diff --git a/.github/actions/build-dist/action.yml b/.github/actions/build-dist/action.yml index df0a7276..26dd48ed 100644 --- a/.github/actions/build-dist/action.yml +++ b/.github/actions/build-dist/action.yml @@ -3,7 +3,7 @@ name: 'Build and upload distribution' runs: using: "composite" steps: - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 24 cache: npm diff --git a/.github/actions/init-integ-test/action.yml b/.github/actions/init-integ-test/action.yml index 262f703f..82566ba8 100644 --- a/.github/actions/init-integ-test/action.yml +++ b/.github/actions/init-integ-test/action.yml @@ -23,7 +23,7 @@ runs: # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step - name: Download dist if: ${{ env.SKIP_DIST != 'true' && !env.ACT }} - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist path: dist/ diff --git a/.github/workflows/ci-check-and-unit-test.yml b/.github/workflows/ci-check-and-unit-test.yml index e0a17e85..7a2b519c 100644 --- a/.github/workflows/ci-check-and-unit-test.yml +++ b/.github/workflows/ci-check-and-unit-test.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout sources uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20 cache: npm diff --git a/.github/workflows/ci-check-no-dist-update.yml b/.github/workflows/ci-check-no-dist-update.yml index 99f8678a..450ea046 100644 --- a/.github/workflows/ci-check-no-dist-update.yml +++ b/.github/workflows/ci-check-no-dist-update.yml @@ -21,7 +21,7 @@ jobs: - name: Get changed files id: changed-files - uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4 + uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5 with: files: | dist/** diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml index 4f1a4be4..08bf9c6f 100644 --- a/.github/workflows/ci-codeql.yml +++ b/.github/workflows/ci-codeql.yml @@ -35,7 +35,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 + uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5 with: languages: ${{ matrix.language }} config: | @@ -43,4 +43,4 @@ jobs: - sources/src - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 + uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5 diff --git a/.github/workflows/ci-ossf-scorecard.yml b/.github/workflows/ci-ossf-scorecard.yml index b0dd67d1..44b50e9f 100644 --- a/.github/workflows/ci-ossf-scorecard.yml +++ b/.github/workflows/ci-ossf-scorecard.yml @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/ci-update-dist.yml b/.github/workflows/ci-update-dist.yml index 7d0c3158..91eceaeb 100644 --- a/.github/workflows/ci-update-dist.yml +++ b/.github/workflows/ci-update-dist.yml @@ -28,7 +28,7 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - name: Set up Node.js - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20 cache: npm @@ -61,7 +61,7 @@ jobs: cp -r sources/dist . - name: Import GPG key to sign commits - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }} passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }} diff --git a/.github/workflows/integ-test-dependency-graph.yml b/.github/workflows/integ-test-dependency-graph.yml index e193f60d..4e3a58f7 100644 --- a/.github/workflows/integ-test-dependency-graph.yml +++ b/.github/workflows/integ-test-dependency-graph.yml @@ -178,7 +178,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: Download dependency-graph artifact - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: downloaded-dependency-graphs pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json diff --git a/.github/workflows/update-checksums-file.yml b/.github/workflows/update-checksums-file.yml index fe27dda8..a8878f9d 100644 --- a/.github/workflows/update-checksums-file.yml +++ b/.github/workflows/update-checksums-file.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 20 cache: npm @@ -38,7 +38,7 @@ jobs: working-directory: sources - name: Import GPG key to sign commits - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }} passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}