vadimpiven · renovate · Feb 20, 2026
diff --git a/.github/actions/setup-docker/action.yaml b/.github/actions/setup-docker/action.yaml
@@ -20,14 +20,14 @@ runs:
   using: "composite"
   steps:
     - name: "Restore docker caches"
-      uses: "actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7" # v5.0.2
+      uses: "actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306" # v5.0.3
       with:
         path: ".cache/docker"
         key: "${{ inputs.cache-key }}-docker-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('mise.lock', 'Cargo.lock', 'pyproject.toml', 'pnpm-lock.yaml', 'uv.lock') }}"
         restore-keys: |
           ${{ inputs.cache-key }}-docker-${{ runner.os }}-${{ runner.arch }}-
     - name: "Login to GitHub Container Registry"
-      uses: "docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef" # v3.6.0
+      uses: "docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9" # v3.7.0
       with:
         registry: "ghcr.io"
         username: "${{ github.actor }}"
@@ -41,7 +41,7 @@ runs:
         echo "uid=$(id -u)" >> "$GITHUB_OUTPUT"
         echo "gid=$(id -g)" >> "$GITHUB_OUTPUT"
     - name: "Build Docker image"
-      uses: "docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83" # v6.18.0
+      uses: "docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8" # v6.19.2
       with:
         context: "."
         file: "Dockerfile"
@@ -53,7 +53,7 @@ runs:
           USER_UID=${{ steps.ids.outputs.uid }}
           USER_GID=${{ steps.ids.outputs.gid }}
     - name: "Start persistent container"
-      uses: "hoverkraft-tech/compose-action@05da55b2bb8a5a759d1c4732095044bd9018c050" # v2.4.3
+      uses: "hoverkraft-tech/compose-action@4894d2492015c1774ee5a13a95b1072093087ec3" # v2.5.0
       env:
         COMPOSE_IMAGE: "${{ inputs.docker-image }}"
       with:

diff --git a/.github/actions/setup-native/action.yaml b/.github/actions/setup-native/action.yaml
@@ -14,7 +14,7 @@ runs:
   using: "composite"
   steps:
     - name: "Restore native caches"
-      uses: "actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7" # v5.0.2
+      uses: "actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306" # v5.0.3
       with:
         path: ".cache/native"
         key: "${{ inputs.cache-key }}-native-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('Cargo.lock', 'pyproject.toml', 'pnpm-lock.yaml', 'uv.lock') }}"

diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -26,7 +26,7 @@ runs:
   using: "composite"
   steps:
     - name: "Restore shared caches"
-      uses: "actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7" # v5.0.2
+      uses: "actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306" # v5.0.3
       with:
         path: ".cache/shared"
         key: "${{ inputs.cache-key }}-shared-${{ runner.os }}-${{ runner.arch }}"

diff --git a/.github/workflows/regular.yaml b/.github/workflows/regular.yaml
@@ -94,7 +94,7 @@ jobs:
           fetch-depth: 1
           persist-credentials: false
       - name: "Run zizmor"
-        uses: "zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95" # v0.4.1
+        uses: "zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d" # v0.5.0
         with:
           persona: "auditor"
         env:
@@ -114,7 +114,7 @@ jobs:
           fetch-depth: 1
           persist-credentials: false
       - name: "Run Trivy vulnerability scanner"
-        uses: "aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8" # v0.33.1
+        uses: "aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284" # 0.34.0
         with:
           trivy-config: "trivy.yaml"
           scan-type: "fs"
@@ -123,6 +123,6 @@ jobs:
           output: "trivy-results.sarif"
           ignore-unfixed: true
       - name: "Upload Trivy scan results to GitHub Security tab"
-        uses: "github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789" # v4.31.11
+        uses: "github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6" # v4.32.3
         with:
           sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -79,7 +79,7 @@ jobs:
           docker-service: "${{ needs.init.outputs.docker-service }}"
           run: 'pnpm -F "{packages/node}" run pack-addon'
       - name: "Attest build provenance"
-        uses: "actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8" # v3.1.0
+        uses: "actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f" # v3.2.0
         with:
           subject-path: "packages/node/dist/*.gz"
       - name: "Upload node addon"
@@ -125,7 +125,7 @@ jobs:
             pnpm -F "{packages/node}" run bump-version
             pnpm -F "{packages/node}" run build:ts
       - name: "Attest build provenance"
-        uses: "actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8" # v3.1.0
+        uses: "actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f" # v3.2.0
         with:
           subject-path: "packages/node/package.tar.gz"
       - name: "Finalize release"