build(deps): bump gittools/actions from 4.3.2 to 4.3.3

[dependabot]

Bumps gittools/actions from 4.3.2 to 4.3.3.

Release notes

Sourced from gittools/actions's releases.

v4.3.3

As part of this release we had 10 commits which resulted in 1 issue being closed.

Improvements

• [#1970](GitTools/actions#1970) Move re-usable steps into composite actions in the gittools/cicd repository

SHA256 Hashes of the release artifacts

• 2207bbdf742767043711581535de911ec26a90c005ba3740e1f0f2dcfd2628c0 - gittools.gittools-4.3.3.260223212.vsix

Commits

• 71a79f7 ci(prerelease): Reorder Azure publish step
• 4f04507 ci(workflow): Add spacing between CI steps
• 4561fe2 Merge pull request #1971 from arturcic/feature/cicd-actions
• 1f7aa5c ci(workflows): Consolidate authentication and checkout
• 8fa637c ci(actions): Use external git-commit-push action
• bb57576 Merge pull request #1969 from GitTools/dependabot/npm_and_yarn/simple-git-3.32.2
• 2f83d75 (npm): Bump simple-git from 3.32.1 to 3.32.2
• b3e1c2f Merge pull request #1968 from GitTools/dependabot/npm_and_yarn/simple-git-3.32.1
• 6230abb (npm): Bump simple-git from 3.31.1 to 3.32.1
• 7b454d4 update examples version to 4.3.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sophie-syntax]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Supply chain risk: the workflow references gittools/actions/...@v4.3.3 by tag. Tags are mutable, so an upstream compromise or retag could execute untrusted code in CI. Prefer pinning to a specific commit SHA (and optionally using Dependabot to keep SHAs updated).

⚡ Recommended focus areas for review Compatibility Validate that gittools/actions/gitversion/setup and gittools/actions/gitversion/execute behavior and outputs are unchanged in v4.3.3 (e.g., variables/outputs consumed later in the workflow, tagging behavior), and that the workflow still succeeds on master. - name: Install GitVersion uses: gittools/actions/gitversion/setup@v4.3.3 with: versionSpec: "6.x" - name: Version with GitVersion # https://github.com/marketplace/actions/use-actions id: gitversion uses: gittools/actions/gitversion/execute@v4.3.3 Supply Chain Consider pinning third-party GitHub Actions to an immutable commit SHA instead of a mutable tag to reduce the risk of upstream tag retargeting. uses: gittools/actions/gitversion/setup@v4.3.3 with: versionSpec: "6.x" - name: Version with GitVersion # https://github.com/marketplace/actions/use-actions id: gitversion uses: gittools/actions/gitversion/execute@v4.3.3

[sophie-syntax]

PR Code Suggestions ✨

No code suggestions found for the PR.

[dependabot]

Looks like gittools/actions is up-to-date now, so this is no longer needed.