chore(deps): bump the github-actions group with 5 updates

.changes/unreleased/Dependency-20251101-210735.yaml

@@ -0,0 +1,3 @@
+kind: Dependency
+body: 'chore(deps): bump the github-actions group with 5 updates'
+time: 2025-11-01T21:07:35.860732582Z

.github/workflows/codeql.yml

@@ -49,7 +49,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependabot-changie.yaml

@@ -15,7 +15,7 @@ jobs:
     if: github.actor == 'dependabot[bot]'
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Fetch Dependabot metadata
         id: dependabot-metadata
@@ -29,7 +29,7 @@ jobs:
           version: latest
           args: new --body "${{ github.event.pull_request.title }}" --kind Dependency
 
-      - uses: stefanzweifel/git-auto-commit-action@v7-next
+      - uses: stefanzweifel/git-auto-commit-action@v7.0.0
         with:
           commit_message: "chore(deps): add changelog for dependabot updates"
           commit_user_name: "dependabot[bot]"

.github/workflows/pull-request.yaml

@@ -46,7 +46,7 @@ jobs:
         uses: codecov/codecov-action@v5
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: output
           path: output/**/*

.github/workflows/release-beta.yaml

@@ -96,7 +96,7 @@ jobs:
           SKIP_UPLOAD: true
 
       - name: Upload release
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: mach-composer
           path: dist/*

.github/workflows/release.yaml

@@ -72,7 +72,7 @@ jobs:
           CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
 
       - name: Upload release
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: mach-composer
           path: dist/*
@@ -95,7 +95,7 @@ jobs:
           fetch-depth: 0
 
       - name: Download release
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: mach-composer
           path: ./dist
@@ -160,7 +160,7 @@ jobs:
           fetch-depth: 0
 
       - name: Download release
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           name: mach-composer
           path: ./dist