From 5e21648a6f662749baeee10f9ed5d0d99d7f2433 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 17:44:40 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 4 updates Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action), [crate-ci/typos](https://github.com/crate-ci/typos) and [DataDog/dd-trace-go/.github/workflows/orchestrion.yml](https://github.com/datadog/dd-trace-go). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `github/codeql-action` from 4.31.10 to 4.31.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cdefb33c0f6224e58673d9004f47f7cb3e328b89...19b2f06db2b6f5108140aeb04014ef02b648f789) Updates `crate-ci/typos` from 1.42.1 to 1.42.2 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](https://github.com/crate-ci/typos/compare/65120634e79d8374d1aa2f27e54baa0c364fff5a...a1d64977b4aa1709d6328d518aa753f4899352d8) Updates `DataDog/dd-trace-go/.github/workflows/orchestrion.yml` from e5d6064117ee77b1dc688a3257fb3f5230e4ec24 to e3349082ecb3db03a872e6ce8b5dfcbbe7d7707a - [Release notes](https://github.com/datadog/dd-trace-go/releases) - [Commits](https://github.com/datadog/dd-trace-go/compare/e5d6064117ee77b1dc688a3257fb3f5230e4ec24...e3349082ecb3db03a872e6ce8b5dfcbbe7d7707a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.31.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: crate-ci/typos dependency-version: 1.42.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: DataDog/dd-trace-go/.github/workflows/orchestrion.yml dependency-version: e3349082ecb3db03a872e6ce8b5dfcbbe7d7707a dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/deps-update.yml | 4 ++-- .github/workflows/docsite.yml | 4 ++-- .github/workflows/ossf-scorecard.yml | 4 ++-- .github/workflows/pr-labeler.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/sast.yml | 6 +++--- .github/workflows/validate.yml | 32 ++++++++++++++-------------- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/deps-update.yml b/.github/workflows/deps-update.yml index 771a15b0..bdf3433d 100644 --- a/.github/workflows/deps-update.yml +++ b/.github/workflows/deps-update.yml @@ -12,7 +12,7 @@ jobs: changes-needed: ${{ steps.is-tree-dirty.outputs.result }} steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Set up Go id: setup-go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 @@ -76,7 +76,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Download patches uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v4 with: diff --git a/.github/workflows/docsite.yml b/.github/workflows/docsite.yml index 57f57841..5c244f29 100644 --- a/.github/workflows/docsite.yml +++ b/.github/workflows/docsite.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: lfs: true submodules: recursive @@ -51,7 +51,7 @@ jobs: steps: # Check out so that actions/configure-pages can access repository details... - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Download Artifact uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v4 with: diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index c1a786b1..afdfff51 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -19,7 +19,7 @@ jobs: id-token: write steps: - name: "Checkout code" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: persist-credentials: false - name: "Run analysis" @@ -37,6 +37,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3 + uses: github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 5e296764..258d85f9 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -11,7 +11,7 @@ jobs: pull-requests: write # Needed to update labels steps: - name: Check out - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 61d5c4b4..01d346e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: contents: write # To be able to create draft releases steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -86,7 +86,7 @@ jobs: contents: write # To be able to create new tags steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: ref: ${{ github.event.release.target_commitish }} - name: Setup go diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 8deb9177..145c6870 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -26,15 +26,15 @@ jobs: packages: read steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3 + uses: github/codeql-action/init@19b2f06db2b6f5108140aeb04014ef02b648f789 # v3 with: languages: go build-mode: autobuild - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3 + uses: github/codeql-action/analyze@19b2f06db2b6f5108140aeb04014ef02b648f789 # v3 with: category: "/language:go" # Currently, the upload fails for merge group checks, but still run the checks... diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index fccb100f..8f59c591 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -23,7 +23,7 @@ jobs: has-patch: ${{ steps.is-tree-dirty.outputs.result }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 @@ -105,7 +105,7 @@ jobs: if: always() && needs.generate.outputs.has-patch == 'true' && github.event_name == 'pull_request' && (github.event.pull_request.head.repo.full_name == github.repository || github.event.pull_request.maintainer_can_modify) steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -140,7 +140,7 @@ jobs: name: Linters steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -149,7 +149,7 @@ jobs: - name: Verify license headers run: go run ./_tools/headercheck/header_check.go - name: Check documentation for misspellings - uses: crate-ci/typos@65120634e79d8374d1aa2f27e54baa0c364fff5a # v1.42.1 + uses: crate-ci/typos@a1d64977b4aa1709d6328d518aa753f4899352d8 # v1.42.2 lint-go: needs: generate name: GolangCI Lint (${{ matrix.runs-on }} | ${{ matrix.working-directory || 'main' }}) @@ -161,7 +161,7 @@ jobs: runs-on: ${{ matrix.runs-on }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -181,7 +181,7 @@ jobs: name: GitHub Workflow Linters steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6124774845927d14c601359ab8138699fa5b70c3 # v3 with: @@ -204,7 +204,7 @@ jobs: name: Makefile Linters steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -223,7 +223,7 @@ jobs: name: Format Check steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -255,7 +255,7 @@ jobs: name: Unit tests (go ${{ matrix.go-version }}, ${{ matrix.runs-on }}) steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup Go id: setup-go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 @@ -303,7 +303,7 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 @@ -328,7 +328,7 @@ jobs: name: Benchmark Report steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 @@ -361,7 +361,7 @@ jobs: integration-tests: name: Integration Tests needs: generate - uses: DataDog/dd-trace-go/.github/workflows/orchestrion.yml@e5d6064117ee77b1dc688a3257fb3f5230e4ec24 # ratchet:DataDog/dd-trace-go/.github/workflows/orchestrion.yml@main + uses: DataDog/dd-trace-go/.github/workflows/orchestrion.yml@e3349082ecb3db03a872e6ce8b5dfcbbe7d7707a # ratchet:DataDog/dd-trace-go/.github/workflows/orchestrion.yml@main with: collect-coverage: ${{ github.event_name != 'merge_group' }} orchestrion-version: ${{ github.sha }} @@ -380,7 +380,7 @@ jobs: go-version: [oldstable, stable] steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup Go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v5 with: @@ -438,7 +438,7 @@ jobs: steps: - name: Checkout if: github.event_name != 'merge_group' && !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Download codecov CLI id: codecov-cli if: github.event_name != 'merge_group' && !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) @@ -563,7 +563,7 @@ jobs: matrix: ${{ fromJson(needs.coverage-matrix.outputs.matrix) }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Download Artifacts uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v4 with: @@ -582,7 +582,7 @@ jobs: if: github.event_name != 'merge_group' && !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Download codecov CLI id: codecov-cli uses: ./.github/actions/codecov-cli