From 3e148ee55637fd077df510fb125319fa1314952f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jan 2026 15:31:09 +0000
Subject: [PATCH] [#patch](deps): Bump the actions-deps group with 5 updates

Bumps the actions-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.1.0` | `6.2.0` |
| [Checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.18` | `2.1.19` |
| [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.2` |
| [mlugg/setup-zig](https://github.com/mlugg/setup-zig) | `2.2.0` | `2.2.1` |


Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd)

Updates `actions/setup-go` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/4dc6199c7b1a012772edbd06daecab0f50c9053c...7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5)

Updates `Checkmarx/kics-github-action` from 2.1.18 to 2.1.19
- [Release notes](https://github.com/checkmarx/kics-github-action/releases)
- [Commits](https://github.com/checkmarx/kics-github-action/compare/63fca4ca72e56edbb5a599ee756e6af1fdb1e785...00def9108246ec656aea725db2167522d26a99d2)

Updates `actions/cache` from 5.0.1 to 5.0.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7)

Updates `mlugg/setup-zig` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/mlugg/setup-zig/releases)
- [Commits](https://github.com/mlugg/setup-zig/compare/e7d1537c378b83b8049f65dda471d87a2f7b2df2...d1434d08867e3ee9daa34448df10607b98908d29)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/setup-go
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: Checkmarx/kics-github-action
  dependency-version: 2.1.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/cache
  dependency-version: 5.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: mlugg/setup-zig
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/docker-build-and-push.yml |  2 +-
 .github/workflows/gitleaks.yml              |  2 +-
 .github/workflows/go-ci.yml                 | 10 +++++-----
 .github/workflows/go-security-scan.yml      |  2 +-
 .github/workflows/infra-security-scan.yml   |  6 +++---
 .github/workflows/local-auto-tagger.yml     |  2 +-
 .github/workflows/pulumi-preview.yml        |  8 ++++----
 .github/workflows/pulumi-up.yml             |  8 ++++----
 .github/workflows/python-ci.yml             |  6 +++---
 .github/workflows/rust-ci.yml               | 10 +++++-----
 .github/workflows/sast.yml                  |  2 +-
 .github/workflows/terraform-ci.yml          |  8 ++++----
 12 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml
index 567ef3a..d59a63d 100644
--- a/.github/workflows/docker-build-and-push.yml
+++ b/.github/workflows/docker-build-and-push.yml
@@ -99,7 +99,7 @@ jobs:
             release-assets.githubusercontent.com:443
             trivy.dev:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index 3e931e0..e911bed 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -35,7 +35,7 @@ jobs:
             objects.githubusercontent.com:443
             release-assets.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
           persist-credentials: false
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
index 98daf35..e4f874d 100644
--- a/.github/workflows/go-ci.yml
+++ b/.github/workflows/go-ci.yml
@@ -48,7 +48,7 @@ jobs:
             storage.googleapis.com:443
             sum.golang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: golangci-lint
@@ -83,11 +83,11 @@ jobs:
             storage.googleapis.com:443
             sum.golang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Setup Go
-        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
         with:
           go-version-file: ${{ inputs.working-directory }}/go.mod
           cache-dependency-path: |
@@ -119,11 +119,11 @@ jobs:
             storage.googleapis.com:443
             sum.golang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Setup Go
-        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
         with:
           go-version-file: ${{ inputs.working-directory }}/go.mod
           cache-dependency-path: |
diff --git a/.github/workflows/go-security-scan.yml b/.github/workflows/go-security-scan.yml
index e994b41..3843795 100644
--- a/.github/workflows/go-security-scan.yml
+++ b/.github/workflows/go-security-scan.yml
@@ -45,7 +45,7 @@ jobs:
             release-assets.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
       - name: Checkout Source
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Run Gosec Security Scanner
diff --git a/.github/workflows/infra-security-scan.yml b/.github/workflows/infra-security-scan.yml
index f99389a..1af0cc9 100644
--- a/.github/workflows/infra-security-scan.yml
+++ b/.github/workflows/infra-security-scan.yml
@@ -48,11 +48,11 @@ jobs:
             registry.npmjs.org:443
             ${{ inputs.egress-policy-allowlist }}
       - name: Checkout Source
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - name: Kics Scan
-        uses: Checkmarx/kics-github-action@63fca4ca72e56edbb5a599ee756e6af1fdb1e785 # v2.1.18
+        uses: Checkmarx/kics-github-action@00def9108246ec656aea725db2167522d26a99d2 # v2.1.19
         with:
           path: ${{ inputs.working-directory }}
           output_path: ${{ inputs.working-directory }}/kics_results.sarif
@@ -90,7 +90,7 @@ jobs:
             pypi.org:443
             raw.githubusercontent.com:443
             release-assets.githubusercontent.com:443
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: reviewdog/action-actionlint@83e4ed25b168066ad8f62f5afbb29ebd8641d982 # v1.69.1
diff --git a/.github/workflows/local-auto-tagger.yml b/.github/workflows/local-auto-tagger.yml
index 550ac80..b9d0e55 100644
--- a/.github/workflows/local-auto-tagger.yml
+++ b/.github/workflows/local-auto-tagger.yml
@@ -25,7 +25,7 @@ jobs:
             api.github.com:443
             github.com:443
 
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
           persist-credentials: false
diff --git a/.github/workflows/pulumi-preview.yml b/.github/workflows/pulumi-preview.yml
index ab7cd06..30b063d 100644
--- a/.github/workflows/pulumi-preview.yml
+++ b/.github/workflows/pulumi-preview.yml
@@ -66,7 +66,7 @@ jobs:
             pypi.org:443
             release-assets.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
@@ -74,7 +74,7 @@ jobs:
           python-version: ${{ inputs.python-version }}
 
       # ----- Poetry -----
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }}
         with:
           path: ~/.local/bin/
@@ -93,7 +93,7 @@ jobs:
         with:
           enable-cache: true
       - id: cache-deps
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: |
             ${{ inputs.working-directory }}/.venv
@@ -110,7 +110,7 @@ jobs:
           # kics-scan ignore-line
           requested-token-type: urn:pulumi:token-type:access_token:personal
           scope: user:notdodo
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ${{ env.PULUMI_HOME }}/plugins
           key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }}
diff --git a/.github/workflows/pulumi-up.yml b/.github/workflows/pulumi-up.yml
index 7b4e9c9..262b9b4 100644
--- a/.github/workflows/pulumi-up.yml
+++ b/.github/workflows/pulumi-up.yml
@@ -65,7 +65,7 @@ jobs:
             pypi.org:443
             release-assets.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
@@ -73,7 +73,7 @@ jobs:
           python-version: ${{ inputs.python-version }}
 
       # ----- Poetry -----
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }}
         with:
           path: ~/.local/bin/
@@ -92,7 +92,7 @@ jobs:
         with:
           enable-cache: true
       - id: cache-deps
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: |
             ${{ inputs.working-directory }}/.venv
@@ -109,7 +109,7 @@ jobs:
           # kics-scan ignore-line
           requested-token-type: urn:pulumi:token-type:access_token:personal
           scope: user:notdodo
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ${{ env.PULUMI_HOME }}/plugins
           key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }}
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index 4a5c20a..0b86d0a 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -44,7 +44,7 @@ jobs:
             pypi.org:443
             release-assets.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
@@ -52,7 +52,7 @@ jobs:
           python-version: ${{ inputs.python-version }}
 
       # ----- Poetry -----
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }}
         with:
           path: ~/.local/bin/
@@ -71,7 +71,7 @@ jobs:
         with:
           enable-cache: true
       - id: cache-deps
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: |
             ${{ inputs.working-directory }}/.venv
diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml
index 931cf0d..44d0ccd 100644
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -63,7 +63,7 @@ jobs:
             static.crates.io:443
             static.rust-lang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
@@ -96,7 +96,7 @@ jobs:
             static.crates.io:443
             static.rust-lang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
@@ -129,7 +129,7 @@ jobs:
             static.crates.io:443  
             static.rust-lang.org:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
@@ -191,7 +191,7 @@ jobs:
             zigmirror.hryx.net:443
             zigmirror.nesovic.dev:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
@@ -201,7 +201,7 @@ jobs:
           aws-region: ${{ inputs.aws-region }}
           retry-max-attempts: 2
       - name: Install Zig toolchain
-        uses: mlugg/setup-zig@e7d1537c378b83b8049f65dda471d87a2f7b2df2 # v2.2.0
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
         with:
           version: latest
       - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index 1ca0d7d..be03325 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -25,7 +25,7 @@ jobs:
     container:
       image: semgrep/semgrep:1.125.0
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
           persist-credentials: false
diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
index 6b530c6..9d2ed3d 100644
--- a/.github/workflows/terraform-ci.yml
+++ b/.github/workflows/terraform-ci.yml
@@ -54,7 +54,7 @@ jobs:
           allowed-endpoints: >
             raw.githubusercontent.com:443
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
@@ -66,7 +66,7 @@ jobs:
       - run: |
           echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc
           mkdir -p ~/.terraform.d/plugin-cache
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ~/.terraform.d/plugin-cache
           key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }}
@@ -141,7 +141,7 @@ jobs:
           egress-policy: audit
           allowed-endpoints: >
             ${{ inputs.egress-policy-allowlist }}
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
       - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
@@ -153,7 +153,7 @@ jobs:
       - run: |
           echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc
           mkdir -p ~/.terraform.d/plugin-cache
-      - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+      - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ~/.terraform.d/plugin-cache
           key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }}