From dbdcff5cbcee58f92ae4d4787a5b0096e273d4c8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 08:11:08 +0000 Subject: [PATCH] fix(deps): update github-actions Signed-off-by: Renovate Bot --- .github/workflows/codeql.yml | 8 ++--- .github/workflows/comment-issue.yml | 2 +- .github/workflows/dependency-review.yml | 4 +-- .github/workflows/lint.yml | 34 ++++++++++----------- .github/workflows/require-allow-edits.yml | 2 +- .github/workflows/scorecards.yml | 8 ++--- .github/workflows/semantic-pull-request.yml | 6 ++-- .github/workflows/semantic-release.yml | 2 +- .github/workflows/test.yml | 10 +++--- 9 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 467c5ca..3ed06f0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c" # v3.28.1 + uses: "github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b" # v3.28.17 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: "Autobuild" - uses: "github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c" # v3.28.1 + uses: "github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b" # v3.28.17 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: "Perform CodeQL Analysis" - uses: "github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c" # v3.28.1 + uses: "github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b" # v3.28.17 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index d0c948f..56bf4f4 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1e7e7e9..f9d8ef7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -33,4 +33,4 @@ jobs: EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019" # v4.5.0 + uses: "actions/dependency-review-action@38ecb5b593bf0eb19e335c03f97670f792489a8b" # v4.7.0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f6683ac..1fb524b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -35,7 +35,7 @@ jobs: package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -60,7 +60,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -77,7 +77,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4 + uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4 - name: "Setup resources and environment" id: "setup" @@ -88,7 +88,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f" # v45.0.6 + uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -111,7 +111,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -128,7 +128,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4 + uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4 - name: "Setup resources and environment" id: "setup" @@ -139,7 +139,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f" # v45.0.6 + uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -162,7 +162,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -179,7 +179,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4 + uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4 - name: "Setup resources and environment" id: "setup" @@ -190,7 +190,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f" # v45.0.6 + uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -213,7 +213,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -237,7 +237,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -262,7 +262,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -273,14 +273,14 @@ jobs: GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - - uses: "pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2" # v4.0.0 + - uses: "pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda" # v4.1.0 with: run_install: false - name: "Use Node.js 18.x" - uses: "actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af" # v4.1.0 + uses: "actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020" # v4.4.0 with: - node-version: "18.x" + node-version: "18.20.8" cache: "pnpm" - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies" @@ -312,7 +312,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml index 213fc73..4c0a642 100644 --- a/.github/workflows/require-allow-edits.yml +++ b/.github/workflows/require-allow-edits.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2c0944b..e8c500b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: "ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46" # v2.4.0 + uses: "ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186" # v2.4.1 with: results_file: "results.sarif" results_format: "sarif" @@ -65,7 +65,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: "actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08" # v4.6.0 + uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02" # v4.6.2 with: name: "SARIF file" path: "results.sarif" @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c" # v3.28.1 + uses: "github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b" # v3.28.17 with: sarif_file: "results.sarif" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index a537ce1..94f213f 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -46,7 +46,7 @@ jobs: revert test - - uses: "marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728" # v2.9.1 + - uses: "marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db" # v2.9.2 # When the previous steps fail, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: "always() && (steps.lint_pr_title.outputs.error_message != null)" @@ -65,7 +65,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: "${{ steps.lint_pr_title.outputs.error_message == null }}" - uses: "marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728" # v2.9.1 + uses: "marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db" # v2.9.2 with: header: "pr-title-lint-error" message: | diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 23cd4bd..d6932cb 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -28,7 +28,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5ea198a..78e56d2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: codecov: "${{ steps.changes.outputs.codecov }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -72,7 +72,7 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit" @@ -89,7 +89,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4 + uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4 - name: "Setup resources and environment" id: "setup" @@ -100,7 +100,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f" # v45.0.6 + uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -150,7 +150,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e" # v2.10.4 + uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0 with: egress-policy: "audit"