chore(deps): update github actions

oep-renovate[bot] · web-flow · commit 7d87e5a3dd7b · 2025-11-01T02:34:44.000Z
Signed-off-by: oep-renovate[bot] &lt;212772560+oep-renovate[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -34,13 +34,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
           queries: security-extended
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           python-version-file: ".python-version"
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: Install dependencies
         run: |
           uv sync --locked --extra docs
diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml
@@ -26,11 +26,11 @@ jobs:
         with:
           python-version-file: ".python-version"
       - name: Set up Node.js
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
-          node-version: 22
+          node-version: 24
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: Install dependencies
         run: |
           uv sync --locked --all-extras
@@ -49,7 +49,7 @@ jobs:
         with:
           python-version-file: ".python-version"
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: Install dependencies
         run: |
           uv sync --locked --extra tests --extra ovms
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -26,14 +26,14 @@ jobs:
       - name: Build sdist
         run: |
           uv build --sdist
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: artifact-sdist
           path: dist/*.tar.gz
       - name: Build wheel
         run: |
           uv build --wheel
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: artifact-wheel
           path: dist/*.whl
@@ -48,7 +48,7 @@ jobs:
       id-token: write # required by trusted publisher
     steps:
       - name: Download artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6
         with:
           path: dist
           pattern: artifact-*
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -72,7 +72,7 @@ jobs:
           private-key: ${{ secrets.RENOVATE_APP_PEM }}
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@2d941ef4e268e53affdc1f11365c69a73e544f50 # v43.0.14
+        uses: renovatebot/github-action@a3c115cd6676c8a5bc72f9715f108759e570daf5 # v43.0.19
         with:
           configurationFile: .github/renovate.json5
           token: "${{ steps.get-github-app-token.outputs.token }}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -35,6 +35,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -24,7 +24,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Zizmor scan
-        uses: open-edge-platform/geti-ci/actions/zizmor@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/zizmor@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "all"
           severity-level: "LOW"
@@ -42,7 +42,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Bandit scan
-        uses: open-edge-platform/geti-ci/actions/bandit@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/bandit@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "all"
           severity-level: "LOW"
@@ -62,7 +62,7 @@ jobs:
           persist-credentials: false
       - name: Run Trivy scan
         id: trivy
-        uses: open-edge-platform/geti-ci/actions/trivy@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/trivy@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan_type: "fs"
           scan-scope: all
@@ -84,7 +84,7 @@ jobs:
           persist-credentials: false
       - name: Run Semgrep scan
         id: semgrep
-        uses: open-edge-platform/geti-ci/actions/semgrep@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/semgrep@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "all"
           severity: "LOW"
diff --git a/.github/workflows/test_accuracy.yml b/.github/workflows/test_accuracy.yml
@@ -19,7 +19,7 @@ jobs:
         with:
           python-version-file: ".python-version"
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: Install dependencies
         run: |
           uv sync --locked --extra tests --extra-index-url https://download.pytorch.org/whl/cpu
diff --git a/.github/workflows/test_precommit.yml b/.github/workflows/test_precommit.yml
@@ -21,7 +21,7 @@ jobs:
         with:
           python-version-file: ".python-version"
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: Install dependencies
         run: |
           uv sync --locked --extra tests --extra ovms --extra-index-url https://download.pytorch.org/whl/cpu
@@ -51,7 +51,7 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install uv
-        uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
+        uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
       - name: serving_api
         run: |
           uv sync --locked --extra tests --extra ovms
@@ -69,7 +69,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Zizmor scan
-        uses: open-edge-platform/geti-ci/actions/zizmor@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/zizmor@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "changed"
           severity-level: "LOW"
@@ -85,7 +85,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Bandit scan
-        uses: open-edge-platform/geti-ci/actions/bandit@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/bandit@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "changed"
           severity-level: "LOW"
@@ -103,7 +103,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Bandit scan
-        uses: open-edge-platform/geti-ci/actions/semgrep@c2bb2697178bb2e50014420aef2351a45749b925
+        uses: open-edge-platform/geti-ci/actions/semgrep@176100eb5fcafea90e2a471c6d4cf233632d13b7
         with:
           scan-scope: "changed"
           severity: "LOW"
