:
- Upgrade [@vercel/ncc](https://redirect.github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@dependabot](https://redirect.github.com/dependabot) in [#1016](https://redirect.github.com/actions/setup-python/pull/1016)
- Upgrade [@actions/glob](https://redirect.github.com/actions/glob) from 0.4.0 to 0.5.0 by [@dependabot](https://redirect.github.com/dependabot) in [#1015](https://redirect.github.com/actions/setup-python/pull/1015)
##### New Contributors
- [@colesbury](https://redirect.github.com/colesbury) made their first contribution in [#973](https://redirect.github.com/actions/setup-python/pull/973)
- [@mahabaleshwars](https://redirect.github.com/mahabaleshwars) made their first contribution in [#1043](https://redirect.github.com/actions/setup-python/pull/1043)
**Full Changelog**: <https://github.com/actions/setup-python/compare/v5...v5.5.0>
</details>
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
### [`v4.6.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.2)
[Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.1...v4.6.2)
#### What's Changed
- Update to use artifact 2.3.2 package & prepare for new upload-artifact release by [@salmanmkc](https://redirect.github.com/salmanmkc) in [#685](https://redirect.github.com/actions/upload-artifact/pull/685)
#### New Contributors
- [@salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [#685](https://redirect.github.com/actions/upload-artifact/pull/685)
**Full Changelog**: <https://github.com/actions/upload-artifact/compare/v4...v4.6.2>
### [`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1)
[Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1)
#### What's Changed
- Update to use artifact 2.2.2 package by [@yacaovsnc](https://redirect.github.com/yacaovsnc) in [#673](https://redirect.github.com/actions/upload-artifact/pull/673)
**Full Changelog**: <https://github.com/actions/upload-artifact/compare/v4...v4.6.1>
</details>
<details>
<summary>aminya/setup-cpp (aminya/setup-cpp)</summary>
### [`v1.7.1`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.7.1)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.7.0...v1.7.1)
##### What's Changed
- fix: prefer complete Window LLVM package [@aminya](https://redirect.github.com/aminya) in [#425](https://redirect.github.com/aminya/setup-cpp/pull/425)
- fix: add LLVM 20.1.7 by [@aminya](https://redirect.github.com/aminya) in [#424](https://redirect.github.com/aminya/setup-cpp/pull/424)
- fix: add mingw 15.1-r2 by [@aminya](https://redirect.github.com/aminya) in [#424](https://redirect.github.com/aminya/setup-cpp/pull/424)
- fix: install gcovr via apt on Ubuntu by default by [@aminya](https://redirect.github.com/aminya) in [#424](https://redirect.github.com/aminya/setup-cpp/pull/424)
- feat: add tar tool by [@aminya](https://redirect.github.com/aminya) in [#425](https://redirect.github.com/aminya/setup-cpp/pull/425)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.7.0...v1.7.1>
### [`v1.7.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.7.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.6.2...v1.7.0)
##### What's Changed
- feat: update default LLVM to v20 by [@aminya](https://redirect.github.com/aminya) in [#387](https://redirect.github.com/aminya/setup-cpp/pull/387)
- feat: default to GCC 15 on Windows and MacOS by [@aminya](https://redirect.github.com/aminya) in [#387](https://redirect.github.com/aminya/setup-cpp/pull/387)
- fix: update cmake, task, powershell, meson, doxygen by [@aminya](https://redirect.github.com/aminya) in [#414](https://redirect.github.com/aminya/setup-cpp/pull/414)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.6.2...v1.7.0>
### [`v1.6.2`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.6.2)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.6.1...v1.6.2)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.6.1...v1.6.2>
### [`v1.6.1`](https://redirect.github.com/aminya/setup-cpp/compare/v1.6.0...v1.6.1)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.6.0...v1.6.1)
### [`v1.6.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.6.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.4...v1.6.0)
##### What's Changed
- feat: add apt-fast as an installable tool by [@aminya](https://redirect.github.com/aminya) in [#401](https://redirect.github.com/aminya/setup-cpp/pull/401)
- fix: add apt-fast optimizations by [@aminya](https://redirect.github.com/aminya) in [#402](https://redirect.github.com/aminya/setup-cpp/pull/402)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.5.4...v1.6.0>
### [`v1.5.4`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.5.4)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.3...v1.5.4)
##### What's Changed
- fix: avoid rc sourcing loops + fix: always add guards for sourcing rc files by [@aminya](https://redirect.github.com/aminya) in [#397](https://redirect.github.com/aminya/setup-cpp/pull/397)
- [fix: add missing git option for actions](https://redirect.github.com/aminya/setup-cpp/commit/d0235b0adb97722c83c6f48ccfad4c98c083c0e4) by [@aminya](https://redirect.github.com/aminya)
- [fix: ignore setup-cpp cli installation errors](https://redirect.github.com/aminya/setup-cpp/commit/d10f4b6db061e4bd794e409852bc38e33cc5e4a6) by [@aminya](https://redirect.github.com/aminya)
- [fix: fix addition of git to PATH on Windows](https://redirect.github.com/aminya/setup-cpp/commit/75890615f7a4d1f3833f0f9008be852b0a1b256a) by [@aminya](https://redirect.github.com/aminya)
- [fix: fix add-apt-repository in Debian](https://redirect.github.com/aminya/setup-cpp/commit/55f022dea4b4667ba75821264c21fc8121bd3f06) by [@aminya](https://redirect.github.com/aminya)
- [fix: fix llvm add-apt-repository for debian](https://redirect.github.com/aminya/setup-cpp/commit/05bd2b5297d0c94ccbd895c9e7f35a5b88dbdee8) by [@aminya](https://redirect.github.com/aminya)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.5.3...v1.5.4>
### [`v1.5.3`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.5.3)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.2...v1.5.3)
- fix: remove exports map from package by [@aminya](https://redirect.github.com/aminya) in [7f46810eeda56](https://redirect.github.com/aminya/setup-cpp/commit/6370aaa0252a93c71dcc4cf49397f46810eeda56)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.5.2...v1.5.3>
### [`v1.5.2`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.5.2)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.1...v1.5.2)
- fix: fix CLI shabang not working - independent lib by [@aminya](https://redirect.github.com/aminya) in [c88b4364ef50](https://redirect.github.com/aminya/setup-cpp/commit/95a7de4f2eceb0baf03a70a1edb7c88b4364ef50)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.5.1...v1.5.2>
### [`v1.5.1`](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.0...v1.5.1)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.5.0...v1.5.1)
### [`v1.5.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.5.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.4.0...v1.5.0)
##### What's Changed
- feat: allow using setup-cpp as a library by [@aminya](https://redirect.github.com/aminya) in [#386](https://redirect.github.com/aminya/setup-cpp/pull/386)
- fix: pin vcpkg on Alpine Arm64 by [@aminya](https://redirect.github.com/aminya) in [#389](https://redirect.github.com/aminya/setup-cpp/pull/389)
- fix: do not add LLVM libraries to dyld by default by [@aminya](https://redirect.github.com/aminya) in [#388](https://redirect.github.com/aminya/setup-cpp/pull/388)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.4.0...v1.5.0>
### [`v1.4.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.4.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.3.0...v1.4.0)
##### What's Changed
- 🎉 feat: support Alpine + add setup-alpine package by [@aminya](https://redirect.github.com/aminya) in [#379](https://redirect.github.com/aminya/setup-cpp/pull/379)
- ci: add docker tags with the base platform versions by [@aminya](https://redirect.github.com/aminya) in [#381](https://redirect.github.com/aminya/setup-cpp/pull/381) (e.g. `setup-cpp-ubuntu:20.04`)
- fix: detect externally managed Python to avoid warnings by [@aminya](https://redirect.github.com/aminya) in [#379](https://redirect.github.com/aminya/setup-cpp/pull/379)
##### Alpine Images (amd64 and arm64)
Setup-cpp now provides prebuilt images for Alpine with support for base tools, and compilers `llvm`, `gcc`, and `mingw` available for `amd64` and `arm64` architectures.
Base image with `cmake, ninja, task, vcpkg, python, make, cppcheck, gcovr, doxygen, ccache, conan, meson, cmakelang` for Alpine:
```dockerfile
FROM aminya/setup-cpp-alpine:3.21 AS builder
```
Image with `llvm` and the base tools:
```dockerfile
FROM aminya/setup-cpp-alpine-llvm:3.21 AS builder
```
Image with `gcc` and the base tools:
```dockerfile
FROM aminya/setup-cpp-alpine-gcc:3.21 AS builder
```
Image with `mingw` and the base tools:
```dockerfile
FROM aminya/setup-cpp-alpine-mingw:3.21 AS builder
```
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.3.0...v1.4.0>
### [`v1.3.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.3.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.2.2...v1.3.0)
##### What's Changed
- feat: add Ubuntu 20 and 24 docker builds by [@aminya](https://redirect.github.com/aminya) in [#375](https://redirect.github.com/aminya/setup-cpp/pull/375)
- fix: fix python installation on Ubuntu 20 by [@aminya](https://redirect.github.com/aminya) in [#375](https://redirect.github.com/aminya/setup-cpp/pull/375)
- chore(deps): update devdependencies by [@renovate](https://redirect.github.com/renovate) in [#376](https://redirect.github.com/aminya/setup-cpp/pull/376)
##### Breaking changes for Ubuntu Docker images
The `latest` tag for `setup-cpp` on Docker now points to Ubuntu `24.04`. Please pin the specific version if needed:
Base image with `cmake, ninja, task, vcpkg, python, make, cppcheck, gcovr, doxygen, ccache, conan, meson, cmakelang` for Ubuntu 24.04:
```dockerfile
FROM aminya/setup-cpp-ubuntu:24.04-1.3.0 AS builder
```
Image with `llvm` and the base tools:
```dockerfile
FROM aminya/setup-cpp-ubuntu-llvm:24.04-1.3.0 AS builder
```
Image with `gcc` and the base tools:
```dockerfile
FROM aminya/setup-cpp-ubuntu-gcc:24.04-1.3.0 AS builder
```
Image with `mingw` and the base tools:
```dockerfile
FROM aminya/setup-cpp-ubuntu-mingw:24.04-1.3.0 AS builder
```
There are also the variants for Ubuntu `22.04`
```dockerfile
FROM aminya/setup-cpp-ubuntu:22.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-llvm:22.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-gcc:22.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-mingw:22.04-1.3.0 AS builder
```
And for Ubuntu `20.04`:
```dockerfile
FROM aminya/setup-cpp-ubuntu:20.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-llvm:20.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-gcc:20.04-1.3.0 AS builder
FROM aminya/setup-cpp-ubuntu-mingw:20.04-1.3.0 AS builder
```
Note that `nala` is no longer included in the setup-cpp images by default. You can install it manually via `setup-cpp --nala true` in your Docker image if you rely on it.
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.2.2...v1.3.0>
### [`v1.2.2`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.2.2)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.2.1...v1.2.2)
##### What's Changed
- 🎉 ci: tests and executables for Linux arm by [@aminya](https://redirect.github.com/aminya) in [#363](https://redirect.github.com/aminya/setup-cpp/pull/363)
- fix apt installation fallbacks to latest by [@aminya](https://redirect.github.com/aminya) in [#363](https://redirect.github.com/aminya/setup-cpp/pull/363)
- fix old LLVM on latest Ubuntu arm by [@aminya](https://redirect.github.com/aminya) in [#363](https://redirect.github.com/aminya/setup-cpp/pull/363)
- feat: install sccache on latest ubuntu arm by [@aminya](https://redirect.github.com/aminya) in [#373](https://redirect.github.com/aminya/setup-cpp/pull/373)
- fix Doxygen on Linux Arm by [@aminya](https://redirect.github.com/aminya) in [#363](https://redirect.github.com/aminya/setup-cpp/pull/363)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.2.1...v1.2.2>
### [`v1.2.1`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.2.1)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.2.0...v1.2.1)
##### What's Changed
- 🎉 feat: add multi-architecture Docker images for setup-cpp by [@aminya](https://redirect.github.com/aminya) in [#361](https://redirect.github.com/aminya/setup-cpp/pull/361)
- 🎉 feat: install LLVM via brew on Mac if possible by [@aminya](https://redirect.github.com/aminya) in [#367](https://redirect.github.com/aminya/setup-cpp/pull/367) and [#364](https://redirect.github.com/aminya/setup-cpp/pull/364)
- 🎉 fix: avoid already installed warnings for brew by [@aminya](https://redirect.github.com/aminya) in [#369](https://redirect.github.com/aminya/setup-cpp/pull/369)
- feat: add git as an installable tool by [@aminya](https://redirect.github.com/aminya) in [#362](https://redirect.github.com/aminya/setup-cpp/pull/362)
- fix: add polyfill for crypto.randomuuid for Node 12 by [@aminya](https://redirect.github.com/aminya) in [#368](https://redirect.github.com/aminya/setup-cpp/pull/368) and [#370](https://redirect.github.com/aminya/setup-cpp/pull/370)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.1.1...v1.2.0>
### [`v1.2.0`](https://redirect.github.com/aminya/setup-cpp/releases/tag/v1.2.0)
[Compare Source](https://redirect.github.com/aminya/setup-cpp/compare/v1.1.1...v1.2.0)
##### What's Changed
Note: superseded by v1.2.1
- feat: add multi-architecture Docker images for setup-cpp by [@aminya](https://redirect.github.com/aminya) in [#361](https://redirect.github.com/aminya/setup-cpp/pull/361)
- feat: install LLVM via brew on Mac if possible by [@aminya](https://redirect.github.com/aminya) in [#367](https://redirect.github.com/aminya/setup-cpp/pull/367) and [#364](https://redirect.github.com/aminya/setup-cpp/pull/364)
- feat: add git as an installable tool by [@aminya](https://redirect.github.com/aminya) in [#362](https://redirect.github.com/aminya/setup-cpp/pull/362)
- fix: avoid already installed warnings for brew by [@aminya](https://redirect.github.com/aminya) in [#369](https://redirect.github.com/aminya/setup-cpp/pull/369)
- fix: add polyfill for crypto.randomuuid for Node 12 by [@aminya](https://redirect.github.com/aminya) in [#368](https://redirect.github.com/aminya/setup-cpp/pull/368) and [#370](https://redirect.github.com/aminya/setup-cpp/pull/370)
**Full Changelog**: <https://github.com/aminya/setup-cpp/compare/v1.1.1...v1.2.0>
</details>
<details>
<summary>docker/login-action (docker/login-action)</summary>
### [`v3.5.0`](https://redirect.github.com/docker/login-action/releases/tag/v3.5.0)
[Compare Source](https://redirect.github.com/docker/login-action/compare/v3.4.0...v3.5.0)
- Support dual-stack endpoints for AWS ECR by [@Spacefish](https://redirect.github.com/Spacefish) [@crazy-max](https://redirect.github.com/crazy-max) in [#874](https://redirect.github.com/docker/login-action/pull/874) [#876](https://redirect.github.com/docker/login-action/pull/876)
- Bump [@aws-sdk/client-ecr](https://redirect.github.com/aws-sdk/client-ecr) to 3.859.0 in [#860](https://redirect.github.com/docker/login-action/pull/860) [#878](https://redirect.github.com/docker/login-action/pull/878)
- Bump [@aws-sdk/client-ecr-public](https://redirect.github.com/aws-sdk/client-ecr-public) to 3.859.0 in [#860](https://redirect.github.com/docker/login-action/pull/860) [#878](https://redirect.github.com/docker/login-action/pull/878)
- Bump [@docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit) from 0.57.0 to 0.62.1 in [#870](https://redirect.github.com/docker/login-action/pull/870)
- Bump form-data from 2.5.1 to 2.5.5 in [#875](https://redirect.github.com/docker/login-action/pull/875)
**Full Changelog**: <https://github.com/docker/login-action/compare/v3.4.0...v3.5.0>
### [`v3.4.0`](https://redirect.github.com/docker/login-action/releases/tag/v3.4.0)
[Compare Source](https://redirect.github.com/docker/login-action/compare/v3.3.0...v3.4.0)
- Bump [@actions/core](https://redirect.github.com/actions/core) from 1.10.1 to 1.11.1 in [#791](https://redirect.github.com/docker/login-action/pull/791)
- Bump [@aws-sdk/client-ecr](https://redirect.github.com/aws-sdk/client-ecr) to 3.766.0 in [#789](https://redirect.github.com/docker/login-action/pull/789) [#856](https://redirect.github.com/docker/login-action/pull/856)
- Bump [@aws-sdk/client-ecr-public](https://redirect.github.com/aws-sdk/client-ecr-public) to 3.758.0 in [#789](https://redirect.github.com/docker/login-action/pull/789) [#856](https://redirect.github.com/docker/login-action/pull/856)
- Bump [@docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit) from 0.35.0 to 0.57.0 in [#801](https://redirect.github.com/docker/login-action/pull/801) [#806](https://redirect.github.com/docker/login-action/pull/806) [#858](https://redirect.github.com/docker/login-action/pull/858)
- Bump cross-spawn from 7.0.3 to 7.0.6 in [#814](https://redirect.github.com/docker/login-action/pull/814)
- Bump https-proxy-agent from 7.0.5 to 7.0.6 in [#823](https://redirect.github.com/docker/login-action/pull/823)
- Bump path-to-regexp from 6.2.2 to 6.3.0 in [#777](https://redirect.github.com/docker/login-action/pull/777)
**Full Changelog**: <https://github.com/docker/login-action/compare/v3.3.0...v3.4.0>
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
### [`v2.28.1`](https://redirect.github.com/github/codeql-action/releases/tag/v2.28.1)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.28.0...v2.28.1)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
**This is the last planned release of the `v2`. To continue getting updates for the CodeQL Action, please switch to `v3`.**
#### 2.28.1 - 10 Jan 2025
- CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see [this changelog post](https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/). [#2677](https://redirect.github.com/github/codeql-action/pull/2677)
- Update default CodeQL bundle version to 2.20.1. [#2678](https://redirect.github.com/github/codeql-action/pull/2678)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v2.28.1/CHANGELOG.md) for more information.
### [`v2.28.0`](https://redirect.github.com/github/codeql-action/releases/tag/v2.28.0)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.27.9...v2.28.0)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
**This is the last planned release of the `v2`. To continue getting updates for the CodeQL Action, please switch to `v3`.**
#### 2.28.0 - 20 Dec 2024
- Bump the minimum CodeQL bundle version to 2.15.5. [#2655](https://redirect.github.com/github/codeql-action/pull/2655)
- Don't fail in the unusual case that a file is on the search path. [#2660](https://redirect.github.com/github/codeql-action/pull/2660).
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v2.28.0/CHANGELOG.md) for more information.
### [`v2.27.9`](https://redirect.github.com/github/codeql-action/releases/tag/v2.27.9)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.27.8...v2.27.9)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
#### 2.27.9 - 12 Dec 2024
No user facing changes.
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v2.27.9/CHANGELOG.md) for more information.
### [`v2.27.8`](https://redirect.github.com/github/codeql-action/compare/v2.27.7...v2.27.8)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.27.7...v2.27.8)
### [`v2.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v2.27.7)
[Compare Source](https://redirect.github.com/github/codeql-action/compare/v2.27.6...v2.27.7)
### CodeQL Action Changelog
See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
#### 2.27.7 - 10 Dec 2024
- We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. [#2631](https://redirect.github.com/github/codeql-action/pull/2631)
- Update default CodeQL bundle version to 2.20.0. [#2636](https://redirect.github.com/github/codeql-action/pull/2636)
See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v2.27.7/CHANGELOG.md) for more information.
### [`v2.27.6`](https://redirect.github.com/github/codeql-action/releases/tag/
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 12:59 AM, only on Monday ( * 0 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/llvm/llvm-project).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
>From 6832c9425ed7ce979d543ac2abd1d62a92fce7cf Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot at renovateapp.com>
Date: Mon, 29 Sep 2025 00:04:09 +0000
Subject: [PATCH] Update [Github] Update GHA Dependencies
---
.github/workflows/build-ci-container-windows.yml | 2 +-
.github/workflows/build-ci-container.yml | 2 +-
.github/workflows/build-metrics-container.yml | 2 +-
.github/workflows/check-ci.yml | 2 +-
.github/workflows/ci-post-commit-analyzer.yml | 4 ++--
.github/workflows/commit-access-review.yml | 2 +-
.github/workflows/docs.yml | 6 +++---
.github/workflows/email-check.yaml | 2 +-
.github/workflows/gha-codeql.yml | 4 ++--
.github/workflows/hlsl-test-all.yaml | 2 +-
.github/workflows/issue-write.yml | 2 +-
.github/workflows/libc-fullbuild-tests.yml | 2 +-
.github/workflows/libc-overlay-tests.yml | 2 +-
.github/workflows/libclang-abi-tests.yml | 4 ++--
.github/workflows/libclang-python-tests.yml | 4 ++--
.github/workflows/libcxx-build-and-test.yaml | 8 ++++----
.github/workflows/libcxx-build-containers.yml | 2 +-
.github/workflows/libcxx-check-generated-files.yml | 2 +-
.github/workflows/libcxx-run-benchmarks.yml | 2 +-
.github/workflows/llvm-bugs.yml | 2 +-
.github/workflows/llvm-tests.yml | 6 +++---
.github/workflows/mlir-spirv-tests.yml | 2 +-
.github/workflows/pr-code-format.yml | 8 ++++----
.github/workflows/pr-code-lint.yml | 10 +++++-----
.github/workflows/pr-request-release-note.yml | 2 +-
.github/workflows/premerge.yaml | 6 +++---
.github/workflows/release-asset-audit.yml | 2 +-
.../workflows/release-binaries-save-stage/action.yml | 4 ++--
.../workflows/release-binaries-setup-stage/action.yml | 2 +-
.github/workflows/release-binaries.yml | 10 +++++-----
.github/workflows/release-documentation.yml | 4 ++--
.github/workflows/release-doxygen.yml | 2 +-
.github/workflows/release-lit.yml | 6 +++---
.github/workflows/release-sources.yml | 4 ++--
.github/workflows/scorecard.yml | 6 +++---
.github/workflows/spirv-tests.yml | 2 +-
.../unprivileged-download-artifact/action.yml | 2 +-
37 files changed, 68 insertions(+), 68 deletions(-)
diff --git a/.github/workflows/build-ci-container-windows.yml b/.github/workflows/build-ci-container-windows.yml
index 167e7cf06b3b2..14c349b1b2fe5 100644
--- a/.github/workflows/build-ci-container-windows.yml
+++ b/.github/workflows/build-ci-container-windows.yml
@@ -44,7 +44,7 @@ jobs:
run: |
docker save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }}
- name: Upload container image
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: container
path: ${{ steps.vars.outputs.container-filename }}
diff --git a/.github/workflows/build-ci-container.yml b/.github/workflows/build-ci-container.yml
index 67f35fd30701f..01f1b8dc4f990 100644
--- a/.github/workflows/build-ci-container.yml
+++ b/.github/workflows/build-ci-container.yml
@@ -64,7 +64,7 @@ jobs:
podman save ${{ steps.vars.outputs.container-name-agent-tag }} > ${{ steps.vars.outputs.container-agent-filename }}
- name: Upload container image
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: container-${{ matrix.arch }}
path: "*.tar"
diff --git a/.github/workflows/build-metrics-container.yml b/.github/workflows/build-metrics-container.yml
index cadcaa9a42e8f..69b571575f40c 100644
--- a/.github/workflows/build-metrics-container.yml
+++ b/.github/workflows/build-metrics-container.yml
@@ -49,7 +49,7 @@ jobs:
run: |
podman save ${{ steps.vars.outputs.container-name-tag }} > ${{ steps.vars.outputs.container-filename }}
- name: Upload Container Image
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: container
path: ${{ steps.vars.outputs.container-filename }}
diff --git a/.github/workflows/check-ci.yml b/.github/workflows/check-ci.yml
index 7e8c15696e344..f18a69c192ee9 100644
--- a/.github/workflows/check-ci.yml
+++ b/.github/workflows/check-ci.yml
@@ -26,7 +26,7 @@ jobs:
with:
sparse-checkout: .ci
- name: Setup Python
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: 3.13
cache: 'pip'
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 7d37b900d7909..49cf4100dd71c 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -44,7 +44,7 @@ jobs:
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
# A full build of llvm, clang, lld, and lldb takes about 250MB
# of ccache space. There's not much reason to have more than this,
@@ -87,7 +87,7 @@ jobs:
scan-build --generate-index-only build/analyzer-results
- name: Upload Results
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: analyzer-results
diff --git a/.github/workflows/commit-access-review.yml b/.github/workflows/commit-access-review.yml
index a7be81b0e2da5..734dc212fa648 100644
--- a/.github/workflows/commit-access-review.yml
+++ b/.github/workflows/commit-access-review.yml
@@ -28,7 +28,7 @@ jobs:
python3 .github/workflows/commit-access-review.py $GITHUB_TOKEN
- name: Upload Triage List
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: triagers
path: triagers.log
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 8cdd39c164cca..b5f3413fe3b6b 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -95,9 +95,9 @@ jobs:
workflow:
- '.github/workflows/docs.yml'
- name: Setup Python env
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
- python-version: '3.11'
+ python-version: '3.13'
cache: 'pip'
cache-dependency-path: 'llvm/docs/requirements-hashed.txt'
- name: Install python dependencies
@@ -209,7 +209,7 @@ jobs:
mkdir built-docs/flang
cp -r flang-build/docs/* built-docs/flang/
- name: Upload docs
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: docs-output
path: built-docs/
diff --git a/.github/workflows/email-check.yaml b/.github/workflows/email-check.yaml
index 9390fba4d4e3b..981c6fa62cb19 100644
--- a/.github/workflows/email-check.yaml
+++ b/.github/workflows/email-check.yaml
@@ -39,7 +39,7 @@ jobs:
[{"body" : "$COMMENT"}]
EOF
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: workflow-args
diff --git a/.github/workflows/gha-codeql.yml b/.github/workflows/gha-codeql.yml
index efb8143877c4e..63388ebc706bd 100644
--- a/.github/workflows/gha-codeql.yml
+++ b/.github/workflows/gha-codeql.yml
@@ -29,9 +29,9 @@ jobs:
sparse-checkout: |
.github/
- name: Initialize CodeQL
- uses: github/codeql-action/init at 192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+ uses: github/codeql-action/init at 303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
with:
languages: actions
queries: security-extended
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze at 192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+ uses: github/codeql-action/analyze at 303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4
diff --git a/.github/workflows/hlsl-test-all.yaml b/.github/workflows/hlsl-test-all.yaml
index 72cbbe2b7dded..f954528abade1 100644
--- a/.github/workflows/hlsl-test-all.yaml
+++ b/.github/workflows/hlsl-test-all.yaml
@@ -80,7 +80,7 @@ jobs:
ninja check-hlsl-unit
ninja ${{ inputs.TestTarget }}
- name: Publish Test Results
- uses: EnricoMi/publish-unit-test-result-action/macos at 170bf24d20d201b842d7a52403b73ed297e6645b # v2
+ uses: EnricoMi/publish-unit-test-result-action/macos at 3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2
if: always() && runner.os == 'macOS'
with:
comment_mode: off
diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml
index db9389b6afe53..26cd60c070251 100644
--- a/.github/workflows/issue-write.yml
+++ b/.github/workflows/issue-write.yml
@@ -40,7 +40,7 @@ jobs:
- name: 'Comment on PR'
if: steps.download-artifact.outputs.artifact-id != ''
- uses: actions/github-script at 60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+ uses: actions/github-script at f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
diff --git a/.github/workflows/libc-fullbuild-tests.yml b/.github/workflows/libc-fullbuild-tests.yml
index 8967cd0949c11..3a048aeb9405b 100644
--- a/.github/workflows/libc-fullbuild-tests.yml
+++ b/.github/workflows/libc-fullbuild-tests.yml
@@ -61,7 +61,7 @@ jobs:
# Do not use direct GHAC access even though it is supported by sccache. GHAC rejects
# frequent small object writes.
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: 1G
key: libc_fullbuild_${{ matrix.c_compiler }}
diff --git a/.github/workflows/libc-overlay-tests.yml b/.github/workflows/libc-overlay-tests.yml
index 7154946ac5c3d..df9a20dce8eae 100644
--- a/.github/workflows/libc-overlay-tests.yml
+++ b/.github/workflows/libc-overlay-tests.yml
@@ -51,7 +51,7 @@ jobs:
# Do not use direct GHAC access even though it is supported by sccache. GHAC rejects
# frequent small object writes.
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: 1G
key: libc_overlay_build_${{ matrix.os }}_${{ matrix.compiler.c_compiler }}
diff --git a/.github/workflows/libclang-abi-tests.yml b/.github/workflows/libclang-abi-tests.yml
index d53a2f306afa2..5ccf976848197 100644
--- a/.github/workflows/libclang-abi-tests.yml
+++ b/.github/workflows/libclang-abi-tests.yml
@@ -131,7 +131,7 @@ jobs:
sed -i 's/LLVM_[0-9]\+/LLVM_NOVERSION/' $lib-${{ matrix.ref }}.abi
done
- name: Upload ABI file
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: ${{ matrix.name }}
path: '*${{ matrix.ref }}.abi'
@@ -165,7 +165,7 @@ jobs:
done
- name: Upload ABI Comparison
if: always()
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: compat-report-${{ github.sha }}
path: compat_reports/
diff --git a/.github/workflows/libclang-python-tests.yml b/.github/workflows/libclang-python-tests.yml
index e168928325561..8fb8cec3b4f00 100644
--- a/.github/workflows/libclang-python-tests.yml
+++ b/.github/workflows/libclang-python-tests.yml
@@ -34,11 +34,11 @@ jobs:
steps:
- uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Python
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: ${{ matrix.python-version }}
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: 2G
key: spirv-ubuntu-24.04
diff --git a/.github/workflows/libcxx-build-and-test.yaml b/.github/workflows/libcxx-build-and-test.yaml
index 2e6ff7f91b6fc..5fe2ffbf58b43 100644
--- a/.github/workflows/libcxx-build-and-test.yaml
+++ b/.github/workflows/libcxx-build-and-test.yaml
@@ -60,7 +60,7 @@ jobs:
env:
CC: ${{ matrix.cc }}
CXX: ${{ matrix.cxx }}
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: ${{ matrix.config }}-${{ matrix.cxx }}-results
@@ -105,7 +105,7 @@ jobs:
env:
CC: ${{ matrix.cc }}
CXX: ${{ matrix.cxx }}
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always() # Upload artifacts even if the build or test suite fails
with:
name: ${{ matrix.config }}-${{ matrix.cxx }}-results
@@ -169,7 +169,7 @@ jobs:
env:
CC: clang-22
CXX: clang++-22
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: ${{ matrix.config }}-results
@@ -223,7 +223,7 @@ jobs:
source .venv/bin/activate
python -m pip install psutil
bash libcxx/utils/ci/run-buildbot ${{ matrix.config }}
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always() # Upload artifacts even if the build or test suite fails
with:
name: macos-${{ matrix.config }}-results
diff --git a/.github/workflows/libcxx-build-containers.yml b/.github/workflows/libcxx-build-containers.yml
index cbaa8e0f65129..312cb47fc3d93 100644
--- a/.github/workflows/libcxx-build-containers.yml
+++ b/.github/workflows/libcxx-build-containers.yml
@@ -55,7 +55,7 @@ jobs:
TAG: ${{ github.sha }}
- name: Log in to GitHub Container Registry
- uses: docker/login-action at 9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+ uses: docker/login-action at 184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/libcxx-check-generated-files.yml b/.github/workflows/libcxx-check-generated-files.yml
index f338bd6952779..d34b6a79556d1 100644
--- a/.github/workflows/libcxx-check-generated-files.yml
+++ b/.github/workflows/libcxx-check-generated-files.yml
@@ -15,7 +15,7 @@ jobs:
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install dependencies
- uses: aminya/setup-cpp at 17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
+ uses: aminya/setup-cpp at a276e6e3d1db9160db5edc458e99a30d3b109949 # v1.7.1
with:
clangformat: 17.0.1
ninja: true
diff --git a/.github/workflows/libcxx-run-benchmarks.yml b/.github/workflows/libcxx-run-benchmarks.yml
index 17a97df029ba5..0379a0a1f857d 100644
--- a/.github/workflows/libcxx-run-benchmarks.yml
+++ b/.github/workflows/libcxx-run-benchmarks.yml
@@ -35,7 +35,7 @@ jobs:
steps:
- uses: actions/setup-python at e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
- python-version: '3.10'
+ python-version: '3.13'
- name: Extract information from the PR
id: vars
diff --git a/.github/workflows/llvm-bugs.yml b/.github/workflows/llvm-bugs.yml
index 5470662c97628..7d42abfadde7b 100644
--- a/.github/workflows/llvm-bugs.yml
+++ b/.github/workflows/llvm-bugs.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-24.04
if: github.repository == 'llvm/llvm-project'
steps:
- - uses: actions/setup-node at 1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+ - uses: actions/setup-node at 49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 18
check-latest: true
diff --git a/.github/workflows/llvm-tests.yml b/.github/workflows/llvm-tests.yml
index ea80e229512d5..c4701c7283da0 100644
--- a/.github/workflows/llvm-tests.yml
+++ b/.github/workflows/llvm-tests.yml
@@ -128,14 +128,14 @@ jobs:
# Remove symbol versioning from dumps, so we can compare across major versions.
sed -i 's/LLVM_${{ matrix.llvm_version_major }}/LLVM_NOVERSION/' ${{ matrix.ref }}.abi
- name: Upload ABI file
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: ${{ matrix.name }}
path: ${{ matrix.ref }}.abi
- name: Upload symbol list file
if: matrix.name == 'build-baseline'
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: symbol-list
path: llvm.symbols
@@ -179,7 +179,7 @@ jobs:
abi-compliance-checker $EXTRA_ARGS -l libLLVM.so -old build-baseline/*.abi -new build-latest/*.abi || test "${{ needs.abi-dump-setup.outputs.ABI_HEADERS }}" = "llvm-c"
- name: Upload ABI Comparison
if: always()
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: compat-report-${{ github.sha }}
path: compat_reports/
diff --git a/.github/workflows/mlir-spirv-tests.yml b/.github/workflows/mlir-spirv-tests.yml
index 78952ccad2642..5bb16c739cdde 100644
--- a/.github/workflows/mlir-spirv-tests.yml
+++ b/.github/workflows/mlir-spirv-tests.yml
@@ -30,7 +30,7 @@ jobs:
steps:
- uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: 2G
key: spirv-mlir-ubuntu-24.04
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 61c8680cd72a1..1e0dc7045c1cc 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -43,14 +43,14 @@ jobs:
# of a release cycle (x.1.0) or the last version of a release cycle, or
# if there have been relevant clang-format backports.
- name: Install clang-format
- uses: aminya/setup-cpp at 17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
+ uses: aminya/setup-cpp at a276e6e3d1db9160db5edc458e99a30d3b109949 # v1.7.1
with:
clangformat: 21.1.0
- name: Setup Python env
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
- python-version: '3.11'
+ python-version: '3.13'
cache: 'pip'
cache-dependency-path: 'llvm/utils/git/requirements_formatting.txt'
@@ -72,7 +72,7 @@ jobs:
--end-rev HEAD \
--changed-files "$CHANGED_FILES"
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: workflow-args
diff --git a/.github/workflows/pr-code-lint.yml b/.github/workflows/pr-code-lint.yml
index daefc9baacce7..776ec4af9d2dc 100644
--- a/.github/workflows/pr-code-lint.yml
+++ b/.github/workflows/pr-code-lint.yml
@@ -27,7 +27,7 @@ jobs:
cancel-in-progress: true
steps:
- name: Fetch LLVM sources
- uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ uses: actions/checkout at 08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 2
@@ -51,14 +51,14 @@ jobs:
# of a release cycle (x.1.0) or the last version of a release cycle, or
# if there have been relevant clang-format backports.
- name: Install clang-tidy
- uses: aminya/setup-cpp at 17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
+ uses: aminya/setup-cpp at a276e6e3d1db9160db5edc458e99a30d3b109949 # v1.7.1
with:
clang-tidy: 21.1.0
- name: Setup Python env
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
- python-version: '3.12'
+ python-version: '3.13'
- name: Install Python dependencies
run: python3 -m pip install -r llvm/utils/git/requirements_linting.txt
@@ -107,7 +107,7 @@ jobs:
--changed-files "$CHANGED_FILES"
- name: Upload results
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: workflow-args
diff --git a/.github/workflows/pr-request-release-note.yml b/.github/workflows/pr-request-release-note.yml
index f0197d71d6aa9..8162a8984ee5f 100644
--- a/.github/workflows/pr-request-release-note.yml
+++ b/.github/workflows/pr-request-release-note.yml
@@ -41,7 +41,7 @@ jobs:
request-release-note \
--pr-number ${{ github.event.pull_request.number}}
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: workflow-args
diff --git a/.github/workflows/premerge.yaml b/.github/workflows/premerge.yaml
index 63ab4a8356971..a9c107e4a5f08 100644
--- a/.github/workflows/premerge.yaml
+++ b/.github/workflows/premerge.yaml
@@ -76,7 +76,7 @@ jobs:
# https://github.com/actions/upload-artifact/issues/569
continue-on-error: true
if: '!cancelled()'
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: Premerge Artifacts (Linux)
path: artifacts/
@@ -130,7 +130,7 @@ jobs:
# https://github.com/actions/upload-artifact/issues/569
continue-on-error: true
if: '!cancelled()'
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: Premerge Artifacts (Windows)
path: artifacts/
@@ -151,7 +151,7 @@ jobs:
with:
fetch-depth: 2
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: "2000M"
- name: Install Ninja
diff --git a/.github/workflows/release-asset-audit.yml b/.github/workflows/release-asset-audit.yml
index 6546540a1b547..8b24948b568eb 100644
--- a/.github/workflows/release-asset-audit.yml
+++ b/.github/workflows/release-asset-audit.yml
@@ -38,7 +38,7 @@ jobs:
if: >-
github.event_name != 'pull_request' &&
failure()
- uses: actions/github-script at 60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
+ uses: actions/github-script at f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
github-token: ${{ secrets.ISSUE_SUBSCRIBER_TOKEN }}
script: |
diff --git a/.github/workflows/release-binaries-save-stage/action.yml b/.github/workflows/release-binaries-save-stage/action.yml
index f08088c7bc56f..84ccf98c23a82 100644
--- a/.github/workflows/release-binaries-save-stage/action.yml
+++ b/.github/workflows/release-binaries-save-stage/action.yml
@@ -30,14 +30,14 @@ runs:
tar -C ${{ inputs.build-prefix }} -c build/ | zstd -T0 -c > build.tar.zst
- name: Upload Stage 1 Source
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ runner.os }}-${{ runner.arch }}-${{ github.job }}-source
path: llvm-project.tar.zst
retention-days: 2
- name: Upload Stage 1 Build Dir
- uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ runner.os}}-${{ runner.arch }}-${{ github.job }}-build
path: build.tar.zst
diff --git a/.github/workflows/release-binaries-setup-stage/action.yml b/.github/workflows/release-binaries-setup-stage/action.yml
index 8f45e22886b6e..475a25fa6b772 100644
--- a/.github/workflows/release-binaries-setup-stage/action.yml
+++ b/.github/workflows/release-binaries-setup-stage/action.yml
@@ -22,7 +22,7 @@ runs:
using: "composite"
steps:
- name: Install Ninja
- uses: llvm/actions/install-ninja at 22e9f909d35b50bd1181709564bfe816eaeaae81 # main
+ uses: llvm/actions/install-ninja at a1ea791b03c8e61f53a0e66f2f73db283aa0f01e # main
- name: Setup Windows
if: startsWith(runner.os, 'Windows')
diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
index 8f422a0147748..99602dbb8b8c7 100644
--- a/.github/workflows/release-binaries.yml
+++ b/.github/workflows/release-binaries.yml
@@ -68,9 +68,9 @@ jobs:
steps:
# It's good practice to use setup-python, but this is also required on macos-14
# due to https://github.com/actions/runner-images/issues/10385
- - uses: actions/setup-python at 39cd14951b08e74b54015e9e001cdefcf80e669f
+ - uses: actions/setup-python at 2e3e4b15a884dc73a63f962bff250a855150a234
with:
- python-version: '3.12'
+ python-version: '3.13'
- name: Checkout LLVM
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -250,7 +250,7 @@ jobs:
release_dir=`find ${{ steps.setup-stage.outputs.build-prefix }}/build -iname 'stage2-bins'`
mv $release_dir/${{ needs.prepare.outputs.release-binary-filename }} .
- - uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ - uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ runner.os }}-${{ runner.arch }}-release-binary
# Due to path differences on Windows when running in bash vs running on node,
@@ -301,7 +301,7 @@ jobs:
- name: Attest Build Provenance
id: provenance
- uses: actions/attest-build-provenance at 897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+ uses: actions/attest-build-provenance at ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: ${{ needs.prepare.outputs.release-binary-filename }}
@@ -310,7 +310,7 @@ jobs:
mv ${{ steps.provenance.outputs.bundle-path }} ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
- name: Upload Build Provenance
- uses: actions/upload-artifact at 65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ needs.prepare.outputs.release-binary-filename }}-attestation
path: ${{ needs.prepare.outputs.release-binary-filename }}.jsonl
diff --git a/.github/workflows/release-documentation.yml b/.github/workflows/release-documentation.yml
index 712ff1831170e..d3d375d3a6df9 100644
--- a/.github/workflows/release-documentation.yml
+++ b/.github/workflows/release-documentation.yml
@@ -37,7 +37,7 @@ jobs:
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Python env
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
cache: 'pip'
cache-dependency-path: './llvm/docs/requirements.txt'
@@ -59,7 +59,7 @@ jobs:
./llvm/utils/release/build-docs.sh -release "${{ inputs.release-version }}" -no-doxygen
- name: Create Release Notes Artifact
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # 4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
with:
name: release-notes
path: docs-build/html-export/
diff --git a/.github/workflows/release-doxygen.yml b/.github/workflows/release-doxygen.yml
index 17c677413f744..79e509e5e6a8b 100644
--- a/.github/workflows/release-doxygen.yml
+++ b/.github/workflows/release-doxygen.yml
@@ -43,7 +43,7 @@ jobs:
uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Python env
- uses: actions/setup-python at 42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+ uses: actions/setup-python at a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
cache: 'pip'
cache-dependency-path: './llvm/docs/requirements.txt'
diff --git a/.github/workflows/release-lit.yml b/.github/workflows/release-lit.yml
index 60ec64462bc31..8b1ce04e12c4f 100644
--- a/.github/workflows/release-lit.yml
+++ b/.github/workflows/release-lit.yml
@@ -45,7 +45,7 @@ jobs:
./llvm/utils/release/./github-upload-release.py --token "$GITHUB_TOKEN" --user ${{ github.actor }} --user-token "$USER_TOKEN" check-permissions
- name: Setup Cpp
- uses: aminya/setup-cpp at 17c11551771948abc5752bbf3183482567c7caf0 # v1.1.1
+ uses: aminya/setup-cpp at a276e6e3d1db9160db5edc458e99a30d3b109949 # v1.7.1
with:
compiler: llvm-16.0.6
cmake: true
@@ -66,14 +66,14 @@ jobs:
python3 setup.py sdist bdist_wheel
- name: Upload lit to test.pypi.org
- uses: pypa/gh-action-pypi-publish at 76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
+ uses: pypa/gh-action-pypi-publish at ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
password: ${{ secrets.LLVM_LIT_TEST_PYPI_API_TOKEN }}
repository-url: https://test.pypi.org/legacy/
packages-dir: llvm/utils/lit/dist/
- name: Upload lit to pypi.org
- uses: pypa/gh-action-pypi-publish at 76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
+ uses: pypa/gh-action-pypi-publish at ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
with:
password: ${{ secrets.LLVM_LIT_PYPI_API_TOKEN }}
packages-dir: llvm/utils/lit/dist/
diff --git a/.github/workflows/release-sources.yml b/.github/workflows/release-sources.yml
index 14cc4c4e9b94f..2278b96dbe242 100644
--- a/.github/workflows/release-sources.yml
+++ b/.github/workflows/release-sources.yml
@@ -92,14 +92,14 @@ jobs:
- name: Attest Build Provenance
if: github.event_name != 'pull_request'
id: provenance
- uses: actions/attest-build-provenance at 897ed5eab6ed058a474202017ada7f40bfa52940 # v1.0.0
+ uses: actions/attest-build-provenance at ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: "*.xz"
- if: github.event_name != 'pull_request'
run: |
mv ${{ steps.provenance.outputs.bundle-path }} .
- name: Create Tarball Artifacts
- uses: actions/upload-artifact at 65462800fd760344b1a7b4382951275a0abb4808 #v4.3.3
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
path: |
*.xz
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 40db5504294ef..c07df338cf989 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -36,7 +36,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action at f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+ uses: ossf/scorecard-action at 05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
with:
results_file: results.sarif
results_format: sarif
@@ -49,7 +49,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
- uses: actions/upload-artifact at 65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+ uses: actions/upload-artifact at ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: SARIF file
path: results.sarif
@@ -57,6 +57,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif at 80f993039571a6de66594ecaa432875a6942e8e0 # v2.20.6
+ uses: github/codeql-action/upload-sarif at b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
with:
sarif_file: results.sarif
diff --git a/.github/workflows/spirv-tests.yml b/.github/workflows/spirv-tests.yml
index 8708fb06d9eb8..69374ae563306 100644
--- a/.github/workflows/spirv-tests.yml
+++ b/.github/workflows/spirv-tests.yml
@@ -26,7 +26,7 @@ jobs:
steps:
- uses: actions/checkout at 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup ccache
- uses: hendrikmuhs/ccache-action at a1209f81afb8c005c13b4296c32e363431bffea5 # v1.2.17
+ uses: hendrikmuhs/ccache-action at bfa03e1de4d7f7c3e80ad9109feedd05c4f5a716 # v1.2.19
with:
max-size: 2G
key: spirv-ubuntu-24.04
diff --git a/.github/workflows/unprivileged-download-artifact/action.yml b/.github/workflows/unprivileged-download-artifact/action.yml
index 9d8fb59a67c0e..5b50d7ce3d3fb 100644
--- a/.github/workflows/unprivileged-download-artifact/action.yml
+++ b/.github/workflows/unprivileged-download-artifact/action.yml
@@ -27,7 +27,7 @@ outputs:
runs:
using: "composite"
steps:
- - uses: actions/github-script at 60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
+ - uses: actions/github-script at f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
id: artifact-url
with:
script: |
More information about the llvm-commits
mailing list