Bump step-security/ghaction-import-gpg from 6.3.0 to 6.3.1 (#264)

dependabot[bot] · web-flow · commit bf403ac52879 · 2025-11-20T10:12:29.000+01:00
Bumps [step-security/ghaction-import-gpg](https://github.com/step-security/ghaction-import-gpg) from 6.3.0 to 6.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/ghaction-import-gpg/releases">step-security/ghaction-import-gpg's releases</a>.</em></p> <blockquote> <h2>v6.3.1</h2> <h2>What's Changed</h2> <ul> <li>Update auto_cherry_pick.yml by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/146">step-security/ghaction-import-gpg#146</a></li> <li>Create guarddog.yml by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/145">step-security/ghaction-import-gpg#145</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/151">step-security/ghaction-import-gpg#151</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/149">step-security/ghaction-import-gpg#149</a></li> <li>fix: fixed subscription check code by <a href="https://github.com/amanstep"><code>@​amanstep</code></a> in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/175">step-security/ghaction-import-gpg#175</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/amanstep"><code>@​amanstep</code></a> made their first contribution in <a href="https://redirect.github.com/step-security/ghaction-import-gpg/pull/175">step-security/ghaction-import-gpg#175</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/ghaction-import-gpg/compare/v6...v6.3.1">https://github.com/step-security/ghaction-import-gpg/compare/v6...v6.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/69c854a83c7f79463f8bdf46772ab09826c560cd"><code>69c854a</code></a> Merge pull request <a href="https://redirect.github.com/step-security/ghaction-import-gpg/issues/175">#175</a> from step-security/fix/subscription</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/347e30a0b7b70ad162a3ffb175f7b3eb9e298c36"><code>347e30a</code></a> fix: fixed subscription check code</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/4d3430a3773d9ba9654feb03f7b043dadc6b2f57"><code>4d3430a</code></a> Merge pull request <a href="https://redirect.github.com/step-security/ghaction-import-gpg/issues/149">#149</a> from step-security/dependabot/npm_and_yarn/brace-expa...</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/2798f24aab318dc32750cfeddbd6657203aa8296"><code>2798f24</code></a> Bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/e702cb5074230709c11bd38295cf9657abc98281"><code>e702cb5</code></a> Merge pull request <a href="https://redirect.github.com/step-security/ghaction-import-gpg/issues/151">#151</a> from step-security/yarn-audit-fix</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/5800c46d1067ce7934db59bc8382f016cae51dd7"><code>5800c46</code></a> fix: apply audit fixes</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/a58f93142f434ac483c61aeb62b79a7efbf63857"><code>a58f931</code></a> Merge pull request <a href="https://redirect.github.com/step-security/ghaction-import-gpg/issues/145">#145</a> from step-security/Raj-StepSecurity-patch-2</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/d638834b4c31d1f8df53be7c8fc088e65d88ccf8"><code>d638834</code></a> Merge branch 'main' into Raj-StepSecurity-patch-2</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/99481525e48bdbd05cc1490cd3760d8e91c4f84b"><code>9948152</code></a> Merge pull request <a href="https://redirect.github.com/step-security/ghaction-import-gpg/issues/146">#146</a> from step-security/Raj-StepSecurity-patch-3</li> <li><a href="https://github.com/step-security/ghaction-import-gpg/commit/b93ede79ab51bbfacb8af137ddbf9046f6a55254"><code>b93ede7</code></a> Update auto_cherry_pick.yml</li> <li>Additional commits viewable in <a href="https://github.com/step-security/ghaction-import-gpg/compare/c86c374c0659a6c2d1284bccf8af889e73ce8fe0...69c854a83c7f79463f8bdf46772ab09826c560cd">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/ghaction-import-gpg&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -42,7 +42,7 @@ jobs:
             token:chainguard-github-secrets/terraform-provider-oci-signing-key
 
       - id: import_gpg
-        uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0
+        uses: step-security/ghaction-import-gpg@69c854a83c7f79463f8bdf46772ab09826c560cd # v6.3.1
         with:
           gpg_private_key: ${{ steps.secrets.outputs.token }}
 
