From ebf45a98dd14ae72d290daa330233691fa32b89a Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Mon, 11 Sep 2023 07:55:59 +0200
Subject: [PATCH] Update workflows (#1596)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.20.1` -> `v2.21.5` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.8` -> `v1.8.10` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.10`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.10)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10)

#### :bug: What's Fixed

[@&#8203;woodruffw](https://togithub.com/woodruffw) fixed decoding OIDC
claims in debug output on failure by applying correct padding to the
encoded payload via
[https://github.com/pypa/gh-action-pypi-publish/pull/177](https://togithub.com/pypa/gh-action-pypi-publish/pull/177).

**Full Diff**:
https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10

###
[`v1.8.9`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.9)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9)

#### :nail_care: Cosmetic output improvements

- [@&#8203;woodruffw](https://togithub.com/woodruffw) added debug output
to the trusted publishing OIDC exchange on failures in
[https://github.com/pypa/gh-action-pypi-publish/pull/174](https://togithub.com/pypa/gh-action-pypi-publish/pull/174)
- [@&#8203;woodruffw](https://togithub.com/woodruffw) implemented
Markdown semantic callouts in README via
[https://github.com/pypa/gh-action-pypi-publish/pull/175](https://togithub.com/pypa/gh-action-pypi-publish/pull/175)

#### :hammer_and_wrench: Internal dependencies

- Certifi was bumped from 2023.5.7 to 2023.7.22
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/171](https://togithub.com/pypa/gh-action-pypi-publish/pull/171)ll/171
- Cryptography was bumped from 41.0.2 to 41.0.3
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/172](https://togithub.com/pypa/gh-action-pypi-publish/pull/172)ll/172

**Full Diff**:
https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi42OC4xIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
---
 .github/workflows/link-checker-on-push.yml | 2 +-
 .github/workflows/link-checker.yml         | 2 +-
 .github/workflows/publish-to-pypi.yaml     | 2 +-
 .github/workflows/scorecards.yml           | 6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/link-checker-on-push.yml b/.github/workflows/link-checker-on-push.yml
index 6e0bd876147..db694b11efd 100644
--- a/.github/workflows/link-checker-on-push.yml
+++ b/.github/workflows/link-checker-on-push.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
         check-modified-files-only: "yes"
diff --git a/.github/workflows/link-checker.yml b/.github/workflows/link-checker.yml
index ca0e8661bbe..1300bc338e1 100644
--- a/.github/workflows/link-checker.yml
+++ b/.github/workflows/link-checker.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
         
diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
index 52f2af96d90..fe6c4489204 100644
--- a/.github/workflows/publish-to-pypi.yaml
+++ b/.github/workflows/publish-to-pypi.yaml
@@ -44,7 +44,7 @@ jobs:
         build
         --sdist --wheel --outdir dist/ .
     - name: Publish distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8
+      uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10
       with:
         password: ${{ secrets.PYPI_API_TOKEN }}
         packages_dir: dist/
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 6e2edbeda83..95d9eb205ea 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,7 +22,7 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           persist-credentials: false
 
@@ -42,7 +42,7 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           sarif_file: results.sarif