Bump step-security/google-github-auth from 2.1.12 to 3.0.0 (#268)

dependabot[bot] · web-flow · commit c8b5779ec67d · 2025-11-20T10:13:07.000+01:00
Bumps [step-security/google-github-auth](https://github.com/step-security/google-github-auth) from 2.1.12 to 3.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/google-github-auth/releases">step-security/google-github-auth's releases</a>.</em></p> <blockquote> <h2>v3.0.0</h2> <h2>What's Changed</h2> <ul> <li>chore: dist updated by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/65">step-security/google-github-auth#65</a></li> <li>chore: Cherry-picked changes from upstream by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/google-github-auth/pull/64">step-security/google-github-auth#64</a></li> <li>ci: Update auto_cherry_pick.yml by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/google-github-auth/pull/67">step-security/google-github-auth#67</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/71">step-security/google-github-auth#71</a></li> <li>chore: dist updated by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/73">step-security/google-github-auth#73</a></li> <li>chore: Cherry-picked changes from upstream by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/69">step-security/google-github-auth#69</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/google-github-auth/compare/v2...v3.0.0">https://github.com/step-security/google-github-auth/compare/v2...v3.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/google-github-auth/commit/f0e5c257a9534a30b5df12f43329c1eb7b85a5be"><code>f0e5c25</code></a> chore: Cherry-picked changes from upstream (<a href="https://redirect.github.com/step-security/google-github-auth/issues/69">#69</a>)</li> <li><a href="https://github.com/step-security/google-github-auth/commit/01974a9e27b021cca86f20e27e9d5071688741f0"><code>01974a9</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/73">#73</a> from step-security/npm-audit-fix</li> <li><a href="https://github.com/step-security/google-github-auth/commit/e745bba0ab40801817e38f71314a4db00259496a"><code>e745bba</code></a> Merge branch 'main' into auto-cherry-pick</li> <li><a href="https://github.com/step-security/google-github-auth/commit/634e8d31be2aa9fede2030b394ecdb4e6bc3f5dc"><code>634e8d3</code></a> fix: Security updates (<a href="https://redirect.github.com/step-security/google-github-auth/issues/71">#71</a>)</li> <li><a href="https://github.com/step-security/google-github-auth/commit/0e0ba83f00bd7e39ee4ffd8dfb8d7a39668d48a5"><code>0e0ba83</code></a> fix: apply audit fixes</li> <li><a href="https://github.com/step-security/google-github-auth/commit/8deadc1ad013bb1050db1cea01e9e5c2968172e6"><code>8deadc1</code></a> fix: apply audit fixes</li> <li><a href="https://github.com/step-security/google-github-auth/commit/66d8730b445b641bab147437ad948e13600fc58d"><code>66d8730</code></a> conflicted commits cherry-picked manually</li> <li><a href="https://github.com/step-security/google-github-auth/commit/115de2e7e0e303f8be2f7769fd69cfd95b25d6e9"><code>115de2e</code></a> Remove hacky script (<a href="https://redirect.github.com/step-security/google-github-auth/issues/509">#509</a>)</li> <li><a href="https://github.com/step-security/google-github-auth/commit/70c0a2b9dc4d79bf4ba9ae2451a15b7029247c65"><code>70c0a2b</code></a> Bump to Node 24 and remove old parameters (<a href="https://redirect.github.com/step-security/google-github-auth/issues/508">#508</a>)</li> <li><a href="https://github.com/step-security/google-github-auth/commit/86b49d016c1b189236dc6dce104fc6625ced7d39"><code>86b49d0</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/67">#67</a> from step-security/Raj-StepSecurity-patch-5</li> <li>Additional commits viewable in <a href="https://github.com/step-security/google-github-auth/compare/190f7ef9b7a34cc0dfd0c11f0e327365f70071d6...f0e5c257a9534a30b5df12f43329c1eb7b85a5be">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=step-security/google-github-auth&package-manager=github_actions&previous-version=2.1.12&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,7 +27,7 @@ jobs:
           cache: false
 
       # This is provisioned here: https://github.com/chainguard-dev/secrets/blob/main/terraform-provider-oci.tf
-      - uses: step-security/google-github-auth@190f7ef9b7a34cc0dfd0c11f0e327365f70071d6 # v2.1.12
+      - uses: step-security/google-github-auth@f0e5c257a9534a30b5df12f43329c1eb7b85a5be # v3.0.0
         id: auth
         with:
           workload_identity_provider: "projects/12758742386/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
