build(deps): bump the github-actions group across 1 directory with 4 updates Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/cache](https://github.com/actions/cache), [lukka/get-cmake](https://github.com/lukka/get-cmake) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/cache` from 5.0.1 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7) Updates `lukka/get-cmake` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/lukka/get-cmake/releases) - [Commits](https://github.com/lukka/get-cmake/compare/9e07ecdcee1b12e5037e42f410b67f03e2f626e1...dc05ee1ee5ba69770230c73a6a4e947595745cab) Updates `github/codeql-action` from 4.31.9 to 4.31.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...cdefb33c0f6224e58673d9004f47f7cb3e328b89) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: lukka/get-cmake dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.31.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

commit: ec057958a4e0f5a209a15bfce6a080d51c118170 [log] [tgz]
author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Mon Jan 26 07:34:19 2026 +0000
committer: GitHub <noreply@github.com> Mon Jan 26 07:34:19 2026 +0000
tree: 13d735f759bfccc67d68cdecca488f484cace72b
parent: 77a096c929cefa5069fcbf9060aac6a09bd88bd5 [diff]
diff --git a/.github/workflows/autoroll.yml b/.github/workflows/autoroll.yml
index 49fd79e..00f9a40 100644
--- a/.github/workflows/autoroll.yml
+++ b/.github/workflows/autoroll.yml

@@ -16,7 +16,7 @@
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       # Checkout the depot tools they are needed by roll_deps.sh
       - name: Checkout depot tools

diff --git a/.github/workflows/bazel.yml b/.github/workflows/bazel.yml
index 910df0c..989624f 100644
--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml

@@ -20,13 +20,13 @@
     runs-on: ${{matrix.os}}
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: '0'
       - name: Download dependencies
         run: python3 utils/git-sync-deps
       - name: Mount Bazel cache
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ~/.bazel/cache
           key: bazel-cache-${{ runner.os }}
@@ -43,13 +43,13 @@
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: '0'
       - name: Download dependencies
         run: python3 utils/git-sync-deps
       - name: Mount Bazel cache
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: ~/.bazel/cache
           key: bazel-cache-${{ runner.os }}

diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml
index 2d1506c..4d66ca4 100644
--- a/.github/workflows/ios.yml
+++ b/.github/workflows/ios.yml

@@ -14,8 +14,8 @@
     runs-on: macos-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     steps:
-        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        - uses: lukka/get-cmake@9e07ecdcee1b12e5037e42f410b67f03e2f626e1 # v4.02
+        - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        - uses: lukka/get-cmake@dc05ee1ee5ba69770230c73a6a4e947595745cab # v4.02
         - name: Download dependencies
           run: python3 utils/git-sync-deps
         # NOTE: The MacOS SDK ships universal binaries. CI should reflect this.

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c8e5e94..c52b3cc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml

@@ -13,7 +13,7 @@
   prepare-release-job:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Prepare CHANGELOG for version
         run: |
           python utils/generate_changelog.py CHANGES "${{ github.ref_name }}" VERSION_CHANGELOG

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index c8b692f..30583f4 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml

@@ -23,7 +23,7 @@
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -48,6 +48,6 @@
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789 # v4.31.11
         with:
           sarif_file: results.sarif

diff --git a/.github/workflows/wasm.yml b/.github/workflows/wasm.yml
index 40b9de8..7aa9679 100644
--- a/.github/workflows/wasm.yml
+++ b/.github/workflows/wasm.yml

@@ -15,7 +15,7 @@
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: '0'
       - name: Build web
commit	ec057958a4e0f5a209a15bfce6a080d51c118170	[log] [tgz]
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	Mon Jan 26 07:34:19 2026 +0000
committer	GitHub <noreply@github.com>	Mon Jan 26 07:34:19 2026 +0000
tree	13d735f759bfccc67d68cdecca488f484cace72b
parent	77a096c929cefa5069fcbf9060aac6a09bd88bd5 [diff]