From 63e06b814d93e1e410d68fc65638e074af9bd901 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Feb 2026 10:37:59 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 17 updates Bumps the github-actions group with 17 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.0` | `2.14.1` | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [psf/black](https://github.com/psf/black) | `25.12.0` | `26.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.32.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` | | [nick2bad4u/generate-repo-file-list](https://github.com/nick2bad4u/generate-repo-file-list) | `0b66b048983ecaef45cb1bc7acc6c81e1d210de7` | `f1342075abdb94a6134398776eafce7931fd1444` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `9.2.0` | `9.3.0` | | [google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml](https://github.com/google/osv-scanner-action) | `2.3.1` | `2.3.2` | | [google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml](https://github.com/google/osv-scanner-action) | `2.3.1` | `2.3.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.2.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.0` | | [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) | `0.56.0` | `0.58.0` | | [actions/ai-inference](https://github.com/actions/ai-inference) | `2.0.4` | `2.0.5` | | [super-linter/super-linter](https://github.com/super-linter/super-linter) | `8.3.2` | `8.4.0` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.92.4` | `3.92.5` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.41.0` | `1.42.3` | Updates `step-security/harden-runner` from 2.14.0 to 2.14.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9) Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `psf/black` from 25.12.0 to 26.1.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](https://github.com/psf/black/compare/782e5605c86aab56be6f905da10dcd3e463fd9c2...6305bf1ae645ab7541be4f5028a86239316178eb) Updates `github/codeql-action` from 4.31.9 to 4.32.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...b20883b0cd1f46c72ae0ba6d1090936928f9fa30) Updates `actions/cache` from 5.0.1 to 5.0.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...cdf6c1fa76f9f475f3d7449005a359c84ca0f306) Updates `actions/setup-python` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/83679a892e2d95755f2dac6acb0bfd1e9ac5d548...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `nick2bad4u/generate-repo-file-list` from 0b66b048983ecaef45cb1bc7acc6c81e1d210de7 to f1342075abdb94a6134398776eafce7931fd1444 - [Release notes](https://github.com/nick2bad4u/generate-repo-file-list/releases) - [Commits](https://github.com/nick2bad4u/generate-repo-file-list/compare/0b66b048983ecaef45cb1bc7acc6c81e1d210de7...f1342075abdb94a6134398776eafce7931fd1444) Updates `oxsecurity/megalinter` from 9.2.0 to 9.3.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/55a59b24a441e0e1943080d4a512d827710d4a9d...42bb470545e359597e7f12156947c436e4e3fb9a) Updates `google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](https://github.com/google/osv-scanner-action/compare/375a0e8ebdc98e99b02ac4338a724f5750f21213...2a387edfbe02a11d856b89172f6e978100177eb4) Updates `google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml` from 2.3.1 to 2.3.2 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](https://github.com/google/osv-scanner-action/compare/375a0e8ebdc98e99b02ac4338a724f5750f21213...2a387edfbe02a11d856b89172f6e978100177eb4) Updates `actions/setup-node` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/395ad3262231945c25e8478fd5baf05154b1d79f...6044e13b5dc448c55e2357c09f80417699197238) Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/98357b18bf14b5342f975ff684046ec3b2a07725...c0f553fe549906ede9cf27b5156039d195d2ece0) Updates `rojopolis/spellcheck-github-actions` from 0.56.0 to 0.58.0 - [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases) - [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md) - [Commits](https://github.com/rojopolis/spellcheck-github-actions/compare/cebe06444da3ac5e9d3146f5f02a0e2a236f7488...0bf4b2f91efa259b52c202b09b0c3845c524ff36) Updates `actions/ai-inference` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/actions/ai-inference/releases) - [Commits](https://github.com/actions/ai-inference/compare/334892bb203895caaed82ec52d23c1ed9385151e...a6101c89c6feaecc585efdd8d461f18bb7896f20) Updates `super-linter/super-linter` from 8.3.2 to 8.4.0 - [Release notes](https://github.com/super-linter/super-linter/releases) - [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md) - [Commits](https://github.com/super-linter/super-linter/compare/d5b0a2ab116623730dd094f15ddc1b6b25bf7b99...12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e) Updates `trufflesecurity/trufflehog` from 3.92.4 to 3.92.5 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/ef6e76c3c4023279497fab4721ffa071a722fd05...116e7171542d2f1dad8810f00dcfacbe0b809183) Updates `crate-ci/typos` from 1.41.0 to 1.42.3 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](https://github.com/crate-ci/typos/compare/5c19779cb52ea50e151f5a10333ccd269227b5ae...06d010dfe4c84fdab1a25ea02b57b3585018ba80) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: psf/black dependency-version: 26.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nick2bad4u/generate-repo-file-list dependency-version: f1342075abdb94a6134398776eafce7931fd1444 dependency-type: direct:production dependency-group: github-actions - dependency-name: oxsecurity/megalinter dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: rojopolis/spellcheck-github-actions dependency-version: 0.58.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/ai-inference dependency-version: 2.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: super-linter/super-linter dependency-version: 8.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.92.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: crate-ci/typos dependency-version: 1.42.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ActionLint.yml | 4 ++-- .github/workflows/Bandit.yml | 4 ++-- .github/workflows/Snake.yml | 2 +- .github/workflows/black-formatter.yml | 6 +++--- .github/workflows/codeql.yml | 10 +++++----- .github/workflows/deno.yml | 4 ++-- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/devskim.yml | 6 +++--- .github/workflows/eslint.yml | 8 ++++---- .github/workflows/generate-file-list.yml | 8 ++++---- .github/workflows/git-sizer-dispatch.yml | 4 ++-- .github/workflows/git-sizer.yml | 2 +- .github/workflows/gitleaks.yml | 4 ++-- .github/workflows/greetings.yml | 2 +- .github/workflows/label.yml | 4 ++-- .github/workflows/main.yml | 6 +++--- .github/workflows/mega-linter.yml | 6 +++--- .github/workflows/npm-audit.yml | 6 +++--- .github/workflows/ossar.yml | 6 +++--- .github/workflows/osv-scanner.yml | 4 ++-- .github/workflows/prettier.yml | 8 ++++---- .github/workflows/pssecret-scanner.yml | 4 ++-- .github/workflows/rebase.yml | 4 ++-- .github/workflows/repo-stats.yml | 2 +- .github/workflows/scorecards.yml | 6 +++--- .github/workflows/security-devops.yml | 6 +++--- .github/workflows/semgrep.yml | 4 ++-- .github/workflows/sitemap.yml | 6 +++--- .github/workflows/sobelow.yml | 4 ++-- .github/workflows/spelling_action.yml | 6 +++--- .github/workflows/stale.yml | 2 +- .github/workflows/static.yml | 4 ++-- .github/workflows/stylelint.yml | 4 ++-- .github/workflows/summary.yml | 6 +++--- .github/workflows/super-linter.yml | 6 +++--- .github/workflows/trufflehog.yml | 6 +++--- .github/workflows/typos.yml | 6 +++--- 37 files changed, 92 insertions(+), 92 deletions(-) diff --git a/.github/workflows/ActionLint.yml b/.github/workflows/ActionLint.yml index c66fd6ac..4efdcec9 100644 --- a/.github/workflows/ActionLint.yml +++ b/.github/workflows/ActionLint.yml @@ -36,10 +36,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: devops-actions/actionlint@467e2ce19b2310e93c9ffa0b50fe31f86b5a7f23 #v0.1.10 continue-on-error: true id: action-lint diff --git a/.github/workflows/Bandit.yml b/.github/workflows/Bandit.yml index 96871fee..c3230ace 100644 --- a/.github/workflows/Bandit.yml +++ b/.github/workflows/Bandit.yml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block @@ -63,7 +63,7 @@ jobs: github.com:443 pypi.org:443 - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Bandit Scan uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c with: # optional arguments diff --git a/.github/workflows/Snake.yml b/.github/workflows/Snake.yml index 9e810ca9..20ecc943 100644 --- a/.github/workflows/Snake.yml +++ b/.github/workflows/Snake.yml @@ -46,7 +46,7 @@ jobs: steps: # generates a snake game from a github user () contributions graph, output a svg animation at - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/black-formatter.yml b/.github/workflows/black-formatter.yml index 51639b96..62cf50b2 100644 --- a/.github/workflows/black-formatter.yml +++ b/.github/workflows/black-formatter.yml @@ -37,7 +37,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true # Disable sudo to prevent privilege escalation egress-policy: block # Block all egress traffic @@ -48,8 +48,8 @@ jobs: # Step to checkout the repository code - name: Checkout Code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Step to run the Black code formatter - name: Run Black Formatter - uses: psf/black@782e5605c86aab56be6f905da10dcd3e463fd9c2 # stable + uses: psf/black@6305bf1ae645ab7541be4f5028a86239316178eb # stable diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0afa557d..8a6cebce 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -66,16 +66,16 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -85,7 +85,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -98,6 +98,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/deno.yml b/.github/workflows/deno.yml index ec50a7cf..bbb4f5ea 100644 --- a/.github/workflows/deno.yml +++ b/.github/workflows/deno.yml @@ -46,12 +46,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Setup repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Deno # uses: denoland/setup-deno@v1 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4797871d..3374a3ae 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -39,11 +39,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: "Checkout Repository" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Dependency Review" uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 5c8a4aa6..22a1c702 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -30,12 +30,12 @@ jobs: security-events: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1.0.16 @@ -63,6 +63,6 @@ jobs: path: devskim-results.sarif - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index c85dd263..5a53d9e1 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -44,15 +44,15 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache node modules - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ./node_modules key: ${{ runner.os }}-.-node-modules-${{ hashFiles('./package-lock.json') }} @@ -72,7 +72,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v2.27.0 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v2.27.0 with: sarif_file: eslint-results.sarif wait-for-processing: true diff --git a/.github/workflows/generate-file-list.yml b/.github/workflows/generate-file-list.yml index 9a5ba48e..2e73f0a7 100644 --- a/.github/workflows/generate-file-list.yml +++ b/.github/workflows/generate-file-list.yml @@ -17,12 +17,12 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: List files in the repository run: | @@ -36,7 +36,7 @@ jobs: fi - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" @@ -55,7 +55,7 @@ jobs: # For example: pip install requests - name: Run Generate Repo File List Action - uses: nick2bad4u/generate-repo-file-list@0b66b048983ecaef45cb1bc7acc6c81e1d210de7 # main + uses: nick2bad4u/generate-repo-file-list@f1342075abdb94a6134398776eafce7931fd1444 # main with: log-level: "INFO" directory: "." diff --git a/.github/workflows/git-sizer-dispatch.yml b/.github/workflows/git-sizer-dispatch.yml index bf2c437f..162f2c0a 100644 --- a/.github/workflows/git-sizer-dispatch.yml +++ b/.github/workflows/git-sizer-dispatch.yml @@ -14,12 +14,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Use local git-sizer action id: sizer diff --git a/.github/workflows/git-sizer.yml b/.github/workflows/git-sizer.yml index 7926225a..90867691 100644 --- a/.github/workflows/git-sizer.yml +++ b/.github/workflows/git-sizer.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 35c2534d..2e062a51 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9 diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index cb177901..80105492 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -26,7 +26,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit # Set egress policy to audit diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index b00617af..b142bc53 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -17,7 +17,7 @@ # # Steps: # - Harden Runner: Uses the step-security/harden-runner action to enhance security. -# - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 +# - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # - with: # - egress-policy: audit - Audits egress traffic. # @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 20b91365..505f59cc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,12 +30,12 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Pages uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - name: Build with Jekyll @@ -58,7 +58,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index bb82cdb8..962a8fa0 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -19,16 +19,16 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: MegaLinter id: megalinter - uses: oxsecurity/megalinter@55a59b24a441e0e1943080d4a512d827710d4a9d # v9.2.0 + uses: oxsecurity/megalinter@42bb470545e359597e7f12156947c436e4e3fb9a # v9.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DISABLE_LINTERS: SPELL_CSPELL diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 96809273..0fdf95e0 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -18,14 +18,14 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache node modules - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ./node_modules key: ${{ runner.os }}-.-node-modules-${{ hashFiles('./package-lock.json') }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index 3b9aa1b7..a6df9d5a 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -31,13 +31,13 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit # Step to checkout the repository - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Ensure a compatible version of dotnet is installed. # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. @@ -56,6 +56,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index 4ef332d9..a8986b64 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -60,11 +60,11 @@ concurrency: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@375a0e8ebdc98e99b02ac4338a724f5750f21213" # v2.3.1 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@2a387edfbe02a11d856b89172f6e978100177eb4" # v2.3.2 with: scan-args: ./package-lock.json --fail-on-vuln=false scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@375a0e8ebdc98e99b02ac4338a724f5750f21213" # v2.3.1 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@2a387edfbe02a11d856b89172f6e978100177eb4" # v2.3.2 with: scan-args: ./package-lock.json --fail-on-vuln=false diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index 73b6d393..d052b8f1 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -14,20 +14,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: 20 - name: Cache node modules - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ./node_modules key: ${{ runner.os }}-.-node-modules-${{ hashFiles('./package-lock.json') }} diff --git a/.github/workflows/pssecret-scanner.yml b/.github/workflows/pssecret-scanner.yml index ff155628..fbebef56 100644 --- a/.github/workflows/pssecret-scanner.yml +++ b/.github/workflows/pssecret-scanner.yml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # PowerShell is available by default on ubuntu-latest, so no setup step is required - name: Install PSSecretScanner shell: pwsh diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 7228b5be..66abfa8b 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -23,12 +23,12 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout the latest code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 # otherwise, you will fail to push refs to dest repo diff --git a/.github/workflows/repo-stats.yml b/.github/workflows/repo-stats.yml index e427396d..83a4efac 100644 --- a/.github/workflows/repo-stats.yml +++ b/.github/workflows/repo-stats.yml @@ -17,7 +17,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 95237c0b..2e536c46 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -65,12 +65,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -105,6 +105,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v2.27.0 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v2.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/security-devops.yml b/.github/workflows/security-devops.yml index 7ad6989b..020a8502 100644 --- a/.github/workflows/security-devops.yml +++ b/.github/workflows/security-devops.yml @@ -19,15 +19,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Microsoft Security DevOps uses: microsoft/security-devops-action@d0736c546281e0632667b8e0046ae3d7bba0bf67 # latest id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index d7d5a490..4b73b1dc 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -47,9 +47,9 @@ jobs: image: returntocorp/semgrep steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: semgrep ci diff --git a/.github/workflows/sitemap.yml b/.github/workflows/sitemap.yml index 0da79590..1ed7d2c4 100644 --- a/.github/workflows/sitemap.yml +++ b/.github/workflows/sitemap.yml @@ -16,7 +16,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: audit @@ -25,7 +25,7 @@ jobs: # Step to checkout the repository - name: Checkout the repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -47,7 +47,7 @@ jobs: # Step to create a pull request with the new sitemap - name: Create Pull Request with new SiteMap id: create_pr - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: title: "Automated sitemap update" body: > diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index cea775a3..07401abe 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: false egress-policy: audit @@ -64,7 +64,7 @@ jobs: repo.hex.pm:443 sobelow.io:443 - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: run-action uses: sobelow/action@4c2cc216597acef2c5f8b4b2e49ad591be36ce36 continue-on-error: true diff --git a/.github/workflows/spelling_action.yml b/.github/workflows/spelling_action.yml index 250d735b..7531165d 100644 --- a/.github/workflows/spelling_action.yml +++ b/.github/workflows/spelling_action.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: rojopolis/spellcheck-github-actions@cebe06444da3ac5e9d3146f5f02a0e2a236f7488 # 0.56.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: rojopolis/spellcheck-github-actions@0bf4b2f91efa259b52c202b09b0c3845c524ff36 # 0.58.0 name: Spellcheck continue-on-error: true with: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a7187970..bb3164b6 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index c11ea2e3..ce4057ac 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -30,12 +30,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Pages uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - name: Upload artifact diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml index c5c144e5..356a49b2 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -22,12 +22,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout Repo Code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run StyleLint uses: Nick2bad4u/stylelint@bac953a3225dbed8bfafd5e66b274983892d434d # master diff --git a/.github/workflows/summary.yml b/.github/workflows/summary.yml index 5c1fc8c0..ec336794 100644 --- a/.github/workflows/summary.yml +++ b/.github/workflows/summary.yml @@ -19,16 +19,16 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run AI inference id: inference - uses: actions/ai-inference@334892bb203895caaed82ec52d23c1ed9385151e # v2.0.4 + uses: actions/ai-inference@a6101c89c6feaecc585efdd8d461f18bb7896f20 # v2.0.5 with: prompt: | Summarize the following GitHub issue in one paragraph: diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 2791995f..9c415f4e 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -50,18 +50,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 - name: Lint Code Base - uses: super-linter/super-linter@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2 + uses: super-linter/super-linter@12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e # v8.4.0 #checkov:skip=skip-check:CKV2_GHA_1 env: DEFAULT_BRANCH: "main" diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 5e9b9e72..8d2556e4 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -17,16 +17,16 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Secret Scanning (entire repo) - uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4 + uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3.92.5 with: base: "" head: ${{ github.ref_name }} diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml index ac8aea64..5babf369 100644 --- a/.github/workflows/typos.yml +++ b/.github/workflows/typos.yml @@ -17,14 +17,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run typos (spell checker) - uses: crate-ci/typos@5c19779cb52ea50e151f5a10333ccd269227b5ae # v1.41.0 + uses: crate-ci/typos@06d010dfe4c84fdab1a25ea02b57b3585018ba80 # v1.42.3 with: files: | tests