chore(deps): bump the all-actions group with 4 updates (#96)

dependabot[bot] · leonhazen · web-flow · commit 80aa37b9c5de · 2024-05-30T11:55:18.000+10:00
* chore(deps): bump the all-actions group with 4 updates Bumps the all-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-python](https://github.com/actions/setup-python), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/checkout` from 3.5.3 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@c85c95e...a5ac7e5) Updates `actions/setup-python` from 4.7.0 to 5.1.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@61a6322...82c7e63) Updates `codecov/codecov-action` from 2.1.0 to 4.4.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@f32b3a3...125fc84) Updates `pypa/gh-action-pypi-publish` from 1.8.8 to 1.8.14 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@f8c70e7...81e9d93) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com> * chore(actions): add semver to github actions --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Leon Hazen <leon.hazen@stax.io>
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,20 +12,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
       - name: Setup Python 3.9
-        uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
         with:
           python-version: '3.9'
       - name: Install dependencies
         run: make install
       - name: Run tests
         run: make test
       - name: Upload coverage to Codecov 📝
-        # https://github.com/codecov/codecov-action codecov/2.1.0
-        # Pinned this to a git sha as per recommendations in GitHub actions hardening guide.
-        # see https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: "codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b"
+        uses: "codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c" # 4.4.1
         with:
           fail_ci_if_error: true
           files: ./coverage-reports/coverage-report.xml
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone Repository
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
       - name: Setup Python 3.9
-        uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
         with:
           python-version: '3.9'
       - name: Install dependencies
@@ -24,12 +24,12 @@ jobs:
           pipenv run python setup.py sdist bdist_wheel
       - name: Publish distribution 📦 to Test PyPI
         if: github.event.release.prerelease == true
-        uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # 1.8.14
         with:
           password: ${{ secrets.TEST_PYPI_PASSWORD }}
           repository_url: https://test.pypi.org/legacy/
       - name: Publish distribution 📦 to PyPI
         if: github.event.release.prerelease != true
-        uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # 1.8.14
         with:
           password: ${{ secrets.PYPI_PASSWORD }}
