Merge pull request #2545 from theupdateframework/dependabot/github_actions/action-dependencies-61aaf34304

build(deps): bump the action-dependencies group with 2 updates

Author: jku

.github/workflows/cd.yml

@@ -34,7 +34,7 @@ jobs:
         run: PIP_CONSTRAINT=requirements/build.txt python3 -m build --sdist --wheel --outdir dist/ .
 
       - name: Store build artifacts
-        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
+        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
         # NOTE: The GitHub release page contains the release artifacts too, but using
         # GitHub upload/download actions seems robuster: there is no need to compute
         # download URLs and tampering with artifacts between jobs is more limited.

.github/workflows/dependency-review.yml

@@ -18,4 +18,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3 # unpinned since this is not security critical
+        uses: actions/dependency-review-action@v4 # unpinned since this is not security critical