From b80a432a915dca51f64f7487614011d267fb964c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jun 2026 18:34:03 +0000
Subject: [PATCH] Bump the github-actions group across 1 directory with 4
 updates

Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) and [actions/github-script](https://github.com/actions/github-script).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `dawidd6/action-download-artifact` from 19 to 21
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/v19...v21)

Updates `actions/github-script` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '21'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build.yml              | 6 +++---
 .github/workflows/codespell.yml          | 2 +-
 .github/workflows/deploy-pr-preview.yml  | 6 +++---
 .github/workflows/ohm.publish-to-npm.yml | 2 +-
 .github/workflows/staging.yml            | 4 ++--
 .github/workflows/transifex.yml          | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ad98e32da00..5ca87fa96e5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,7 +25,7 @@ jobs:
           - { v: 24, isLatest: yes }
 
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
     - name: Use Node.js ${{ matrix.node-version.v }}
       uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
       with:
@@ -37,7 +37,7 @@ jobs:
 
     - name: '[PR Preview] Upload dist folder'
       if: ${{github.event_name == 'pull_request' && matrix.node-version.isLatest}}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: dist
         path: |
@@ -52,7 +52,7 @@ jobs:
 
     - name: '[PR Preview] Upload PR metadata'
       if: ${{github.event_name == 'pull_request' && matrix.node-version.isLatest}}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: pr_metadata
         path: ./pr_metadata.ini
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 477e02a1a52..9c33a0f740f 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -11,7 +11,7 @@ jobs:
     name: Check for spelling errors
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2
         with:
           check_filenames: true
diff --git a/.github/workflows/deploy-pr-preview.yml b/.github/workflows/deploy-pr-preview.yml
index 58f98ee4db2..c648cc98eac 100644
--- a/.github/workflows/deploy-pr-preview.yml
+++ b/.github/workflows/deploy-pr-preview.yml
@@ -17,7 +17,7 @@ jobs:
     environment: workflows
     if: ${{github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'}}
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
 
       - uses: actions/setup-node@v6
         with:
@@ -25,7 +25,7 @@ jobs:
       - run: npm clean-install
 
       - name: Download all artifacts (dist folder and pr_metadata)
-        uses: dawidd6/action-download-artifact@v19
+        uses: dawidd6/action-download-artifact@v21
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           run_id: ${{github.event.workflow_run.id}}
@@ -42,7 +42,7 @@ jobs:
         run: ./node_modules/.bin/netlify deploy --no-build --dir=. --alias=pr-${{steps.pr_metadata.outputs.pr}}
 
       - name: Run afterDeploy script
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           script: |
             const { afterDeploy } = await import('${{github.workspace}}/scripts/pr_preview.js');
diff --git a/.github/workflows/ohm.publish-to-npm.yml b/.github/workflows/ohm.publish-to-npm.yml
index c79c2bdd992..1666e650915 100644
--- a/.github/workflows/ohm.publish-to-npm.yml
+++ b/.github/workflows/ohm.publish-to-npm.yml
@@ -9,7 +9,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v6
         with:
diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
index d7b06dd5c68..b2b539441f2 100644
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@@ -13,13 +13,13 @@ jobs:
     runs-on: ubuntu-latest
     environment: workflows
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v7
       - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
       # install and build development version of id-tagging-schema
       - name: Checkout the id-tagging-schema repository code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           repository: openstreetmap/id-tagging-schema
           path: './id-tagging-schema'
diff --git a/.github/workflows/transifex.yml b/.github/workflows/transifex.yml
index fb8f769defe..d328a416927 100644
--- a/.github/workflows/transifex.yml
+++ b/.github/workflows/transifex.yml
@@ -19,7 +19,7 @@ jobs:
     environment: workflows
 
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Install Transifex client
       run: |
         curl -o- https://raw.githubusercontent.com/transifex/cli/master/install.sh | bash