From 47199bcba09245973abf18f237826dabe6aba777 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 04:49:33 +0000 Subject: [PATCH] chore(deps): bump the actions group with 9 updates Bumps the actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `3` | `7` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `astral-sh/setup-uv` from 3 to 7 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/v3...v7) Updates `codecov/codecov-action` from 4 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 26 +++++++++++++------------- .github/workflows/daily-update.yml | 4 ++-- .github/workflows/pages.yml | 8 ++++---- .github/workflows/privacy-guard.yml | 2 +- .github/workflows/security-audit.yml | 8 ++++---- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b8cd30..2e952b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,8 +21,8 @@ jobs: name: Lint & Format runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 + - uses: actions/checkout@v6 + - uses: astral-sh/setup-uv@v7 with: enable-cache: true - name: Install ruff @@ -34,8 +34,8 @@ jobs: name: Type Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 + - uses: actions/checkout@v6 + - uses: astral-sh/setup-uv@v7 with: enable-cache: true - name: Install dev dependencies @@ -47,8 +47,8 @@ jobs: runs-on: ubuntu-latest needs: [lint] steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 + - uses: actions/checkout@v6 + - uses: astral-sh/setup-uv@v7 with: enable-cache: true - name: Install dev dependencies @@ -56,7 +56,7 @@ jobs: - name: Run tests run: uv run --directory backend pytest tests/ -v --cov=api_market --cov-report=xml --cov-fail-under=70 - name: Upload coverage - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v6 with: file: ./backend/coverage.xml flags: unittests @@ -67,9 +67,9 @@ jobs: runs-on: ubuntu-latest needs: [lint] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: # Scan both the Python backend and the Next.js frontend. # `security-extended` adds queries beyond the default @@ -79,7 +79,7 @@ jobs: languages: python, javascript, typescript queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: # The frontend is a TS/JSX project under frontend/src; # without this filter CodeQL still walks the whole tree but @@ -92,11 +92,11 @@ jobs: needs: [test, typecheck] if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Build image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: . push: false diff --git a/.github/workflows/daily-update.yml b/.github/workflows/daily-update.yml index 5cadc4e..ac4feb2 100644 --- a/.github/workflows/daily-update.yml +++ b/.github/workflows/daily-update.yml @@ -20,9 +20,9 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: astral-sh/setup-uv@v3 + - uses: astral-sh/setup-uv@v7 with: enable-cache: true cache-dependency-glob: | diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 8af7524..12c5acf 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -19,16 +19,16 @@ jobs: timeout-minutes: 15 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" - name: Restore cached SQLite database id: cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: data/api_market.db key: api-market-db-v1 @@ -84,7 +84,7 @@ jobs: python scripts/build_static_data.py - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" cache: npm diff --git a/.github/workflows/privacy-guard.yml b/.github/workflows/privacy-guard.yml index cd92fdf..25e2b0c 100644 --- a/.github/workflows/privacy-guard.yml +++ b/.github/workflows/privacy-guard.yml @@ -11,7 +11,7 @@ jobs: name: Scan for leaked secrets runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml index 53d934f..d51d1fc 100644 --- a/.github/workflows/security-audit.yml +++ b/.github/workflows/security-audit.yml @@ -27,8 +27,8 @@ jobs: name: npm audit (frontend) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: "20" cache: "npm" @@ -63,8 +63,8 @@ jobs: name: Python dependency audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: astral-sh/setup-uv@v3 + - uses: actions/checkout@v6 + - uses: astral-sh/setup-uv@v7 with: enable-cache: true - name: Install pip-audit