diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5d8cd935..8d81190b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,16 +38,16 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: languages: ${{ matrix.language }} queries: security-extended,security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/autobuild@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/create-stale-docs-issues.yml b/.github/workflows/create-stale-docs-issues.yml index 2a1e4a9b..ff284c84 100644 --- a/.github/workflows/create-stale-docs-issues.yml +++ b/.github/workflows/create-stale-docs-issues.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: Download freshness check results - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: ${{ inputs.artifact-name }} path: logs diff --git a/.github/workflows/dast-zap-scan.yml b/.github/workflows/dast-zap-scan.yml index 1c84af79..91ed3c75 100644 --- a/.github/workflows/dast-zap-scan.yml +++ b/.github/workflows/dast-zap-scan.yml @@ -64,7 +64,7 @@ jobs: - name: Upload SARIF to Security tab if: always() - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 continue-on-error: true with: sarif_file: results/zap-results.sarif diff --git a/.github/workflows/dependency-pinning-scan.yml b/.github/workflows/dependency-pinning-scan.yml index ae643edc..94759530 100644 --- a/.github/workflows/dependency-pinning-scan.yml +++ b/.github/workflows/dependency-pinning-scan.yml @@ -158,7 +158,7 @@ jobs: - name: Upload SARIF to Security tab if: inputs.upload-sarif && always() - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: sarif_file: logs/dependency-pinning-results.sarif category: dependency-pinning diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index 259623e0..ffec92f1 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -62,7 +62,7 @@ jobs: uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 with: path: docs/docusaurus/build diff --git a/.github/workflows/gitleaks-scan.yml b/.github/workflows/gitleaks-scan.yml index 823114ad..53e5fc32 100644 --- a/.github/workflows/gitleaks-scan.yml +++ b/.github/workflows/gitleaks-scan.yml @@ -94,7 +94,7 @@ jobs: - name: Upload SARIF to Security tab if: always() - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 with: sarif_file: logs/gitleaks-results.sarif category: gitleaks diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 247fe8be..58bc6614 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -166,7 +166,7 @@ jobs: steps: - name: Generate GitHub App Token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.0.0 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2.0.0 with: app-id: ${{ vars.RELEASE_APP_ID }} private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} @@ -194,7 +194,7 @@ jobs: - name: Setup uv if: ${{ steps.release.outputs.prs_created == 'true' }} - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Regenerate uv.lock if: ${{ steps.release.outputs.prs_created == 'true' }} @@ -364,7 +364,7 @@ jobs: steps: - name: Generate GitHub App Token id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.0.0 + uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v2.0.0 with: app-id: ${{ vars.RELEASE_APP_ID }} private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} diff --git a/.github/workflows/pytest-tests.yml b/.github/workflows/pytest-tests.yml index 9a59a7cf..5691660e 100644 --- a/.github/workflows/pytest-tests.yml +++ b/.github/workflows/pytest-tests.yml @@ -31,7 +31,7 @@ jobs: python-version: '3.11' - name: Setup uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv sync --group dev diff --git a/.github/workflows/python-lint.yml b/.github/workflows/python-lint.yml index 6d6e8303..05e963e3 100644 --- a/.github/workflows/python-lint.yml +++ b/.github/workflows/python-lint.yml @@ -29,7 +29,7 @@ jobs: persist-credentials: false - name: Setup uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Ruff lint check id: ruff-check diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 884c3fc6..facf6eb0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: publish_results: true - name: Upload SARIF to Security tab - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0 continue-on-error: true with: sarif_file: results.sarif diff --git a/.github/workflows/terraform-lint.yml b/.github/workflows/terraform-lint.yml index 63a4c408..a59281f6 100644 --- a/.github/workflows/terraform-lint.yml +++ b/.github/workflows/terraform-lint.yml @@ -32,7 +32,7 @@ jobs: run: New-Item -ItemType Directory -Force -Path logs | Out-Null - name: Setup TFLint - uses: terraform-linters/setup-tflint@4cb9feea73331a35b422df102992a03a44a3bb33 # v6.2.1 + uses: terraform-linters/setup-tflint@b480b8fcdaa6f2c577f8e4fa799e89e756bb7c93 # v6.2.2 with: tflint_version: v0.61.0 cache: true diff --git a/.github/workflows/validate-config-schema.yml b/.github/workflows/validate-config-schema.yml index 46f65b4d..69f20ce5 100644 --- a/.github/workflows/validate-config-schema.yml +++ b/.github/workflows/validate-config-schema.yml @@ -32,7 +32,7 @@ jobs: python-version: '3.11' - name: Setup uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.4.0 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 - name: Install dependencies run: uv pip install --system "pydantic==2.12.5"