Update known wrapper checksums

2026-03-14 17:53:01 +08:00 · 2026-03-14 05:41:01 +00:00
10 changed files with 16 additions and 12 deletions
--- a/.github/actions/build-dist/action.yml
+++ b/.github/actions/build-dist/action.yml
@@ -3,7 +3,7 @@ name: 'Build and upload distribution'
 runs:
  using: "composite"
  steps: 
-    - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+    - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: 24
        cache: npm
--- a/.github/actions/init-integ-test/action.yml
+++ b/.github/actions/init-integ-test/action.yml
@@ -23,7 +23,7 @@ runs:
    # Downloads a 'dist' directory artifact that was uploaded in an earlier 'build-dist' step
    - name: Download dist
      if: ${{ env.SKIP_DIST != 'true' && !env.ACT }}
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
      with:
        name: dist
        path: dist/
--- a/.github/workflows/ci-check-and-unit-test.yml
+++ b/.github/workflows/ci-check-and-unit-test.yml
@@ -19,7 +19,7 @@ jobs:
    steps:
    - name: Checkout sources
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-    - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+    - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: 20
        cache: npm
--- a/.github/workflows/ci-check-no-dist-update.yml
+++ b/.github/workflows/ci-check-no-dist-update.yml
@@ -21,7 +21,7 @@ jobs:

    - name: Get changed files
      id: changed-files
-      uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
+      uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
      with:
        files: |
          dist/**
--- a/.github/workflows/ci-codeql.yml
+++ b/.github/workflows/ci-codeql.yml
@@ -35,7 +35,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
+      uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
      with:
        languages: ${{ matrix.language }}
        config: |
@@ -43,4 +43,4 @@ jobs:
          - sources/src

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
+      uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
--- a/.github/workflows/ci-ossf-scorecard.yml
+++ b/.github/workflows/ci-ossf-scorecard.yml
@@ -52,6 +52,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3.29.5
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5
        with:
          sarif_file: results.sarif
--- a/.github/workflows/ci-update-dist.yml
+++ b/.github/workflows/ci-update-dist.yml
@@ -28,7 +28,7 @@ jobs:
        token: ${{ secrets.BOT_GITHUB_TOKEN }}

    - name: Set up Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: 20
        cache: npm
@@ -61,7 +61,7 @@ jobs:
        cp -r sources/dist .

    - name: Import GPG key to sign commits
-      uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
+      uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
      with:
        gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
        passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
--- a/.github/workflows/integ-test-dependency-graph.yml
+++ b/.github/workflows/integ-test-dependency-graph.yml
@@ -178,7 +178,7 @@ jobs:
    runs-on: "ubuntu-latest"
    steps:
    - name: Download dependency-graph artifact
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+      uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
      with:
        path: downloaded-dependency-graphs
        pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json
--- a/.github/workflows/update-checksums-file.yml
+++ b/.github/workflows/update-checksums-file.yml
@@ -22,7 +22,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version: 20
          cache: npm
@@ -38,7 +38,7 @@ jobs:
        working-directory: sources

      - name: Import GPG key to sign commits
-        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
+        uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
        with:
          gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
          passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}
--- a/sources/src/wrapper-validation/wrapper-checksums.json
+++ b/sources/src/wrapper-validation/wrapper-checksums.json
@@ -7,6 +7,10 @@
    "version": "9.4.0-rc-2",
    "checksum": "55243ef57851f12b070ad14f7f5bb8302daceeebc5bce5ece5fa6edb23e1145c"
  },
+  {
+    "version": "9.5.0-milestone-6",
+    "checksum": "7ef3d73bd95c047814d76ec8324f72deefb96593eb9ce87aa06ecdcdaba7ffe8"
+  },
  {
    "version": "9.5.0-milestone-5",
    "checksum": "55243ef57851f12b070ad14f7f5bb8302daceeebc5bce5ece5fa6edb23e1145c"