diff --git a/.github/workflows/ActionLint.yml b/.github/workflows/ActionLint.yml index 4efdcec9..57038d66 100644 --- a/.github/workflows/ActionLint.yml +++ b/.github/workflows/ActionLint.yml @@ -36,10 +36,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: devops-actions/actionlint@467e2ce19b2310e93c9ffa0b50fe31f86b5a7f23 #v0.1.10 + - uses: devops-actions/actionlint@469810fd82c015d3c43815cd2b0e4d02eecc4819 #v0.1.11 continue-on-error: true id: action-lint diff --git a/.github/workflows/Bandit.yml b/.github/workflows/Bandit.yml index c3230ace..abda55cf 100644 --- a/.github/workflows/Bandit.yml +++ b/.github/workflows/Bandit.yml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/Snake.yml b/.github/workflows/Snake.yml index 20ecc943..64e21879 100644 --- a/.github/workflows/Snake.yml +++ b/.github/workflows/Snake.yml @@ -46,7 +46,7 @@ jobs: steps: # generates a snake game from a github user () contributions graph, output a svg animation at - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/black-formatter.yml b/.github/workflows/black-formatter.yml index 62cf50b2..a63b1620 100644 --- a/.github/workflows/black-formatter.yml +++ b/.github/workflows/black-formatter.yml @@ -37,7 +37,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: disable-sudo: true # Disable sudo to prevent privilege escalation egress-policy: block # Block all egress traffic diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8a6cebce..d1cf54ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -75,7 +75,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -85,7 +85,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -98,6 +98,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/deno.yml b/.github/workflows/deno.yml index bbb4f5ea..98ce6f12 100644 --- a/.github/workflows/deno.yml +++ b/.github/workflows/deno.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3374a3ae..91c037e1 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -39,11 +39,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - name: "Checkout Repository" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Dependency Review" - uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 + uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.8.3 diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 22a1c702..87636ccc 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -30,7 +30,7 @@ jobs: security-events: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -57,12 +57,12 @@ jobs: done - name: Upload DevSkim SARIF as artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: devskim-results path: devskim-results.sarif - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 5a53d9e1..bc3abdaf 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -44,7 +44,7 @@ jobs: actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -72,13 +72,13 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v2.27.0 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v2.27.0 with: sarif_file: eslint-results.sarif wait-for-processing: true - name: Upload ESLint SARIF as artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: eslint-results path: eslint-results.sarif diff --git a/.github/workflows/generate-file-list.yml b/.github/workflows/generate-file-list.yml index 2e73f0a7..3a75c598 100644 --- a/.github/workflows/generate-file-list.yml +++ b/.github/workflows/generate-file-list.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -55,7 +55,7 @@ jobs: # For example: pip install requests - name: Run Generate Repo File List Action - uses: nick2bad4u/generate-repo-file-list@f1342075abdb94a6134398776eafce7931fd1444 # main + uses: nick2bad4u/generate-repo-file-list@07b49868e86da4ee6121ea33b3f2beabd87bb87f # main with: log-level: "INFO" directory: "." diff --git a/.github/workflows/git-sizer-dispatch.yml b/.github/workflows/git-sizer-dispatch.yml index 162f2c0a..ab29a31c 100644 --- a/.github/workflows/git-sizer-dispatch.yml +++ b/.github/workflows/git-sizer-dispatch.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/git-sizer.yml b/.github/workflows/git-sizer.yml index 90867691..3ee9b9be 100644 --- a/.github/workflows/git-sizer.yml +++ b/.github/workflows/git-sizer.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 2e062a51..98037682 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 80105492..99415b89 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -26,7 +26,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit # Set egress policy to audit diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index b142bc53..a3008481 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -17,7 +17,7 @@ # # Steps: # - Harden Runner: Uses the step-security/harden-runner action to enhance security. -# - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 +# - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # - with: # - egress-policy: audit - Audits egress traffic. # @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 505f59cc..669cc8dd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,7 +30,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -58,7 +58,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 962a8fa0..4acc5035 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -28,7 +28,7 @@ jobs: - name: MegaLinter id: megalinter - uses: oxsecurity/megalinter@42bb470545e359597e7f12156947c436e4e3fb9a # v9.3.0 + uses: oxsecurity/megalinter@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DISABLE_LINTERS: SPELL_CSPELL @@ -50,7 +50,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: success() || failure() - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: MegaLinter reports path: | diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml index 0fdf95e0..ee9b35fc 100644 --- a/.github/workflows/npm-audit.yml +++ b/.github/workflows/npm-audit.yml @@ -18,7 +18,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -35,7 +35,7 @@ jobs: - name: install dependencies run: npm install - - uses: oke-py/npm-audit-action@6ec7878c81d7dfe2b3295a63e1a608e9c952f46a # v3.0.0 + - uses: oke-py/npm-audit-action@f02a3cf15e7a1860efac849dd45126f9c2cafe4f # v4.0.1 with: audit_level: high github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index a6df9d5a..80d72806 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -31,7 +31,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -56,6 +56,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index a8986b64..dfbca133 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -60,11 +60,11 @@ concurrency: jobs: scan-scheduled: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@2a387edfbe02a11d856b89172f6e978100177eb4" # v2.3.2 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 with: scan-args: ./package-lock.json --fail-on-vuln=false scan-pr: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@2a387edfbe02a11d856b89172f6e978100177eb4" # v2.3.2 + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3 with: scan-args: ./package-lock.json --fail-on-vuln=false diff --git a/.github/workflows/prettier.yml b/.github/workflows/prettier.yml index d052b8f1..3fe2be0d 100644 --- a/.github/workflows/prettier.yml +++ b/.github/workflows/prettier.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/pssecret-scanner.yml b/.github/workflows/pssecret-scanner.yml index fbebef56..930e41d4 100644 --- a/.github/workflows/pssecret-scanner.yml +++ b/.github/workflows/pssecret-scanner.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 66abfa8b..0abd265c 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -23,7 +23,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/repo-stats.yml b/.github/workflows/repo-stats.yml index 83a4efac..e50f36da 100644 --- a/.github/workflows/repo-stats.yml +++ b/.github/workflows/repo-stats.yml @@ -17,7 +17,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2e536c46..e397f6ac 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -65,7 +65,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -97,7 +97,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: SARIF file path: results.sarif @@ -105,6 +105,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v2.27.0 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v2.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/security-devops.yml b/.github/workflows/security-devops.yml index 020a8502..8c0680fa 100644 --- a/.github/workflows/security-devops.yml +++ b/.github/workflows/security-devops.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -28,6 +28,6 @@ jobs: uses: microsoft/security-devops-action@d0736c546281e0632667b8e0046ae3d7bba0bf67 # latest id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 4b73b1dc..457a068b 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -47,7 +47,7 @@ jobs: image: returntocorp/semgrep steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/sitemap.yml b/.github/workflows/sitemap.yml index 1ed7d2c4..7a432696 100644 --- a/.github/workflows/sitemap.yml +++ b/.github/workflows/sitemap.yml @@ -16,7 +16,7 @@ jobs: steps: # Step to harden the runner for security purposes - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index 07401abe..ee7a870a 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: disable-sudo: false egress-policy: audit diff --git a/.github/workflows/spelling_action.yml b/.github/workflows/spelling_action.yml index 7531165d..921c90b9 100644 --- a/.github/workflows/spelling_action.yml +++ b/.github/workflows/spelling_action.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -28,7 +28,7 @@ jobs: with: config_path: .github/.spellcheck.yml output_file: spellcheck-output.txt - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: ${{ !cancelled() }} with: name: Spellcheck Output diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index bb3164b6..197ad66f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -43,11 +43,11 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: "Stale issue" diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index ce4057ac..f7db1f3b 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml index 356a49b2..ea6e9fae 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit diff --git a/.github/workflows/summary.yml b/.github/workflows/summary.yml index ec336794..b8907b2d 100644 --- a/.github/workflows/summary.yml +++ b/.github/workflows/summary.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -28,7 +28,7 @@ jobs: - name: Run AI inference id: inference - uses: actions/ai-inference@a6101c89c6feaecc585efdd8d461f18bb7896f20 # v2.0.5 + uses: actions/ai-inference@e09e65981758de8b2fdab13c2bfb7c7d5493b0b6 # v2.0.7 with: prompt: | Summarize the following GitHub issue in one paragraph: diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 9c415f4e..344bec0c 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -50,7 +50,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: fetch-depth: 0 - name: Lint Code Base - uses: super-linter/super-linter@12562e48d7059cf666c43a4ecb0d3b5a2b31bd9e # v8.4.0 + uses: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0 #checkov:skip=skip-check:CKV2_GHA_1 env: DEFAULT_BRANCH: "main" diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml index 8d2556e4..f9ddbd46 100644 --- a/.github/workflows/trufflehog.yml +++ b/.github/workflows/trufflehog.yml @@ -17,7 +17,7 @@ jobs: cancel-in-progress: false steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 0 - name: Secret Scanning (entire repo) - uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3.92.5 + uses: trufflesecurity/trufflehog@041f07e9df901a1038a528e5525b0226d04dd5ea # v3.93.6 with: base: "" head: ${{ github.ref_name }} diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml index 5babf369..4b134603 100644 --- a/.github/workflows/typos.yml +++ b/.github/workflows/typos.yml @@ -17,14 +17,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 with: egress-policy: audit - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run typos (spell checker) - uses: crate-ci/typos@06d010dfe4c84fdab1a25ea02b57b3585018ba80 # v1.42.3 + uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 with: files: | tests