Bump the github-actions group across 3 directories with 10 updates

Bumps the github-actions group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.1` | `4.2.2` |
| [actions/setup-python](https://github.com/actions/setup-python) | `19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e` | `v5.3.0` |
| [actions/cache](https://github.com/actions/cache) | `4.1.1` | `4.1.2` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.44.44` | `2.44.67` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.0.4` | `4.1.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.26.13` | `3.27.1` |
| [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) | `6.8.1` | `6.9.0` |
| [canonical/setup-lxd](https://github.com/canonical/setup-lxd) | `0.1.1` | `0.1.2` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.3` | `1.12.2` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.8` | `2.0.9` |

Bumps the github-actions group with 1 update in the /.github/actions/setup-python-poetry directory: [actions/setup-python](https://github.com/actions/setup-python).
Bumps the github-actions group with 1 update in the /.github/actions/use-pre-commit directory: [actions/cache](https://github.com/actions/cache).

Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@eef6144...11bd719)

Updates `actions/setup-python` from 19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e to v5.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@19dfb7b...0b93645)

Updates `actions/cache` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@3624ceb...6849a64)

Updates `taiki-e/install-action` from 2.44.44 to 2.44.67
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@437c908...c6dc131)

Updates `actions/setup-node` from 4.0.4 to 4.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@0a44ba7...39370e3)

Updates `github/codeql-action` from 3.26.13 to 3.27.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f779452...4f3212b)

Updates `streetsidesoftware/cspell-action` from 6.8.1 to 6.9.0
- [Release notes](https://github.com/streetsidesoftware/cspell-action/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md)
- [Commits](streetsidesoftware/cspell-action@934c74d...9759be9)

Updates `canonical/setup-lxd` from 0.1.1 to 0.1.2
- [Release notes](https://github.com/canonical/setup-lxd/releases)
- [Commits](canonical/setup-lxd@4e959f8...54a5806)

Updates `pypa/gh-action-pypi-publish` from 1.10.3 to 1.12.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@f760068...15c56db)

Updates `softprops/action-gh-release` from 2.0.8 to 2.0.9
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@c062e08...e7a8f85)

Updates `actions/setup-python` from 19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e to 55aad42e4674b58b2b2fb7d8e7552402d922b4e7
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@19dfb7b...55aad42)

Updates `actions/cache` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@3624ceb...6849a64)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: streetsidesoftware/cspell-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: canonical/setup-lxd
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>

.github/actions/setup-python-poetry/action.yml

@@ -41,7 +41,7 @@ runs:
         echo "${APPDATA}\.poetry\bin" >> "$GITHUB_PATH"
 
     - name: Install python
-      uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+      uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
       id: setup-python
       with:
         python-version-file: ${{ inputs.project-path }}/pyproject.toml

.github/actions/use-pre-commit/action.yml

@@ -39,7 +39,7 @@ runs:
   steps:
     - name: Cache pre-commit install
       id: cache-pre-commit
-      uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+      uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
       with:
         key: pre-commit-${{ inputs.version }}-${{ hashFiles(inputs.config-file) }}
         path: |

.github/workflows/_parse_version.yml

@@ -79,13 +79,13 @@ jobs:
       no_local: ${{ steps.version.outputs.no_local }}
       type: ${{ steps.version.outputs.type }}
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         with:
           ref: ${{ inputs.commit_sha }}
         timeout-minutes: 5
 
       - name: Install python
-        uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
         id: setup-python
         with:
           python-version: 3.12

.github/workflows/_releaser_nightly_build.yml

@@ -25,11 +25,11 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Install python
-        uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
         id: setup-python
         with:
           python-version: 3.12

.github/workflows/ci-docs.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-22.04
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         with:
           sparse-checkout: |
             .github

.github/workflows/ci-python.yml

@@ -48,7 +48,7 @@ jobs:
     # 20.04 is required to install PostgreSQL 12
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Retrieve runner specs
@@ -122,7 +122,7 @@ jobs:
 
       - name: Restore libparsec if Rust hasn't been modified
         id: cache-libparsec
-        uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           key: ${{ steps.cache-key.outputs.key }}
           path: |
@@ -200,7 +200,7 @@ jobs:
           (!inputs.style-only)
           && steps.cache-libparsec.outputs.cache-hit != 'true'
           && !contains(github.ref, 'gh-readonly-queue')
-        uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           key: ${{ steps.cache-key.outputs.key }}
           path: |

.github/workflows/ci-rust.yml

@@ -67,7 +67,7 @@ jobs:
         ports:
           - 6777:6777
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Retrieve runner specs
@@ -102,7 +102,7 @@ jobs:
         timeout-minutes: 5
 
       # Install cargo nextest command
-      - uses: taiki-e/install-action@437c908c7e5ee18b63a261286cbe5147219f8a39 # pin v2.44.44
+      - uses: taiki-e/install-action@c6dc131d2c4291552cafb840290190a53b2cd937 # pin v2.44.67
         with:
           tool: [email protected], [email protected], [email protected]
 
@@ -214,7 +214,7 @@ jobs:
     timeout-minutes: 60
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Retrieve runner specs
@@ -263,7 +263,7 @@ jobs:
         timeout-minutes: 5
 
       # Install cargo nextest command
-      - uses: taiki-e/install-action@437c908c7e5ee18b63a261286cbe5147219f8a39 # pin v2.44.44
+      - uses: taiki-e/install-action@c6dc131d2c4291552cafb840290190a53b2cd937 # pin v2.44.67
         with:
           tool: [email protected]
 

.github/workflows/ci-web.yml

@@ -40,15 +40,15 @@ jobs:
         ports:
           - 6777:6777
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Retrieve runner specs
         id: runner-specs
         uses: ./.github/actions/system-info
         timeout-minutes: 1
 
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6  # pin v4.0.4
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af  # pin v4.1.0
         with:
           node-version: ${{ env.node-version }}
           cache: npm
@@ -93,7 +93,7 @@ jobs:
 
       - name: Restore libparsec if Rust hasn't been modified
         id: cache-libparsec
-        uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           key: ${{ steps.cache-key.outputs.key }}
           path: |
@@ -123,7 +123,7 @@ jobs:
         timeout-minutes: 5
 
       # Install wasm-pack command
-      - uses: taiki-e/install-action@437c908c7e5ee18b63a261286cbe5147219f8a39 # pin v2.44.44
+      - uses: taiki-e/install-action@c6dc131d2c4291552cafb840290190a53b2cd937 # pin v2.44.67
         with:
           tool: wasm-pack@${{ env.wasm-pack-version }}
 
@@ -135,7 +135,7 @@ jobs:
 
       - name: Save libparsec to be reuse later
         if: steps.cache-libparsec.outputs.cache-hit != 'true'
-        uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           key: ${{ steps.cache-key.outputs.key }}
           path: |

.github/workflows/ci.yml

@@ -35,7 +35,7 @@ jobs:
       web: ${{ steps.need-check.outputs.web }}
       docs: ${{ steps.need-check.outputs.docs }}
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # pin v3.0.2
@@ -129,7 +129,7 @@ jobs:
     # Just a fail-safe timeout, see the fine grain per-task timeout instead
     timeout-minutes: 10
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Ensure the PR head ref is not a perennial branch
@@ -154,7 +154,7 @@ jobs:
               - newsfragments/**
 
       - name: Install python
-        uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
         id: setup-python
         with:
           python-version: 3.12
@@ -191,7 +191,7 @@ jobs:
           diff --unified .pre-commit-config.yaml $TEMP_FILE || true
           echo "path=$TEMP_FILE" >> $GITHUB_OUTPUT
 
-      - uses: taiki-e/install-action@437c908c7e5ee18b63a261286cbe5147219f8a39 # pin v2.44.44
+      - uses: taiki-e/install-action@c6dc131d2c4291552cafb840290190a53b2cd937 # pin v2.44.67
         with:
           tool: [email protected]
 

.github/workflows/codeql.yml

@@ -34,7 +34,7 @@ jobs:
       poetry-version: 1.5.1
     steps:
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # pin v3.0.2
@@ -58,7 +58,7 @@ jobs:
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         if: steps.should-run-python-analysis.outputs.run == 'true'
-        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
         with:
           languages: python
           setup-python-dependencies: false
@@ -87,7 +87,7 @@ jobs:
 
       - name: Perform CodeQL Analysis
         if: steps.should-run-python-analysis.outputs.run == 'true'
-        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
         with:
           category: /language:python
 
@@ -101,7 +101,7 @@ jobs:
   #     SDK_VERSION: 30.0.3
   #   steps:
   #     - name: Checkout repository
-  #       uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+  #       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
   #       timeout-minutes: 5
 
   #     - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # pin v3.0.2
@@ -142,7 +142,7 @@ jobs:
   #     # Initializes the CodeQL tools for scanning.
   #     - name: Initialize CodeQL
   #       if: steps.should-run-java-analysis.outputs.run == 'true'
-  #       uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+  #       uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
   #       with:
   #         languages: java
   #         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -154,15 +154,15 @@ jobs:
 
   #     - name: Autobuild android
   #       if: steps.should-run-java-analysis.outputs.run == 'true'
-  #       uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+  #       uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
   #       with:
   #         working-directory: client/android
   #       env:
   #         GRADLE_LIBPARSEC_BUILD_STRATEGY: no_build
 
   #     - name: Perform CodeQL Analysis
   #       if: steps.should-run-java-analysis.outputs.run == 'true'
-  #       uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+  #       uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
   #       with:
   #         category: /language:java
 
@@ -171,7 +171,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # pin v3.0.2
@@ -191,7 +191,7 @@ jobs:
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         if: steps.should-run-js-analysis.outputs.run == 'true'
-        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
         with:
           languages: typescript
 
@@ -202,12 +202,12 @@ jobs:
 
       - name: Autobuild for typescript
         if: steps.should-run-js-analysis.outputs.run == 'true'
-        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
         with:
           working-directory: client
 
       - name: Perform CodeQL Analysis
         if: steps.should-run-js-analysis.outputs.run == 'true'
-        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # pin v3.26.13
+        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # pin v3.27.1
         with:
           category: /language:typescript

.github/workflows/cspell.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       - name: Generate cspell cache key
@@ -54,7 +54,7 @@ jobs:
 
       - name: Restore cspell cache
         id: cache
-        uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           path: |
             package-lock.json
@@ -74,7 +74,7 @@ jobs:
 
       - name: Check spelling in the repository
         id: cspell
-        uses: streetsidesoftware/cspell-action@934c74da3775ac844ec89503f666f67efb427fed # pin v6.8.1
+        uses: streetsidesoftware/cspell-action@9759be9ad475fe8145f8d2a1bf29a1c4d1c6f18d # pin v6.9.0
         with:
           config: .cspell/cspell.config.yml
           # Only check for changed files on a PR
@@ -91,7 +91,7 @@ jobs:
         if: >-
           steps.installation.outputs.previous-cache-hash != hashFiles('.cspellcache')
           && contains(github.ref, 'gh-readonly-queue') != 'true'
-        uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # pin v4.1.1
+        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # pin v4.1.2
         with:
           key: ${{ steps.cache-key.outputs.key }}
           path: |

.github/workflows/docker-server.yml

@@ -28,7 +28,7 @@ jobs:
   docker-server:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 3
 
       # Set up BuildKit Docker container builder to be able to build
@@ -45,7 +45,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install python
-        uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
         id: setup-python
         with:
           python-version: 3.12

.github/workflows/docker-testbed.yml

@@ -37,7 +37,7 @@ jobs:
   docker-testbed:
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         timeout-minutes: 5
 
       # Set up BuildKit Docker container builder to be able to build
@@ -54,7 +54,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install python
-        uses: actions/setup-python@19dfb7b659fa9e60c2f89c33335ab5f6f1792b6e  # pin v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b  # pin v5.3.0
         id: setup-python
         with:
           python-version: 3.12

.github/workflows/package-cli.yml

@@ -69,7 +69,7 @@ jobs:
           - target: x86_64-unknown-linux-gnu
             suffix: linux-x86_64-gnu
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin v4.2.2
         with:
           ref: ${{ inputs.commit_sha }}
         timeout-minutes: 5