From 89759b7463aa6bb7dd90541405d51b40dce54787 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Dec 2024 10:09:13 +0800
Subject: [PATCH] build(deps): bump the github-actions group with 4 updates
 (#1889)

Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [actions/attest-sbom](https://github.com/actions/attest-sbom) and [codecov/codecov-action](https://github.com/codecov/codecov-action).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

Updates `actions/attest-build-provenance` from 1 to 2
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-build-provenance/compare/v1...v2)

Updates `actions/attest-sbom` from 1 to 2
- [Release notes](https://github.com/actions/attest-sbom/releases)
- [Changelog](https://github.com/actions/attest-sbom/blob/main/RELEASE.md)
- [Commits](https://github.com/actions/attest-sbom/compare/v1...v2)

Updates `codecov/codecov-action` from 5.0.7 to 5.1.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5.0.7...v5.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-sbom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/acpi-validation.yml | 2 +-
 .github/workflows/image.yml           | 4 ++--
 .github/workflows/scorecard.yml       | 2 +-
 .github/workflows/unit_test.yml       | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/acpi-validation.yml b/.github/workflows/acpi-validation.yml
index 47db63e82e..1f1ead572e 100644
--- a/.github/workflows/acpi-validation.yml
+++ b/.github/workflows/acpi-validation.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: set up Python
         uses: actions/setup-python@v5
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
index 18e189bfb1..a3b0e88a50 100644
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -100,7 +100,7 @@ jobs:
 
       - name: Generate image attestation
         if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch')}}
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: quay.io/sustainable_computing_io/${{matrix.IMAGE_NAME}}
           subject-digest: ${{ steps.build-push-image.outputs.digest }}
@@ -122,7 +122,7 @@ jobs:
           retention-days: 1
 
       - name: Generate SBOM attestation
-        uses: actions/attest-sbom@v1
+        uses: actions/attest-sbom@v2
         if: ${{ inputs.pushImage }}
         with:
           subject-name: quay.io/sustainable_computing_io/${{matrix.IMAGE_NAME}}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 143e749acd..b850cf7663 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd # v4.1.1
+        uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.1
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/unit_test.yml b/.github/workflows/unit_test.yml
index 9e3683c1c4..e2c2b9d8c9 100644
--- a/.github/workflows/unit_test.yml
+++ b/.github/workflows/unit_test.yml
@@ -40,7 +40,7 @@ jobs:
 
       - name: Upload coverage reports to Codecov
         if: github.event_name != 'pull_request'
-        uses: codecov/codecov-action@v5.0.7
+        uses: codecov/codecov-action@v5.1.1
         with:
           fail_ci_if_error: false # because codecov updates occasionally fail
           files: coverage.out