diff --git a/.github/actions/lint-check/action.yaml b/.github/actions/lint-check/action.yaml index 635e8d175c..f2dda30ba4 100644 --- a/.github/actions/lint-check/action.yaml +++ b/.github/actions/lint-check/action.yaml @@ -8,14 +8,14 @@ runs: using: composite steps: - name: Use Node.js latest - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: 20 - name: Install UDS CLI uses: defenseunicorns/setup-uds@ab842abcad1f7a3305c2538e3dd1950d0daacfa5 # v1.0.1 with: # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - version: v0.24.0 + version: v0.25.0 - name: Run Formatting Checks run: uds run lint-check --no-progress shell: bash diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 69da0df4dd..a611ef3fb0 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -69,7 +69,7 @@ runs: echo "::endgroup::" shell: bash - - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: debug-log${{ inputs.suffix }} retention-days: 7 diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 9e77d4ca40..e6202f13ea 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -22,7 +22,7 @@ runs: using: "composite" steps: - name: Use Node.js latest - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: 20 @@ -35,7 +35,7 @@ runs: uses: defenseunicorns/setup-uds@ab842abcad1f7a3305c2538e3dd1950d0daacfa5 # v1.0.1 with: # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - version: v0.24.0 + version: v0.25.0 - name: Install Lula uses: defenseunicorns/lula-action/setup@badad8c4b1570095f57e66ffd62664847698a3b9 # v0.0.1 diff --git a/.github/bundles/aks/uds-bundle.yaml b/.github/bundles/aks/uds-bundle.yaml index 202e78a90a..9d6bd420b1 100644 --- a/.github/bundles/aks/uds-bundle.yaml +++ b/.github/bundles/aks/uds-bundle.yaml @@ -12,7 +12,7 @@ metadata: packages: - name: init repository: ghcr.io/zarf-dev/packages/init - ref: v0.49.1 + ref: v0.50.0 - name: core path: ../../../build diff --git a/.github/bundles/eks/uds-bundle.yaml b/.github/bundles/eks/uds-bundle.yaml index a9e841a3f8..0f54b8cd48 100644 --- a/.github/bundles/eks/uds-bundle.yaml +++ b/.github/bundles/eks/uds-bundle.yaml @@ -12,7 +12,7 @@ metadata: packages: - name: init repository: ghcr.io/zarf-dev/packages/init - ref: v0.49.1 + ref: v0.50.0 - name: core path: ../../../build diff --git a/.github/bundles/rke2/uds-bundle.yaml b/.github/bundles/rke2/uds-bundle.yaml index b73c58eac2..814fb96170 100644 --- a/.github/bundles/rke2/uds-bundle.yaml +++ b/.github/bundles/rke2/uds-bundle.yaml @@ -16,7 +16,7 @@ packages: - name: init repository: ghcr.io/zarf-dev/packages/init - ref: v0.49.1 + ref: v0.50.0 overrides: zarf-registry: docker-registry: diff --git a/.github/test-infra/aws/eks/rds.tf b/.github/test-infra/aws/eks/rds.tf index 15cf0a0f65..85bfabeb7e 100644 --- a/.github/test-infra/aws/eks/rds.tf +++ b/.github/test-infra/aws/eks/rds.tf @@ -20,7 +20,7 @@ resource "aws_secretsmanager_secret_version" "db_secret_value" { module "db" { source = "terraform-aws-modules/rds/aws" - version = "6.10.0" + version = "6.11.0" identifier = "${var.db_name}-db" instance_use_identifier_prefix = true diff --git a/.github/test-infra/aws/rke2/versions.tf b/.github/test-infra/aws/rke2/versions.tf index d6374b84af..34082fea0e 100644 --- a/.github/test-infra/aws/rke2/versions.tf +++ b/.github/test-infra/aws/rke2/versions.tf @@ -6,7 +6,7 @@ terraform { } required_providers { aws = { - version = "~> 5.91.0" + version = "~> 5.92.0" } random = { version = "~> 3.7.0" diff --git a/.github/test-infra/azure/aks/versions.tf b/.github/test-infra/azure/aks/versions.tf index 54b69ddd72..b8c534a248 100644 --- a/.github/test-infra/azure/aks/versions.tf +++ b/.github/test-infra/azure/aks/versions.tf @@ -11,7 +11,7 @@ terraform { } azurerm = { source = "hashicorp/azurerm" - version = "4.23.0" + version = "4.24.0" } } } diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 4e494b5c12..5b74262cde 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 - name: Install commitlint run: | diff --git a/.github/workflows/compliance.yaml b/.github/workflows/compliance.yaml index 582dc30a7a..2e21c1c0c2 100644 --- a/.github/workflows/compliance.yaml +++ b/.github/workflows/compliance.yaml @@ -45,7 +45,7 @@ jobs: shell: bash - name: Download assessment - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 with: name: ${{ inputs.flavor }}-assessment-results path: ./compliance @@ -69,7 +69,7 @@ jobs: ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Upload Evaluated Assessment - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: ${{ inputs.flavor }}-assessment-results path: ./compliance/oscal-assessment-results.yaml diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 56a68dec38..9be8b89f30 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -51,7 +51,7 @@ jobs: # Only upload artifacts for PR runs - name: Upload CVE report to GitHub artifacts - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: cve-scan-report path: cve/scans/core-vulnerability-report.md diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 4d024dc0f2..899f1c2d35 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -39,7 +39,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: SARIF file path: results.sarif @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 + uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 with: sarif_file: results.sarif diff --git a/.vscode/settings.json b/.vscode/settings.json index 3c8b6f1b68..44acd5ac26 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -9,17 +9,17 @@ }, "yaml.schemas": { // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.24.0/uds.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.25.0/uds.schema.json": [ "uds-bundle.yaml" ], // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.24.0/tasks.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.25.0/tasks.schema.json": [ "tasks.yaml", "tasks/**/*.yaml", "src/**/validate.yaml" ], // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.24.0/zarf.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.25.0/zarf.schema.json": [ "zarf.yaml" ], "https://raw.githubusercontent.com/defenseunicorns/uds-core/refs/heads/main/schemas/package-v1alpha1.schema.json": [ diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml index 84fee6d420..dc68cfcab6 100644 --- a/bundles/k3d-slim-dev/uds-bundle.yaml +++ b/bundles/k3d-slim-dev/uds-bundle.yaml @@ -33,7 +33,7 @@ packages: - name: init repository: ghcr.io/zarf-dev/packages/init - ref: v0.49.1 + ref: v0.50.0 - name: core-base path: ../../build/ diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index dc3307a91c..8b09b19c13 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -32,7 +32,7 @@ packages: - name: init repository: ghcr.io/zarf-dev/packages/init - ref: v0.49.1 + ref: v0.50.0 - name: core path: ../../build/ diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index bfaaa2ee3f..a99ff5c839 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -40,7 +40,7 @@ tasks: - description: E2E Test for Grafana, optionally set FULL_CORE=true to test integrations with Loki cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.0-noble sh -c " \ + docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.1-noble sh -c " \ cd app && \ npm ci && \ npx playwright test grafana.test.ts \ diff --git a/src/neuvector/tasks.yaml b/src/neuvector/tasks.yaml index fff9a9856e..9ba27fa9fd 100644 --- a/src/neuvector/tasks.yaml +++ b/src/neuvector/tasks.yaml @@ -57,7 +57,7 @@ tasks: - description: E2E Test for NeuVector cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.0-noble sh -c " \ + docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.1-noble sh -c " \ cd app && \ npm ci && \ npx playwright test neuvector.test.ts \ diff --git a/tasks/setup.yaml b/tasks/setup.yaml index 46f26a8512..7b74217545 100644 --- a/tasks/setup.yaml +++ b/tasks/setup.yaml @@ -15,4 +15,4 @@ tasks: - description: "Initialize the cluster with Zarf" # renovate: datasource=github-tags depName=zarf-dev/zarf versioning=semver - cmd: "uds zarf package deploy oci://ghcr.io/zarf-dev/packages/init:v0.49.1 --confirm --no-progress" + cmd: "uds zarf package deploy oci://ghcr.io/zarf-dev/packages/init:v0.50.0 --confirm --no-progress" diff --git a/tasks/test.yaml b/tasks/test.yaml index 67c2e9b71c..9ce4909256 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -9,7 +9,7 @@ includes: - test-resources: ../src/test/tasks.yaml - base-layer: ../packages/base/tasks.yaml - idam-layer: ../packages/identity-authorization/tasks.yaml - - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/tags/v0.13.1/tasks/setup.yaml + - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/tags/v1.10.3/tasks/setup.yaml - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.10.3/tasks/compliance.yaml tasks: @@ -86,7 +86,7 @@ tasks: dir: test/playwright cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host --net=host -e FULL_CORE="true" --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.0-noble sh -c " \ + docker run --rm --ipc=host --net=host -e FULL_CORE="true" --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.51.1-noble sh -c " \ cd app && \ npm ci && \ npx playwright test \ diff --git a/test/jest/package-lock.json b/test/jest/package-lock.json index 926fe11874..d2e600fc20 100644 --- a/test/jest/package-lock.json +++ b/test/jest/package-lock.json @@ -1245,9 +1245,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "22.13.10", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz", - "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==", + "version": "22.13.11", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.11.tgz", + "integrity": "sha512-iEUCUJoU0i3VnrCmgoWCXttklWcvoCIx4jzcP22fioIVSdTmjgoEvmAO/QPw6TcS9k5FrNgn4w7q5lGOd1CT5g==", "dev": true, "license": "MIT", "dependencies": { diff --git a/test/playwright/package-lock.json b/test/playwright/package-lock.json index 42241e25cd..b51bb1a8ce 100644 --- a/test/playwright/package-lock.json +++ b/test/playwright/package-lock.json @@ -12,13 +12,13 @@ } }, "node_modules/@playwright/test": { - "version": "1.51.0", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.0.tgz", - "integrity": "sha512-dJ0dMbZeHhI+wb77+ljx/FeC8VBP6j/rj9OAojO08JI80wTZy6vRk9KvHKiDCUh4iMpEiseMgqRBIeW+eKX6RA==", + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz", + "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==", "dev": true, "license": "Apache-2.0", "dependencies": { - "playwright": "1.51.0" + "playwright": "1.51.1" }, "bin": { "playwright": "cli.js" @@ -28,9 +28,9 @@ } }, "node_modules/@types/node": { - "version": "22.13.10", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz", - "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==", + "version": "22.13.11", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.11.tgz", + "integrity": "sha512-iEUCUJoU0i3VnrCmgoWCXttklWcvoCIx4jzcP22fioIVSdTmjgoEvmAO/QPw6TcS9k5FrNgn4w7q5lGOd1CT5g==", "dev": true, "license": "MIT", "dependencies": { @@ -52,13 +52,13 @@ } }, "node_modules/playwright": { - "version": "1.51.0", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.0.tgz", - "integrity": "sha512-442pTfGM0xxfCYxuBa/Pu6B2OqxqqaYq39JS8QDMGThUvIOCd6s0ANDog3uwA0cHavVlnTQzGCN7Id2YekDSXA==", + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz", + "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "playwright-core": "1.51.0" + "playwright-core": "1.51.1" }, "bin": { "playwright": "cli.js" @@ -71,9 +71,9 @@ } }, "node_modules/playwright-core": { - "version": "1.51.0", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.0.tgz", - "integrity": "sha512-x47yPE3Zwhlil7wlNU/iktF7t2r/URR3VLbH6EknJd/04Qc/PSJ0EY3CMXipmglLG+zyRxW6HNo2EGbKLHPWMg==", + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz", + "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==", "dev": true, "license": "Apache-2.0", "bin": {