Merge pull request #742 from secure-systems-lab/dependabot/github_act…

…ions/action-dependencies-6f9ac73455 build(deps): bump the action-dependencies group with 2 updates
secure-systems-lab · Mar 11, 2024 · e7508af · e7508af
2 parents 6c0b5ef + d5728d5
commit e7508af
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -53,7 +53,7 @@ jobs:
       release_id: ${{ steps.gh-release.outputs.result }}
     steps:
       - name: Fetch build artifacts
-        uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
         with:
           name: build-artifacts
           path: dist
@@ -93,15 +93,15 @@ jobs:
       id-token: write # to authenticate as Trusted Publisher to pypi.org
     steps:
       - name: Fetch build artifacts
-        uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
         with:
           name: build-artifacts
           path: dist
 
       - name: Publish binary wheel and source tarball on PyPI
         # Only attempt pypi upload in upstream repository
         if: github.repository == 'secure-systems-lab/securesystemslib'
-        uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11
+        uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06 # v1.8.12
 
       - name: Finalize GitHub release
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1