From 4e4f1c999d3be0f7dbe9300351905fc1f0afe271 Mon Sep 17 00:00:00 2001
From: Chris Fenner <cfenn@google.com>
Date: Fri, 19 Dec 2025 13:32:54 -0800
Subject: [PATCH 1/3] bump the version of various github action dependencies

---
 .github/workflows/pr.yml      |  6 +++---
 .github/workflows/push.yml    |  6 +++---
 .github/workflows/release.yml |  6 +++---
 .github/workflows/render.yml  | 10 +++++-----
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 1998421..f3cdaf4 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -42,20 +42,20 @@ jobs:
       # Login against a Docker registry
       # https://github.com/docker/login-action
       - name: Log into registry
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3.10.0
+        uses: docker/setup-buildx-action@v3.12.0
 
       # Build and push Docker image as "pandoc_test"
       # Only amd64, since we're just building a container
       # to be used below in the GH action runner.
       - name: Build and publish Docker image
-        uses: docker/build-push-action@v6.16.0
+        uses: docker/build-push-action@v6.18.0
         with:
           # Cache layers from the container repo.
           # Read-only: Avoid cluttering up the cache on pull requests.
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 008bad4..e2034c7 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -35,7 +35,7 @@ jobs:
       # Login against a Docker registry
       # https://github.com/docker/login-action
       - name: Log into registry
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -49,7 +49,7 @@ jobs:
           platforms: all
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3.10.0
+        uses: docker/setup-buildx-action@v3.12.0
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
@@ -65,7 +65,7 @@ jobs:
       # Build and push Docker image with Buildx
       # https://github.com/docker/build-push-action
       - name: Build and publish Docker image
-        uses: docker/build-push-action@v6.16.0
+        uses: docker/build-push-action@v6.18.0
         with:
           # Cache layers from the container repo.
           # Update the cache only on pushes to main.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4b5cfa2..6b101a0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,7 +35,7 @@ jobs:
       # Login against a Docker registry
       # https://github.com/docker/login-action
       - name: Log into registry
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -49,7 +49,7 @@ jobs:
           platforms: all
 
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v3.10.0
+        uses: docker/setup-buildx-action@v3.12.0
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action
@@ -65,7 +65,7 @@ jobs:
       # Build and push Docker image with Buildx
       # https://github.com/docker/build-push-action
       - name: Build and publish Docker image
-        uses: docker/build-push-action@v6.16.0
+        uses: docker/build-push-action@v6.18.0
         with:
           # Cache layers from the container repo.
           # Read-only: Releasing shouldn't be doing anything that wasn't already 
diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml
index 3e88152..487b643 100644
--- a/.github/workflows/render.yml
+++ b/.github/workflows/render.yml
@@ -53,7 +53,7 @@ jobs:
           echo output filename: ${filename}
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           ref: ${{ inputs.revision }}
           fetch-depth: 0
@@ -63,7 +63,7 @@ jobs:
       # key so that the cache is invalidated upon file change or container
       # version change.
       - name: Cache LaTeX files
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         env:
           cache-name: cache-latex-${{ inputs.input }}-files
         with:
@@ -111,7 +111,7 @@ jobs:
       # Upload the PDF to the release in 'release' mode
       - name: Upload to release
         if: inputs.workflow == 'release'
-        uses: svenstaro/upload-release-action@v2
+        uses: svenstaro/upload-release-action@v2.11
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}*.pdf
@@ -121,14 +121,14 @@ jobs:
           file_glob: true
       # Always upload all PDF and log files to the workflow artifacts
       - name: Upload pdfs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}.pdf
           path: |
             ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}*.pdf
         if: always()
       - name: Upload logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}.log
           path: |

From 20d3494e431ef83d1640e5128bff3d04442965c1 Mon Sep 17 00:00:00 2001
From: Chris Fenner <cfenn@google.com>
Date: Fri, 19 Dec 2025 13:35:55 -0800
Subject: [PATCH 2/3] be more specific about svenstaro/upload

---
 .github/workflows/render.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml
index 487b643..247ea1a 100644
--- a/.github/workflows/render.yml
+++ b/.github/workflows/render.yml
@@ -111,7 +111,7 @@ jobs:
       # Upload the PDF to the release in 'release' mode
       - name: Upload to release
         if: inputs.workflow == 'release'
-        uses: svenstaro/upload-release-action@v2.11
+        uses: svenstaro/upload-release-action@v2.11.3
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}*.pdf

From 524c5ae27948c51469684fecc7b370cd644fe44e Mon Sep 17 00:00:00 2001
From: Chris Fenner <cfenn@google.com>
Date: Fri, 19 Dec 2025 13:37:11 -0800
Subject: [PATCH 3/3] be less specific about svenstaro/upload

---
 .github/workflows/render.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml
index 247ea1a..cf5ef5f 100644
--- a/.github/workflows/render.yml
+++ b/.github/workflows/render.yml
@@ -111,7 +111,7 @@ jobs:
       # Upload the PDF to the release in 'release' mode
       - name: Upload to release
         if: inputs.workflow == 'release'
-        uses: svenstaro/upload-release-action@v2.11.3
+        uses: svenstaro/upload-release-action@v2
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: ${{ steps.gen_output_name.outputs.OUTPUT_FILENAME }}*.pdf