From 8c7d5acace5dd7c8ecd8078b5afeabb35f845560 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 1 Nov 2025 22:04:53 +0000
Subject: [PATCH] chore(deps): bump the patch group across 1 directory with 3
 updates

Bumps the patch group with 3 updates in the / directory: [PyO3/maturin-action](https://github.com/pyo3/maturin-action), [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) and [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `PyO3/maturin-action` from 1.49.3 to 1.49.4
- [Release notes](https://github.com/pyo3/maturin-action/releases)
- [Commits](https://github.com/pyo3/maturin-action/compare/e10f6c464b90acceb5f640d31beda6d586ba7b4a...86b9d133d34bc1b40018696f782949dac11bd380)

Updates `marocchino/sticky-pull-request-comment` from 2.9.3 to 2.9.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/d2ad0de260ae8b0235ce059e63f2949ba9e05943...773744901bac0e8cbb5a0dc842800d45e9b2b405)

Updates `anchore/sbom-action` from 0.20.2 to 0.20.6
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](https://github.com/anchore/sbom-action/compare/cee1b8e05ae5b2593a75e197229729eabaa9f8ec...f8bdd1d8ac5e901a77a92f111440fdb1b593736b)

---
updated-dependencies:
- dependency-name: PyO3/maturin-action
  dependency-version: 1.49.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cd.yml           | 8 ++++----
 .github/workflows/check-semver.yml | 4 ++--
 .github/workflows/docker.yml       | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 00e699010a..67dc9b1fc3 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -252,7 +252,7 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - name: Build Python wheels (linux)
         if: matrix.build.PYPI_PUBLISH == true && startsWith(matrix.build.NAME, 'linux')
-        uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
+        uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
         with:
           working-directory: pypi
           target: ${{ matrix.build.TARGET }}
@@ -264,7 +264,7 @@ jobs:
         if: |
           matrix.build.PYPI_PUBLISH == true &&
           (startsWith(matrix.build.OS, 'macos') || startsWith(matrix.build.OS, 'windows'))
-        uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
+        uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
         with:
           working-directory: pypi
           target: ${{ matrix.build.TARGET }}
@@ -272,7 +272,7 @@ jobs:
           sccache: "true"
       - name: Build Python wheels (musl)
         if: matrix.build.PYPI_PUBLISH == true && endsWith(matrix.build.OS, 'musl')
-        uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
+        uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
         with:
           working-directory: pypi
           target: ${{ matrix.build.TARGET }}
@@ -328,7 +328,7 @@ jobs:
           pattern: wheels-*
           merge-multiple: true
       - name: Publish to PyPI
-        uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
+        uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4
         env:
           MATURIN_PYPI_TOKEN: ${{ vars.USE_TESTPYPI == 'true' && secrets.TESTPYPI_API_TOKEN || secrets.PYPI_API_TOKEN }}
           MATURIN_REPOSITORY: ${{ vars.USE_TESTPYPI == 'true' && 'testpypi' || 'pypi' }}
diff --git a/.github/workflows/check-semver.yml b/.github/workflows/check-semver.yml
index c894d4b587..c33f0aa085 100644
--- a/.github/workflows/check-semver.yml
+++ b/.github/workflows/check-semver.yml
@@ -31,7 +31,7 @@ jobs:
     steps:
       - name: Comment
         if: ${{ needs.check-semver.outputs.error_message != null }}
-        uses: marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943 # v2.9.3
+        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
         with:
           header: pr-semver-check-error
           message: |
@@ -47,7 +47,7 @@ jobs:
 
       - name: Delete comment
         if: ${{ needs.check-semver.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943 # v2.9.3
+        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
         with:
           header: pr-semver-check-error
           delete: true
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index e6b7f9ea4d..941fb5474d 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -84,7 +84,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
 
       - name: Scan the image
-        uses: anchore/sbom-action@cee1b8e05ae5b2593a75e197229729eabaa9f8ec # v0.20.2
+        uses: anchore/sbom-action@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9
         with:
           image: ghcr.io/${{ github.repository_owner }}/git-cliff/git-cliff