[bot] Update GitHub Action Versions (#1601)

### GitHub Actions Version Updates * **[github/codeql-action](https://github.com/github/codeql-action)** added a new **[commit](github/codeql-action@1245696032ecf7d39f87d54daa406e22ddf769a8)** to **[codeql-bundle-20230524](https://github.com/github/codeql-action/releases/tag/codeql-bundle-20230524)** Tag on 2023-05-22T16:11:03Z * **[ad-m/github-push-action](https://github.com/ad-m/github-push-action)** added a new **[commit](ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df)** to **[v0.8.0](https://github.com/ad-m/github-push-action/releases/tag/v0.8.0)** Tag on 2023-10-07T09:43:19Z * **[actions/dependency-review-action](https://github.com/actions/dependency-review-action)** added a new **[commit](actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507)** to **[v3.1.5](https://github.com/actions/dependency-review-action/releases/tag/v3.1.5)** Tag on 2024-01-04T15:06:44Z * **[ossf/scorecard-action](https://github.com/ossf/scorecard-action)** added a new **[commit](ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736)** to **[v2.3.1](https://github.com/ossf/scorecard-action/releases/tag/v2.3.1)** Tag on 2023-10-23T19:22:52Z * **[actions/checkout](https://github.com/actions/checkout)** added a new **[commit](actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11)** to **[v4.1.1](https://github.com/actions/checkout/releases/tag/v4.1.1)** Tag on 2023-10-17T15:52:30Z * **[actions/upload-artifact](https://github.com/actions/upload-artifact)** added a new **[commit](actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595)** to **[v4.1.0](https://github.com/actions/upload-artifact/releases/tag/v4.1.0)** Tag on 2024-01-10T20:47:13Z
Ouranosinc · Jan 17, 2024 · 507bd0b · 507bd0b
2 parents bd6a6f8 + fcf7b6d
commit 507bd0b
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
@@ -75,7 +75,7 @@ jobs:
           echo "new_version=${NEW_VERSION}"
           echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV
       - name: Push Changes
-        uses: ad-m/github-push-action@v0.8.0
+        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df
         with:
           force: false
           github_token: ${{ secrets.BUMP_VERSION_TOKEN }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -52,10 +52,10 @@ jobs:
         uses: actions/[email protected]
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@codeql-bundle-20230524
+        uses: github/codeql-action/init@1245696032ecf7d39f87d54daa406e22ddf769a8
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        uses: github/codeql-action/autobuild@codeql-bundle-20230524
+        uses: github/codeql-action/autobuild@1245696032ecf7d39f87d54daa406e22ddf769a8
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@codeql-bundle-20230524
+        uses: github/codeql-action/analyze@1245696032ecf7d39f87d54daa406e22ddf769a8
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -28,4 +28,4 @@ jobs:
         uses: actions/[email protected]
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3.1.4
+        uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736
         with:
           results_file: results.sarif
           results_format: sarif
@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@1245696032ecf7d39f87d54daa406e22ddf769a8
         with:
           sarif_file: results.sarif