Chore(deps): Bump the actions-deps group across 1 directory with 6 updates

[dependabot]

Bumps the actions-deps group with 6 updates in the / directory:

Package	From	To
lfreleng-actions/github2gerrit-action	1.2.1	1.2.4
actions/checkout	4	6
actions/setup-python	5.6.0	6.2.0
lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml	0.2.21	0.6.0
lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-rtdv3-verify.yaml	0.2.21	0.6.0
im-open/workflow-conclusion	2.2.3	2.2.5

Updates lfreleng-actions/github2gerrit-action from 1.2.1 to 1.2.4

Release notes

Sourced from lfreleng-actions/github2gerrit-action's releases.

v1.2.4

🐛 Bug Fixes 🐛

• Fix: surface Gerrit auth failures without noise @​ModeSevenIndustrialSolutions (#281)
• Fix: address Zizmor and CodeQL security findings @​ModeSevenIndustrialSolutions (#282)
• Fix: resolve vulnerable OpenSSL in cryptography @​ModeSevenIndustrialSolutions (#284)

🔧 Maintenance 🔧

• Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#270)
• Chore: Bump typer from 0.26.5 to 0.26.7 @dependabot[bot] (#273)
• Chore: Bump hatchling from 1.29.0 to 1.30.1 @dependabot[bot] (#274)
• Chore: Bump astral-sh/setup-uv from 8.1.0 to 8.2.0 @dependabot[bot] (#271)
• Chore: Bump ruff from 0.15.15 to 0.15.16 @dependabot[bot] (#272)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#275)
• Docs: Add SECURITY.md security policy @​ModeSevenIndustrialSolutions (#278)
• Build(deps): Add uv exclude-newer cooldown @​ModeSevenIndustrialSolutions (#277)
• Chore: Bump ruff from 0.15.15 to 0.15.16 @dependabot[bot] (#279)
• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#280)
• Chore: Bump pyjwt from 2.12.1 to 2.13.0 @dependabot[bot] (#283)

🎓 Code Quality 🎓

• CI(dependabot): Add 7-day update cooldown @​ModeSevenIndustrialSolutions (#276)

Links

• Submit bugs/feature requests

v1.2.3

🐛 Bug Fixes 🐛

• Fix: abandon Gerrit changes over SSH on PR close @​askb (#269)

🔧 Maintenance 🔧

• Chore: pre-commit autoupdate @pre-commit-ci[bot] (#265)
• Docs: add 'closed' event type to workflow usage examples @​askb (#267)
• Chore: add path filters to testing.yaml for pull_request trigger @​askb (#266)
• Chore: remove redundant workflow copies @​ModeSevenIndustrialSolutions (#268)

🎓 Code Quality 🎓

• Chore: add path filters to testing.yaml for pull_request trigger @​askb (#266)

Links

• Submit bugs/feature requests

... (truncated)

Commits

• 806c001 Merge pull request #284 from modeseven-lfreleng-actions/fix/cryptography-open...
• 875879a Fix: resolve vulnerable OpenSSL in cryptography
• 587d4f0 Merge pull request #283 from lfreleng-actions/dependabot/uv/pyjwt-2.13.0
• 93dff5d Chore: Bump pyjwt from 2.12.1 to 2.13.0
• 71763aa Merge pull request #282 from modeseven-lfreleng-actions/fix/security-zizmor-c...
• 309622b Fix: address Zizmor and CodeQL security findings
• fb35f88 Merge pull request #280 from lfreleng-actions/pre-commit-ci-update-config
• b2d33e5 Merge pull request #281 from modeseven-lfreleng-actions/fix/gerrit-auth-guard...
• dbc0a93 Fix: surface Gerrit auth failures without noise
• 847130b Chore: pre-commit autoupdate
• Additional commits viewable in compare view

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774

... (truncated)

Commits

• df4cb1c Update changelog for v6.0.3 (#2446)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 0c366fd Update changelog (#2357)
• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• Additional commits viewable in compare view

Updates actions/setup-python from 5.6.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @​salmanmkc in actions/setup-python#1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @​dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

• Add support for pip-install input by @​gowridurgad in actions/setup-python#1201
• Add graalpy early-access and windows builds by @​timfel in actions/setup-python#880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @​yarikoptic in actions/setup-python#979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @​dependabot in actions/setup-python#1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @​dependabot in actions/setup-python#1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @​dependabot in actions/setup-python#1199
• Upgrade requests from 2.32.2 to 2.32.4 by @​dependabot in actions/setup-python#1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @​dependabot in actions/setup-python#1234
• Upgrade @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @​dependabot in actions/setup-python#1235

New Contributors

• @​yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in actions/setup-python#1129
• Enhance reading from .python-version by @​krystof-k in actions/setup-python#787
• Add version parsing from Pipfile by @​aradkdj in actions/setup-python#1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in actions/setup-python#1183
• Change missing cache directory error to warning by @​aparnajyothi-y in actions/setup-python#1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in actions/setup-python#1122
• Include python version in PyPy python-version output by @​cdce8p in actions/setup-python#1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in actions/setup-python#1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in actions/setup-python#843
• Upgrade form-data to fix critical vulnerabilities #182 & #183 by @​aparnajyothi-y in actions/setup-python#1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in actions/setup-python#1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-python#1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

• a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
• bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
• 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
• 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
• bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
• 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
• 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
• cfd55ca graalpy: add graalpy early-access and windows builds (#880)
• bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
• 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
• Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.2.21 to 0.6.0

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml's releases.

v0.6.0

✨ New Features ✨

• Feat: Dogfood semantic pull request workflow @​ModeSevenIndustrialSolutions (#669)
• Feat: Add reusable workflows and harden egress to block mode @​ModeSevenIndustrialSolutions (#680)
• Feat: Add package hardening audit workflow @​ModeSevenIndustrialSolutions (#681)

🔧 Maintenance 🔧

• Chore: pre-commit linting updates @pre-commit-ci[bot] (#679)
• Chore: Bump lfreleng-actions/nexus-publish-action from 0.2.0 to 0.2.1 @dependabot[bot] (#678)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#674)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#676)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#675)
• Chore: Bump github/codeql-action from 4.36.1 to 4.36.2 @dependabot[bot] (#677)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#673)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#672)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#670)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#671)

Links

• Submit bugs/feature requests

v0.5.0

✨ New Features ✨

• Feat: Add semantic pull request reusable workflow @​ModeSevenIndustrialSolutions (#661)
• Feat: add PRE_BUILD_SCRIPT support to compose-maven-verify @​askb (#668)

🐛 Bug Fixes 🐛

• Fix: Use zizmor-scan-action for security audit @​ModeSevenIndustrialSolutions (#667)

🔧 Maintenance 🔧

• Chore: Bump lfreleng-actions/sonatype-lifecycle-scan-action from 0.1.2 to 0.1.3 @dependabot[bot] (#662)
• Chore: Bump github/codeql-action from 4.36.0 to 4.36.1 @dependabot[bot] (#665)
• Chore: Bump lfreleng-actions/gerrit-review-action from 1.1.0 to 1.1.1 @dependabot[bot] (#663)
• Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#664)
• Chore: Bump hashicorp/setup-packer from 3.2.0 to 3.3.0 @dependabot[bot] (#666)

Links

• Submit bugs/feature requests

v0.4.0

... (truncated)

Commits

• f43b219 Merge pull request #681 from modeseven-lfit/feat/package-hardening-audit
• 6f57890 Feat: Add package hardening audit workflow
• f8a4d0a Merge pull request #680 from modeseven-lfit/ci/harden-runner-block-mode
• 4d5996a Fix: Block egress, silence zizmor on autolabeler
• 82c150a Feat: Add reusable SHA-pinned actions workflow
• 96e32b5 Feat: Add reusable autolabeler workflow
• ce92cf4 Feat: Add reusable zizmor scan workflow
• e22e915 Style: Refine workflow display names
• 371b433 Fix: Harden reusable workflow permissions
• 8b9dd61 CI: Enable harden-runner block egress mode
• Additional commits viewable in compare view

Updates lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-rtdv3-verify.yaml from 0.2.21 to 0.6.0

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-rtdv3-verify.yaml's releases.

v0.6.0

✨ New Features ✨

• Feat: Dogfood semantic pull request workflow @​ModeSevenIndustrialSolutions (#669)
• Feat: Add reusable workflows and harden egress to block mode @​ModeSevenIndustrialSolutions (#680)
• Feat: Add package hardening audit workflow @​ModeSevenIndustrialSolutions (#681)

🔧 Maintenance 🔧

• Chore: pre-commit linting updates @pre-commit-ci[bot] (#679)
• Chore: Bump lfreleng-actions/nexus-publish-action from 0.2.0 to 0.2.1 @dependabot[bot] (#678)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#674)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#676)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#675)
• Chore: Bump github/codeql-action from 4.36.1 to 4.36.2 @dependabot[bot] (#677)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#673)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#672)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#670)
• Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.3.4 to 0.5.0 @dependabot[bot] (#671)

Links

• Submit bugs/feature requests

v0.5.0

✨ New Features ✨

• Feat: Add semantic pull request reusable workflow @​ModeSevenIndustrialSolutions (#661)
• Feat: add PRE_BUILD_SCRIPT support to compose-maven-verify @​askb (#668)

🐛 Bug Fixes 🐛

• Fix: Use zizmor-scan-action for security audit @​ModeSevenIndustrialSolutions (#667)

🔧 Maintenance 🔧

• Chore: Bump lfreleng-actions/sonatype-lifecycle-scan-action from 0.1.2 to 0.1.3 @dependabot[bot] (#662)
• Chore: Bump github/codeql-action from 4.36.0 to 4.36.1 @dependabot[bot] (#665)
• Chore: Bump lfreleng-actions/gerrit-review-action from 1.1.0 to 1.1.1 @dependabot[bot] (#663)
• Chore: Bump actions/checkout from 6.0.2 to 6.0.3 @dependabot[bot] (#664)
• Chore: Bump hashicorp/setup-packer from 3.2.0 to 3.3.0 @dependabot[bot] (#666)

Links

• Submit bugs/feature requests

v0.4.0

... (truncated)

Commits

• f43b219 Merge pull request #681 from modeseven-lfit/feat/package-hardening-audit
• 6f57890 Feat: Add package hardening audit workflow
• f8a4d0a Merge pull request #680 from modeseven-lfit/ci/harden-runner-block-mode
• 4d5996a Fix: Block egress, silence zizmor on autolabeler
• 82c150a Feat: Add reusable SHA-pinned actions workflow
• 96e32b5 Feat: Add reusable autolabeler workflow
• ce92cf4 Feat: Add reusable zizmor scan workflow
• e22e915 Style: Refine workflow display names
• 371b433 Fix: Harden reusable workflow permissions
• 8b9dd61 CI: Enable harden-runner block egress mode
• Additional commits viewable in compare view

Updates im-open/workflow-conclusion from 2.2.3 to 2.2.5

Commits

• 7b14694 Merge pull request #22 from im-open/dependabot/npm_and_yarn/multi-939339bafa
• ed66aae Update dependencies to latest minor/patch versions
• 7981b00 update readme
• 25acccf Update require to import for @​actions dependencies
• a13887b Update esbuild and rebuild dist
• cabbd5f trigger checks
• 7fab2e3 Merge branch 'main' into dependabot/npm_and_yarn/multi-939339bafa
• 8545de8 trigger checks
• fce1856 Merge pull request #27 from im-open/DEVO-1191-updatenodejs
• a9a39c2 update nodejs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

PR: #10
Mode: squash
Topic: GH-docs-10
Change-Ids:
I3e65015fb13e3a354e775562f8b9133fc4386a74
Digest: 09a8370a4870
GitHub-Hash: b4b3444c9a4a355b

Note: This metadata is also included in the Gerrit commit message for reconciliation.

[github-actions]

Change raised in Gerrit by GitHub2Gerrit: https://git.opendaylight.org/gerrit/c/docs/+/123620