From 13dce198c3e27fa0bdb013c8c60310640d18d6af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 11 Apr 2026 18:35:40 +0000 Subject: [PATCH] chore(deps): bump the actions group with 17 updates Bumps the actions group with 17 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.0` | `4.35.1` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.6.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.7.1` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.1.0` | `4.1.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `6.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `7.1.0` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` | | [editorconfig-checker/action-editorconfig-checker](https://github.com/editorconfig-checker/action-editorconfig-checker) | `9f8f6065f4db902c0c56cafa67cea18b3ebbb680` | `840e866d93b8e032123c23bac69dece044d4d84c` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.5.0` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.2` | `2.6.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.3` | Updates `actions/checkout` from 4.1.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `github/codeql-action` from 3.27.0 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...c10b8064de6f491fea524254123dbe5e09572f13) Updates `docker/setup-qemu-action` from 3.6.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/29109295f81e9208d7d86ff1c6c12d2833863392...ce360397dd3f832beb865e1373c09c0e9f86d70a) Updates `docker/setup-buildx-action` from 3.7.1 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd) Updates `docker/login-action` from 3.1.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/e92390c5fb421da1463c202d546fed0ec5c39f20...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `docker/metadata-action` from 5.5.1 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/8e5442c4ef9f78752691e2d8f8d19755c6f78e81...030e881283bb7a6894de51c315a6bfe6a94e05cf) Updates `docker/build-push-action` from 5.3.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/2cdde995de11925a030ce8070c3d77a52ffcf1c0...bcafcacb16a39f128d818304e6c9c0c18556b85f) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/ff45666b9427631e3450c54a1bcbee4d9ff4d7c0...28959ce8df70de7be546dd1250a005dd32156697) Updates `actions/configure-pages` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d) Updates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128) Updates `webfactory/ssh-agent` from 0.9.0 to 0.10.0 - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...e83874834305fe9a4a2997156cb26c5de65a8555) Updates `editorconfig-checker/action-editorconfig-checker` from 9f8f6065f4db902c0c56cafa67cea18b3ebbb680 to 840e866d93b8e032123c23bac69dece044d4d84c - [Release notes](https://github.com/editorconfig-checker/action-editorconfig-checker/releases) - [Commits](https://github.com/editorconfig-checker/action-editorconfig-checker/compare/9f8f6065f4db902c0c56cafa67cea18b3ebbb680...840e866d93b8e032123c23bac69dece044d4d84c) Updates `actions/upload-artifact` from 4.5.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/6f51ac03b9356f520e9adb1b1b7802705f340c2b...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/download-artifact` from 4.1.8 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/fa0a91b85d4f404e444e00e005971372dc801d16...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.2.2 to 2.6.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/da05d552573ad5aba039eaac05058a918a7bf631...153bb8e04406b158c6c84fc1615b65b24149a1fe) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Commits](https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/configure-pages dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: webfactory/ssh-agent dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: editorconfig-checker/action-editorconfig-checker dependency-version: 840e866d93b8e032123c23bac69dece044d4d84c dependency-type: direct:production dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/aur-publish.yml | 4 +-- .github/workflows/codeql.yml | 6 ++--- .github/workflows/container.yml | 12 ++++----- .../generator-generic-ossf-slsa3-publish.yml | 2 +- .github/workflows/guix-nix-policy.yml | 2 +- .github/workflows/instant-sync.yml | 2 +- .github/workflows/jekyll-gh-pages.yml | 8 +++--- .github/workflows/language-policy.yml | 2 +- .github/workflows/mirror.yml | 26 +++++++++---------- .github/workflows/npm-bun-blocker.yml | 2 +- .github/workflows/quality.yml | 6 ++--- .github/workflows/release.yml | 18 ++++++------- .github/workflows/rsr-antipattern.yml | 2 +- .github/workflows/scorecard-enforcer.yml | 8 +++--- .github/workflows/scorecard.yml | 6 ++--- .github/workflows/secret-scanner.yml | 6 ++--- .github/workflows/security-policy.yml | 2 +- .github/workflows/wellknown-enforcement.yml | 2 +- .github/workflows/workflow-linter.yml | 2 +- 19 files changed, 59 insertions(+), 59 deletions(-) diff --git a/.github/workflows/aur-publish.yml b/.github/workflows/aur-publish.yml index 4c095f6..1475e80 100644 --- a/.github/workflows/aur-publish.yml +++ b/.github/workflows/aur-publish.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest if: vars.AUR_PUBLISH_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get version id: version @@ -88,7 +88,7 @@ jobs: needs: [publish-aur] if: vars.AUR_PUBLISH_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get version id: version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index abf23f6..ea14e8e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,15 +35,15 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3.28.1 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3.28.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 16f4e4c..e6624a1 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -22,16 +22,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3 - name: Log in to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -39,7 +39,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -49,7 +49,7 @@ jobs: type=raw,value=latest,enable={{is_default_branch}} - name: Build and push (multi-arch) - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v5 with: context: . file: ./Containerfile diff --git a/.github/workflows/generator-generic-ossf-slsa3-publish.yml b/.github/workflows/generator-generic-ossf-slsa3-publish.yml index ba503c8..df21a8b 100644 --- a/.github/workflows/generator-generic-ossf-slsa3-publish.yml +++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml @@ -26,7 +26,7 @@ jobs: digests: ${{ steps.hash.outputs.digests }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 # ======================================================== # diff --git a/.github/workflows/guix-nix-policy.yml b/.github/workflows/guix-nix-policy.yml index 9cfd639..174254f 100644 --- a/.github/workflows/guix-nix-policy.yml +++ b/.github/workflows/guix-nix-policy.yml @@ -8,7 +8,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Enforce Guix primary / Nix fallback run: | # Check for package manager files diff --git a/.github/workflows/instant-sync.yml b/.github/workflows/instant-sync.yml index 9f0785b..6b340ae 100644 --- a/.github/workflows/instant-sync.yml +++ b/.github/workflows/instant-sync.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Trigger Propagation - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.FARM_DISPATCH_TOKEN }} repository: hyperpolymath/.git-private-farm diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml index fde35ef..d1c8c33 100644 --- a/.github/workflows/jekyll-gh-pages.yml +++ b/.github/workflows/jekyll-gh-pages.yml @@ -28,16 +28,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup Pages - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Build with Jekyll uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1 with: source: ./ destination: ./_site - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 # Deployment job deploy: @@ -49,4 +49,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/language-policy.yml b/.github/workflows/language-policy.yml index e1a3dc2..8d64289 100644 --- a/.github/workflows/language-policy.yml +++ b/.github/workflows/language-policy.yml @@ -8,7 +8,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Enforce language policies run: | # Block new Python files (except SaltStack) diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml index e91cbd5..cf2c9b9 100644 --- a/.github/workflows/mirror.yml +++ b/.github/workflows/mirror.yml @@ -14,11 +14,11 @@ jobs: runs-on: ubuntu-latest if: vars.GITLAB_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }} @@ -32,11 +32,11 @@ jobs: runs-on: ubuntu-latest if: vars.BITBUCKET_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }} @@ -50,11 +50,11 @@ jobs: runs-on: ubuntu-latest if: vars.CODEBERG_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.CODEBERG_SSH_KEY }} @@ -68,11 +68,11 @@ jobs: runs-on: ubuntu-latest if: vars.SOURCEHUT_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.SOURCEHUT_SSH_KEY }} @@ -86,11 +86,11 @@ jobs: runs-on: ubuntu-latest if: vars.DISROOT_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.DISROOT_SSH_KEY }} @@ -104,11 +104,11 @@ jobs: runs-on: ubuntu-latest if: vars.GITEA_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 - - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 + - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 with: ssh-private-key: ${{ secrets.GITEA_SSH_KEY }} @@ -122,7 +122,7 @@ jobs: runs-on: ubuntu-latest if: vars.RADICLE_MIRROR_ENABLED == 'true' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 diff --git a/.github/workflows/npm-bun-blocker.yml b/.github/workflows/npm-bun-blocker.yml index 5d59ffb..21baa47 100644 --- a/.github/workflows/npm-bun-blocker.yml +++ b/.github/workflows/npm-bun-blocker.yml @@ -8,7 +8,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Block npm/bun run: | if [ -f "package-lock.json" ] || [ -f "bun.lockb" ] || [ -f ".npmrc" ]; then diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 51f441e..2b71b45 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -8,7 +8,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check file permissions run: | @@ -32,13 +32,13 @@ jobs: find . -type f -size +1M -not -path "./.git/*" | head -10 || echo "No large files" - name: EditorConfig check - uses: editorconfig-checker/action-editorconfig-checker@9f8f6065f4db902c0c56cafa67cea18b3ebbb680 # main + uses: editorconfig-checker/action-editorconfig-checker@840e866d93b8e032123c23bac69dece044d4d84c # main continue-on-error: true docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check documentation run: | MISSING="" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 55e93cc..a115a21 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,7 +48,7 @@ jobs: cross: false steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@6d9817901c499d6b02debbb57edb38d33daa680b # stable @@ -86,7 +86,7 @@ jobs: Get-FileHash vext-${{ env.RELEASE_TAG }}-${{ matrix.target }}.zip -Algorithm SHA256 | ForEach-Object { "$($_.Hash.ToLower()) vext-${{ env.RELEASE_TAG }}-${{ matrix.target }}.zip" } | Out-File -FilePath vext-${{ env.RELEASE_TAG }}-${{ matrix.target }}.zip.sha256 - name: Upload artifact - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4 with: name: vext-${{ matrix.target }} path: | @@ -98,7 +98,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@6d9817901c499d6b02debbb57edb38d33daa680b # stable @@ -110,7 +110,7 @@ jobs: run: cargo deb --package vext-core - name: Upload .deb - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4 with: name: deb-package path: target/debian/*.deb @@ -121,7 +121,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install Rust toolchain uses: dtolnay/rust-toolchain@6d9817901c499d6b02debbb57edb38d33daa680b # stable @@ -141,7 +141,7 @@ jobs: run: cargo generate-rpm --package vext-core - name: Upload .rpm - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4 with: name: rpm-package path: target/generate-rpm/*.rpm @@ -153,10 +153,10 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download all artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v4 with: path: artifacts @@ -167,7 +167,7 @@ jobs: ls -la release/ - name: Create Release - uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 with: tag_name: ${{ github.event.inputs.tag || github.ref_name }} files: release/* diff --git a/.github/workflows/rsr-antipattern.yml b/.github/workflows/rsr-antipattern.yml index f900877..2194b7d 100644 --- a/.github/workflows/rsr-antipattern.yml +++ b/.github/workflows/rsr-antipattern.yml @@ -18,7 +18,7 @@ jobs: antipattern-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check for TypeScript run: | diff --git a/.github/workflows/scorecard-enforcer.yml b/.github/workflows/scorecard-enforcer.yml index 37dd5cc..a0b0835 100644 --- a/.github/workflows/scorecard-enforcer.yml +++ b/.github/workflows/scorecard-enforcer.yml @@ -18,19 +18,19 @@ jobs: security-events: write id-token: write # For OIDC steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: persist-credentials: false - name: Run Scorecard - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif publish_results: true - name: Upload SARIF - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3 with: sarif_file: results.sarif @@ -53,7 +53,7 @@ jobs: check-critical: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check SECURITY.md exists run: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a1c916b..b3b9a3f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,17 +15,17 @@ jobs: security-events: write id-token: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: persist-credentials: false - name: Run Scorecard - uses: ossf/scorecard-action@e93faf2ab2f3663b51bc6e62d42b8520f2eff874 # v2.3.1 + uses: ossf/scorecard-action@05bb7c663f6ec9bd8484da0a5b5a77d423e3f88c # v2.3.1 with: results_file: results.sarif results_format: sarif - name: Upload results - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/secret-scanner.yml b/.github/workflows/secret-scanner.yml index d7ffaa9..18434fe 100644 --- a/.github/workflows/secret-scanner.yml +++ b/.github/workflows/secret-scanner.yml @@ -13,7 +13,7 @@ jobs: trufflehog: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 # Full history for scanning @@ -25,7 +25,7 @@ jobs: gitleaks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest if: hashFiles('**/Cargo.toml') != '' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check for hardcoded secrets in Rust run: | diff --git a/.github/workflows/security-policy.yml b/.github/workflows/security-policy.yml index 193bd3c..14bcbed 100644 --- a/.github/workflows/security-policy.yml +++ b/.github/workflows/security-policy.yml @@ -8,7 +8,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Security checks run: | FAILED=false diff --git a/.github/workflows/wellknown-enforcement.yml b/.github/workflows/wellknown-enforcement.yml index 06f6fe4..c95244c 100644 --- a/.github/workflows/wellknown-enforcement.yml +++ b/.github/workflows/wellknown-enforcement.yml @@ -20,7 +20,7 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: RFC 9116 security.txt validation run: | diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index dafe8e7..74bc18e 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -16,7 +16,7 @@ jobs: lint-workflows: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Check SPDX headers run: |