diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index cb81df456bc1f..0c1094c418776 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d16b8ab584dc..2bd708d36ed08 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,7 +53,7 @@ jobs: shell: cmd run: echo C:\Program Files\Git\usr\bin>>"%GITHUB_PATH%" - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ${{ github.workspace }}/apps/site/.next/cache key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }} @@ -70,7 +70,7 @@ jobs: # See https://github.com/vercel/next.js/pull/81318 TURBOPACK_STATS: ${{ matrix.os == 'ubuntu-latest' }} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: matrix.os == 'ubuntu-latest' with: name: webpack-stats diff --git a/.github/workflows/bundle-compare.yml b/.github/workflows/bundle-compare.yml index 9666ba631cbc3..86b26f536c91d 100644 --- a/.github/workflows/bundle-compare.yml +++ b/.github/workflows/bundle-compare.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -60,7 +60,7 @@ jobs: - name: Compare Bundle Size id: compare-bundle-size - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: HEAD_STATS_PATH: ./head-stats/webpack-stats.json BASE_STATS_PATH: ./base-stats/webpack-stats.json diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 6eb0f6432d4bd..e9e91a76ada61 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -66,7 +66,7 @@ jobs: - name: Start Visual Regression Tests (Chromatic) # This assigns the Environment Deployment for Storybook id: chromatic-deploy - uses: chromaui/action@f191a0224b10e1a38b2091cefb7b7a2337009116 # v16.0.0 + uses: chromaui/action@cad40970f69e7a6a5bef4ddfe42c01309ba17cb1 # v16.6.0 with: workingDir: packages/ui-components buildScriptName: storybook:build diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 9e531d44e11ba..28bb989e74d19 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -91,7 +91,7 @@ jobs: - name: Format Lighthouse Score # Transform the audit results into a single, friendlier output id: format_lighthouse_score - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: # using env as input to our script # see https://github.com/actions/github-script#use-env-as-input diff --git a/.github/workflows/lint-and-tests.yml b/.github/workflows/lint-and-tests.yml index 54e1d388971fa..53df5e196483b 100644 --- a/.github/workflows/lint-and-tests.yml +++ b/.github/workflows/lint-and-tests.yml @@ -49,7 +49,7 @@ jobs: use-version-file: true - name: Restore Lint Cache - uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | .turbo/cache @@ -86,7 +86,7 @@ jobs: (github.event_name == 'pull_request' && startsWith(github.event.pull_request.head.ref, 'dependabot/') == false && github.event.pull_request.head.ref != 'chore/crowdin') - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | .turbo/cache @@ -112,13 +112,13 @@ jobs: - name: Upload test coverage to Codecov if: ${{ !cancelled() && github.event_name != 'merge_group' }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: files: ./apps/site/lcov.info,./packages/*/lcov.info - name: Upload test results to Codecov if: ${{ !cancelled() && github.event_name != 'merge_group' }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: report_type: test_results files: ./apps/site/junit.xml,./packages/*/junit.xml diff --git a/.github/workflows/playwright-cloudflare-open-next.yml b/.github/workflows/playwright-cloudflare-open-next.yml index 8a42b4675fcd8..0bd189bb61324 100644 --- a/.github/workflows/playwright-cloudflare-open-next.yml +++ b/.github/workflows/playwright-cloudflare-open-next.yml @@ -41,7 +41,7 @@ jobs: - name: Cache Playwright browsers id: playwright-cache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }} @@ -59,7 +59,7 @@ jobs: - name: Upload Playwright test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: playwright-report path: apps/site/playwright-report/ diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 549809eb16c8c..1fc5f24530c76 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -49,7 +49,7 @@ jobs: - name: Cache Playwright browsers id: playwright-cache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.cache/ms-playwright key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }} @@ -66,7 +66,7 @@ jobs: - name: Upload Playwright test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: playwright-report path: apps/site/playwright-report/ diff --git a/.github/workflows/pnpm-updater.yml b/.github/workflows/pnpm-updater.yml index 1a09198e39f3b..017a86b2c1789 100644 --- a/.github/workflows/pnpm-updater.yml +++ b/.github/workflows/pnpm-updater.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml index a1333508003be..4393c5a318c74 100644 --- a/.github/workflows/publish-packages.yml +++ b/.github/workflows/publish-packages.yml @@ -34,7 +34,7 @@ jobs: matrix: ${{ steps.generate-matrix.outputs.matrix }} steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/pull-request-label.yml b/.github/workflows/pull-request-label.yml index 95a072e87f3dd..a20eaa786a3eb 100644 --- a/.github/workflows/pull-request-label.yml +++ b/.github/workflows/pull-request-label.yml @@ -36,7 +36,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/tmp-cloudflare-open-next-deploy.yml b/.github/workflows/tmp-cloudflare-open-next-deploy.yml index e03a0af7fb209..c4abd8cd9004a 100644 --- a/.github/workflows/tmp-cloudflare-open-next-deploy.yml +++ b/.github/workflows/tmp-cloudflare-open-next-deploy.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -43,7 +43,7 @@ jobs: uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: # We want to ensure that the Node.js version running here respects our supported versions node-version-file: '.nvmrc' diff --git a/.github/workflows/translations-pr-lint.yml b/.github/workflows/translations-pr-lint.yml index 3e494fc5158cd..3c54191775a67 100644 --- a/.github/workflows/translations-pr-lint.yml +++ b/.github/workflows/translations-pr-lint.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/translations-sync.yml b/.github/workflows/translations-sync.yml index f634457f03fa7..c4d9877f9e085 100644 --- a/.github/workflows/translations-sync.yml +++ b/.github/workflows/translations-sync.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -39,7 +39,7 @@ jobs: # see all the options at https://github.com/crowdin/github-action - name: Crowdin PR - uses: crowdin/github-action@ce33ce793a5cbc401d9cd748716e03fc90c001f1 # v2.15.2 + uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2 with: # do not upload anything - this is a one-way operation download upload_sources: false @@ -77,7 +77,7 @@ jobs: fetch-depth: 2 - name: Restore Lint Cache - uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | apps/site/.eslintmdcache @@ -115,7 +115,7 @@ jobs: branch: ${{ env.BRANCH_NAME }} - name: Save Lint Cache - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | apps/site/.eslintmdcache diff --git a/.github/workflows/translations-upload.yml b/.github/workflows/translations-upload.yml index 2ff72b5062e46..c36cb1818db96 100644 --- a/.github/workflows/translations-upload.yml +++ b/.github/workflows/translations-upload.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -33,7 +33,7 @@ jobs: # see all the options at https://github.com/crowdin/github-action - name: crowdin action - uses: crowdin/github-action@ce33ce793a5cbc401d9cd748716e03fc90c001f1 # v2.15.2 + uses: crowdin/github-action@8868a33591d21088edfc398968173a3b98d51706 # v2.16.2 with: # only upload sources, ensuring this is a one-way operation upload_sources: true diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 97a13621d022c..d1ca3428868fb 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -29,4 +29,4 @@ jobs: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3