From 85382936a50650749d2354072ce3c0d7466727eb Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Tue, 2 Jun 2026 15:04:15 +0000
Subject: [PATCH] Update GitHub Actions

---
 .github/actions/generate-tokens/action.yml  | 12 ++++++------
 .github/workflows/check-untracked-repos.yml |  2 +-
 .github/workflows/dry-run.yml               |  2 +-
 .github/workflows/main.yml                  |  8 ++++----
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/actions/generate-tokens/action.yml b/.github/actions/generate-tokens/action.yml
index 5c783dc3d..8fdad2e4e 100644
--- a/.github/actions/generate-tokens/action.yml
+++ b/.github/actions/generate-tokens/action.yml
@@ -35,7 +35,7 @@ runs:
     # GitHub tokens generated from GitHub Apps can access resources from one organization,
     # so we need to generate a token for each organization.
     - name: Generate GitHub token (rust-lang)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-lang-token
       with:
         app-id: ${{ inputs.app-id }}
@@ -43,7 +43,7 @@ runs:
         owner: rust-lang
 
     - name: Generate GitHub token (rust-lang-deprecated)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-lang-deprecated-token
       with:
         app-id: ${{ inputs.app-id }}
@@ -51,7 +51,7 @@ runs:
         owner: rust-lang-deprecated
 
     - name: Generate GitHub token (rust-lang-nursery)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-lang-nursery-token
       with:
         app-id: ${{ inputs.app-id }}
@@ -59,7 +59,7 @@ runs:
         owner: rust-lang-nursery
 
     - name: Generate GitHub token (rust-analyzer)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-analyzer-token
       with:
         app-id: ${{ inputs.app-id }}
@@ -67,7 +67,7 @@ runs:
         owner: rust-analyzer
 
     - name: Generate GitHub token (rust-embedded)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-embedded-token
       with:
         app-id: ${{ inputs.app-id }}
@@ -75,7 +75,7 @@ runs:
         owner: rust-embedded
 
     - name: Generate GitHub token (rust-dev-tools)
-      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
       id: rust-dev-tools-token
       with:
         app-id: ${{ inputs.app-id }}
diff --git a/.github/workflows/check-untracked-repos.yml b/.github/workflows/check-untracked-repos.yml
index 9dc80c541..5874d879c 100644
--- a/.github/workflows/check-untracked-repos.yml
+++ b/.github/workflows/check-untracked-repos.yml
@@ -15,7 +15,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/dry-run.yml b/.github/workflows/dry-run.yml
index ca5467054..362dd602d 100644
--- a/.github/workflows/dry-run.yml
+++ b/.github/workflows/dry-run.yml
@@ -32,7 +32,7 @@ jobs:
     permissions:
       pull-requests: write  # Needed to post and edit the dry-run result comment on the PR
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           # If the PR is from this repository, checkout the PR sha,
           # so that we can also test code changes.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 68725af90..f610105a1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,7 +30,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           fetch-depth: 50
           persist-credentials: false
@@ -87,7 +87,7 @@ jobs:
       pages: write     # Needed to deploy the built static API to GitHub Pages
     if: github.event_name != 'pull_request'
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
@@ -131,12 +131,12 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 
       - name: Run zizmor
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
         with:
           persona: pedantic
           advanced-security: false