From a9654607179e95e338580b4cde032cda2088e156 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Feb 2025 11:13:23 -0800
Subject: [PATCH] Bump the github-actions group with 6 updates

Bumps the github-actions group with 6 updates.

Closes #25164.

PiperOrigin-RevId: 723581861
Change-Id: I64ca325dfec7bf69b11ccdb0c4f11ae02962cba8
---
 .github/workflows/cherry-picker.yml  | 12 ++++++------
 .github/workflows/labeler.yml        |  2 +-
 .github/workflows/release-helper.yml |  4 ++--
 .github/workflows/remove-labels.yml  |  2 +-
 .github/workflows/scorecard.yml      |  8 ++++----
 .github/workflows/stale.yml          |  4 ++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/cherry-picker.yml b/.github/workflows/cherry-picker.yml
index a7081d5f7cfe30..75fed497c85c16 100644
--- a/.github/workflows/cherry-picker.yml
+++ b/.github/workflows/cherry-picker.yml
@@ -19,19 +19,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e
         with:
           egress-policy: audit
       - if: github.event.pull_request
         name: Run cherrypicker on closed PR
-        uses: bazelbuild/continuous-integration/actions/cherry_picker@ca51d31b830088915518c6bb29fd268bd4f776f2
+        uses: bazelbuild/continuous-integration/actions/cherry_picker@c2b610a28bee0a80395574f671af8730ce2ffb1b
         with:
           triggered-on: closed
           pr-number: ${{ github.event.number }}
           is-prod: True
       - if: github.event.issue
         name: Run cherrypicker on closed issue
-        uses: bazelbuild/continuous-integration/actions/cherry_picker@ca51d31b830088915518c6bb29fd268bd4f776f2
+        uses: bazelbuild/continuous-integration/actions/cherry_picker@c2b610a28bee0a80395574f671af8730ce2ffb1b
         with:
           triggered-on: closed
           pr-number: ${{ github.event.issue.number }}
@@ -41,12 +41,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e
         with:
           egress-policy: audit
       - if: startsWith(github.event.issue.body, 'Forked from')
         name: Run cherrypicker on comment
-        uses: bazelbuild/continuous-integration/actions/cherry_picker@ca51d31b830088915518c6bb29fd268bd4f776f2
+        uses: bazelbuild/continuous-integration/actions/cherry_picker@c2b610a28bee0a80395574f671af8730ce2ffb1b
         with:
           triggered-on: commented
           pr-number: ${{ github.event.issue.body }}
@@ -55,7 +55,7 @@ jobs:
           is-prod: True
       - if: startsWith(github.event.issue.body, '### Commit IDs')
         name: Run cherrypicker on demand
-        uses: bazelbuild/continuous-integration/actions/cherry_picker@ca51d31b830088915518c6bb29fd268bd4f776f2
+        uses: bazelbuild/continuous-integration/actions/cherry_picker@c2b610a28bee0a80395574f671af8730ce2ffb1b
         with:
           triggered-on: ondemand
           milestone-title: ${{ github.event.milestone.title }}
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index ee067587dff677..696bf2ea4af8c3 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/release-helper.yml b/.github/workflows/release-helper.yml
index 61b89876648255..18f8b227a1044d 100644
--- a/.github/workflows/release-helper.yml
+++ b/.github/workflows/release-helper.yml
@@ -13,11 +13,11 @@ jobs:
       issues: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
       - name: Run helper
-        uses: bazelbuild/continuous-integration/actions/release-helper@ca51d31b830088915518c6bb29fd268bd4f776f2 # master
+        uses: bazelbuild/continuous-integration/actions/release-helper@c2b610a28bee0a80395574f671af8730ce2ffb1b # master
         with:
           token: ${{ secrets.BAZEL_IO_TOKEN }}
diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml
index 738e9e0b798e54..5be86ecca2d059 100644
--- a/.github/workflows/remove-labels.yml
+++ b/.github/workflows/remove-labels.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 44ba794fb963d7..10dbff71fa26ec 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 3195dba1dfc473..490dabf23acd53 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -23,12 +23,12 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
 
     - name: Track and close stale issues/PRs
-      uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+      uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         days-before-issue-stale: 430