diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 18f2218309..6fe9333a90 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -80,7 +80,7 @@ jobs: with: persist-credentials: false - run: scripts/build_test_images.sh - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }} path: internal/image/fixtures/*.tar diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 595271319d..3cf835d2ba 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -59,7 +59,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +73,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 731e3ec4b4..4265da3dcf 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -30,7 +30,7 @@ jobs: with: go-version: stable check-latest: true - - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: ghcr-login uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml index d03422d3f5..f08296a1d3 100644 --- a/.github/workflows/osv-scanner-reusable-pr.yml +++ b/.github/workflows/osv-scanner-reusable-pr.yml @@ -86,21 +86,21 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: ${{ inputs.results-file-name }} retention-days: 5 - name: "Upload old scan json results" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: old-json-results path: old-results.json retention-days: 5 - name: "Upload new scan json results" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: new-json-results path: new-results.json @@ -108,6 +108,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: ${{ !cancelled() && inputs.upload-sarif == true }} - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml index 387290256c..cab5210cdc 100644 --- a/.github/workflows/osv-scanner-reusable.yml +++ b/.github/workflows/osv-scanner-reusable.yml @@ -83,7 +83,7 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: "!cancelled()" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: ${{ inputs.results-file-name }} @@ -91,6 +91,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: "${{ !cancelled() && inputs.upload-sarif == true }}" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: ${{ inputs.results-file-name }} diff --git a/.github/workflows/prerelease-check.yml b/.github/workflows/prerelease-check.yml index 633fdd99e2..2cab7a8c55 100644 --- a/.github/workflows/prerelease-check.yml +++ b/.github/workflows/prerelease-check.yml @@ -70,7 +70,7 @@ jobs: with: persist-credentials: false - run: scripts/build_test_images.sh - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-fixtures-${{ github.run_number }}-${{ github.run_attempt }} path: internal/image/fixtures/*.tar diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b4fa838947..ce01c3863c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml index 39d897345f..22f2757ac7 100644 --- a/.github/workflows/semantic.yml +++ b/.github/workflows/semantic.yml @@ -49,7 +49,7 @@ jobs: - run: python3 scripts/generators/generate-debian-versions.py - run: git status - run: stat debian-db.zip - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-debian-versions path: internal/semantic/fixtures/debian-versions-generated.txt @@ -82,7 +82,7 @@ jobs: - run: python3 scripts/generators/generate-redhat-versions.py - run: git status - run: stat redhat-db.zip - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-redhat-versions path: internal/semantic/fixtures/redhat-versions-generated.txt @@ -100,13 +100,13 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # 2.31.1 + - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0 with: php-version: "8.2" extensions: zip - run: php scripts/generators/generate-packagist-versions.php - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-packagist-versions path: internal/semantic/fixtures/packagist-versions-generated.txt @@ -126,7 +126,7 @@ jobs: run: pip install packaging==21.3 - run: python3 scripts/generators/generate-pypi-versions.py - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-pypi-versions path: internal/semantic/fixtures/pypi-versions-generated.txt @@ -139,14 +139,14 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0 + - uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0 with: ruby-version: "3.1" - name: setup dependencies run: gem install rubyzip - run: ruby scripts/generators/generate-rubygems-versions.rb - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-rubygems-versions path: internal/semantic/fixtures/rubygems-versions-generated.txt @@ -172,7 +172,7 @@ jobs: -o scripts/generators/lib/maven-artifact-3.8.5.jar - run: java -cp 'scripts/generators/lib/*' scripts/generators/GenerateMavenVersions.java - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-maven-versions path: internal/semantic/fixtures/maven-versions-generated.txt @@ -190,7 +190,7 @@ jobs: r-version: "3.5.3" - run: Rscript scripts/generators/generate-cran-versions.R - run: git status - - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: generated-cran-versions path: internal/semantic/fixtures/cran-versions-generated.txt