ci(deps): bump the github-actions group with 3 updates (#16)

dependabot[bot] · mbarbero · web-flow · commit 3e759d778057 · 2026-03-20T22:18:25.000+01:00
Bumps the github-actions group with 3 updates: [graalvm/setup-graalvm](https://github.com/graalvm/setup-graalvm), [actions/download-artifact](https://github.com/actions/download-artifact) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `graalvm/setup-graalvm` from 1.4.5 to 1.5.0 - [Release notes](https://github.com/graalvm/setup-graalvm/releases) - [Commits](graalvm/setup-graalvm@54b4f5a...f744c72) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@70fc10c...3e5f45b) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@faadad0...ba7bc0a) --- updated-dependencies: - dependency-name: graalvm/setup-graalvm dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mikaël Barbero <mikael.barbero@eclipse-foundation.org>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -170,43 +170,43 @@ jobs:
       # validates the native-image version even though no native compilation
       # happens in this job.
       - name: Set up GraalVM
-        uses: graalvm/setup-graalvm@54b4f5a65c1a84b2fdfdc2078fe43df32819e4b1 # v1.4.5
+        uses: graalvm/setup-graalvm@f744c72a42b1995d7b0cbc314bde4bace7ac1fe1 # v1.5.0
         with:
           java-version: '21'
           distribution: 'graalvm-community'
 
       - name: Download native binary (linux-x86_64)
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: csi-codesign-linux-x86_64
           path: out/linux-x86_64
 
       - name: Download native binary (linux-aarch_64)
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: csi-codesign-linux-aarch_64
           path: out/linux-aarch_64
 
       - name: Download native binary (osx-aarch_64)
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: csi-codesign-osx-aarch_64
           path: out/osx-aarch_64
 
       - name: Download native binary (osx-x86_64)
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: csi-codesign-osx-x86_64
           path: out/osx-x86_64
 
       - name: Download native binary (windows-x86_64)
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: csi-codesign-windows-x86_64
           path: out/windows-x86_64
 
       - name: Download CLI fat JAR
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: cli-fatjar
           path: out/cli-fatjar
diff --git a/.github/workflows/reusable-native-build.yml b/.github/workflows/reusable-native-build.yml
@@ -60,7 +60,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up GraalVM
-        uses: graalvm/setup-graalvm@54b4f5a65c1a84b2fdfdc2078fe43df32819e4b1 # v1.4.5
+        uses: graalvm/setup-graalvm@f744c72a42b1995d7b0cbc314bde4bace7ac1fe1 # v1.5.0
         with:
           java-version: '21'
           distribution: 'graalvm-community'
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
@@ -90,7 +90,7 @@ jobs:
           echo "opengrep=${opengrep}" >> "$GITHUB_OUTPUT"
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
 
       - name: Download Opengrep
         env:
