From 3b78f893f80c5c92b596656ea1e1ea9424ca2c7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Feb 2024 22:14:40 +0000
Subject: [PATCH 1/3] chore(deps): bump actions/upload-artifact from 3.1.3 to
 4.3.1

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.3 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...5d5d22a31266ced268874388b861e4b58bb5c2f3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ossf_scorecard.yml                 | 2 +-
 .github/workflows/publish_v2_layer.yml               | 2 +-
 .github/workflows/record_pr.yml                      | 2 +-
 .github/workflows/reusable_deploy_v2_layer_stack.yml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index b74a138f692..d9e065bf1e8 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -35,7 +35,7 @@ jobs:
           repo_token: ${{ secrets.SCORECARD_TOKEN }}  # read-only fine-grained token to read branch protection settings
 
       - name: "Upload results"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: SARIF file
           path: results.sarif
diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index f067d02becd..e87e7e9970a 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -146,7 +146,7 @@ jobs:
       - name: zip output
         run: zip -r cdk.out.zip cdk.out
       - name: Archive CDK artifacts
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: cdk-layer-artefact
           path: layer/cdk.out.zip
diff --git a/.github/workflows/record_pr.yml b/.github/workflows/record_pr.yml
index b74dd4b4ee0..ddfd7c249a3 100644
--- a/.github/workflows/record_pr.yml
+++ b/.github/workflows/record_pr.yml
@@ -53,7 +53,7 @@ jobs:
           script: |
             const script = require('.github/scripts/save_pr_details.js')
             await script({github, context, core})
-      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: pr
           path: pr.txt
diff --git a/.github/workflows/reusable_deploy_v2_layer_stack.yml b/.github/workflows/reusable_deploy_v2_layer_stack.yml
index d271050fa86..8bae72e6af0 100644
--- a/.github/workflows/reusable_deploy_v2_layer_stack.yml
+++ b/.github/workflows/reusable_deploy_v2_layer_stack.yml
@@ -197,7 +197,7 @@ jobs:
           cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
       - name: Save Layer ARN artifact
         if: ${{ inputs.stage == 'PROD' }}
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: cdk-layer-stack
           path: ./layer/cdk-layer-stack/* # NOTE: upload-artifact does not inherit working-directory setting.

From afe4d00d640276aa3495b01d40e88c1d55c4e599 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Mon, 5 Feb 2024 23:00:07 +0000
Subject: [PATCH 2/3] Adding new required parameter

---
 .github/workflows/ossf_scorecard.yml                 | 1 +
 .github/workflows/publish_v2_layer.yml               | 1 +
 .github/workflows/record_pr.yml                      | 1 +
 .github/workflows/reusable_deploy_v2_layer_stack.yml | 1 +
 4 files changed, 4 insertions(+)

diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index d9e065bf1e8..cf7218d8c33 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -40,6 +40,7 @@ jobs:
           name: SARIF file
           path: results.sarif
           retention-days: 5
+          overwrite: true
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index ded91ac4313..713c8abd56b 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -150,6 +150,7 @@ jobs:
         with:
           name: cdk-layer-artefact
           path: layer/cdk.out.zip
+          overwrite: true
 
   beta:
     needs: build-layer
diff --git a/.github/workflows/record_pr.yml b/.github/workflows/record_pr.yml
index ddfd7c249a3..f0951b907da 100644
--- a/.github/workflows/record_pr.yml
+++ b/.github/workflows/record_pr.yml
@@ -58,3 +58,4 @@ jobs:
           name: pr
           path: pr.txt
           retention-days: 1
+          overwrite: true
diff --git a/.github/workflows/reusable_deploy_v2_layer_stack.yml b/.github/workflows/reusable_deploy_v2_layer_stack.yml
index ec8c928ae47..7a217d0a11c 100644
--- a/.github/workflows/reusable_deploy_v2_layer_stack.yml
+++ b/.github/workflows/reusable_deploy_v2_layer_stack.yml
@@ -203,5 +203,6 @@ jobs:
           path: ./layer/cdk-layer-stack/* # NOTE: upload-artifact does not inherit working-directory setting.
           if-no-files-found: error
           retention-days: 1
+          overwrite: true
       - name: CDK Deploy Canary
         run: npx cdk deploy --app cdk.out --context region=${{ matrix.region }} --parameters DeployStage="${{ inputs.stage }}" --parameters HasARM64Support=${{ matrix.has_arm64_support }} 'CanaryV2Stack' --require-approval never --verbose

From 7cfadf87b1e958b94d5ecbf78a1ad5b602ca4ece Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Tue, 6 Feb 2024 10:00:28 +0000
Subject: [PATCH 3/3] Addressing Andrea's feedback

---
 .github/workflows/ossf_scorecard.yml   | 1 -
 .github/workflows/publish_v2_layer.yml | 1 -
 .github/workflows/record_pr.yml        | 1 -
 3 files changed, 3 deletions(-)

diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml
index cf7218d8c33..d9e065bf1e8 100644
--- a/.github/workflows/ossf_scorecard.yml
+++ b/.github/workflows/ossf_scorecard.yml
@@ -40,7 +40,6 @@ jobs:
           name: SARIF file
           path: results.sarif
           retention-days: 5
-          overwrite: true
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index 713c8abd56b..ded91ac4313 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -150,7 +150,6 @@ jobs:
         with:
           name: cdk-layer-artefact
           path: layer/cdk.out.zip
-          overwrite: true
 
   beta:
     needs: build-layer
diff --git a/.github/workflows/record_pr.yml b/.github/workflows/record_pr.yml
index f0951b907da..ddfd7c249a3 100644
--- a/.github/workflows/record_pr.yml
+++ b/.github/workflows/record_pr.yml
@@ -58,4 +58,3 @@ jobs:
           name: pr
           path: pr.txt
           retention-days: 1
-          overwrite: true