From 8040f1db4809765ae73897cfcebd37d702a953c6 Mon Sep 17 00:00:00 2001
From: natsuoto <279971144+natsuoto@users.noreply.github.com>
Date: Tue, 28 Apr 2026 15:56:29 +0530
Subject: chore: bump GitHub Actions to current major versions

Pure version bumps; workflow behavior is unchanged.

- actions/checkout              v3 -> v5
- actions/setup-python          v3 -> v5
- github/codeql-action/{init,autobuild,analyze}  v2 -> v3
- pypa/gh-action-pypi-publish   SHA-pinned -> v1.14.0 SHA, with
  trailing version comment for human readability

The @v3 actions ran on the deprecated Node 16 runtime; @v5 (and
codeql-action @v3) all use Node 20, the current GitHub-supported
runtime. Third-party pypa publish action stays SHA-pinned for
supply-chain safety.

Closes #34
---
 .github/workflows/python-publish.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to '.github/workflows/python-publish.yml')

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index ec70354..a9e0e8f 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -21,9 +21,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v5
     - name: Set up Python
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
     - name: Install dependencies
@@ -33,7 +33,7 @@ jobs:
     - name: Build package
       run: python -m build
     - name: Publish package
-      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
+      uses: pypa/gh-action-pypi-publish@6733eb7d741f0b11ec6a39b58540dab7590f9b7d  # v1.14.0
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}
-- 
cgit v1.2.3