Skip to content

fix(deps): update github-actions #895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 31, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -52,7 +52,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: "Initialize CodeQL"
uses: "github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2" # v3.24.9
uses: "github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f" # v3.28.18
with:
languages: "${{ matrix.language }}"
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -62,7 +62,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: "Autobuild"
uses: "github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2" # v3.24.9
uses: "github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f" # v3.28.18

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -75,6 +75,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: "Perform CodeQL Analysis"
uses: "github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2" # v3.24.9
uses: "github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f" # v3.28.18
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/comment-issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
issues: "write"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -33,4 +33,4 @@ jobs:
EMAIL: "github-actions[bot]@users.noreply.github.com"

- name: "Dependency Review"
uses: "actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a" # v4.4.0
uses: "actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9" # v4.7.1
26 changes: 13 additions & 13 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -60,7 +60,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -77,7 +77,7 @@ jobs:

- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@76907e7e5d3cd17ddb5e2b123389f054bffcdd03" # v4
uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4

- name: "Setup resources and environment"
id: "setup"
Expand Down Expand Up @@ -111,7 +111,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -128,7 +128,7 @@ jobs:

- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@76907e7e5d3cd17ddb5e2b123389f054bffcdd03" # v4
uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4

- name: "Setup resources and environment"
id: "setup"
Expand Down Expand Up @@ -162,7 +162,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -179,7 +179,7 @@ jobs:

- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@76907e7e5d3cd17ddb5e2b123389f054bffcdd03" # v4
uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4

- name: "Setup resources and environment"
id: "setup"
Expand Down Expand Up @@ -213,7 +213,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -237,7 +237,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -262,7 +262,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -278,9 +278,9 @@ jobs:
run_install: false

- name: "Use Node.js 18.x"
uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2
uses: "actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020" # v4.4.0
with:
node-version: "18.x"
node-version: "18.20.8"
cache: "pnpm"

- name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
Expand Down Expand Up @@ -312,7 +312,7 @@ jobs:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lock-file-maintenance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -48,7 +48,7 @@ jobs:

- name: "Commit lock file"
if: "success()"
uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1
uses: "stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403" # v5.2.0
with:
file_pattern: "pnpm-lock.yaml"
commit_message: "chore: updated lock file [ci skip]"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/preview-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -43,7 +43,7 @@ jobs:

- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@76907e7e5d3cd17ddb5e2b123389f054bffcdd03" # v4
uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4

- name: "Setup resources and environment"
id: "setup"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/require-allow-edits.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -43,7 +43,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: "ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534" # v2.3.3
uses: "ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186" # v2.4.1
with:
results_file: "results.sarif"
results_format: "sarif"
Expand All @@ -65,14 +65,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: "actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808" # v4.3.3
uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02" # v4.6.2
with:
name: "SARIF file"
path: "results.sarif"
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: "github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2" # v3.24.9
uses: "github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f" # v3.28.18
with:
sarif_file: "results.sarif"
6 changes: 3 additions & 3 deletions .github/workflows/semantic-pull-request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
name: "Semantic Pull Request"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -46,7 +46,7 @@ jobs:
revert
test

- uses: "marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31" # v2.9.0
- uses: "marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db" # v2.9.2
# When the previous steps fail, the workflow would stop. By adding this
# condition you can continue the execution with the populated error message.
if: "always() && (steps.lint_pr_title.outputs.error_message != null)"
Expand All @@ -65,7 +65,7 @@ jobs:

# Delete a previous comment when the issue has been resolved
- if: "${{ steps.lint_pr_title.outputs.error_message == null }}"
uses: "marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31" # v2.9.0
uses: "marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db" # v2.9.2
with:
header: "pr-title-lint-error"
message: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/semantic-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:

steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
codecov: "${{ steps.changes.outputs.codecov }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down Expand Up @@ -72,7 +72,7 @@ jobs:
NODE: "${{ matrix.node_version }}"
steps:
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand All @@ -89,7 +89,7 @@ jobs:

- name: "Derive appropriate SHAs for base and head for `nx affected` commands"
id: "setSHAs"
uses: "nrwl/nx-set-shas@76907e7e5d3cd17ddb5e2b123389f054bffcdd03" # v4
uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4

- name: "Setup resources and environment"
id: "setup"
Expand Down Expand Up @@ -141,7 +141,7 @@ jobs:
# If any jobs we depend on fail, we will fail since this is a required check
# NOTE: A timeout is considered a failure
- name: "Harden Runner"
uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1
uses: "step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0" # v2.12.0
with:
egress-policy: "audit"

Expand Down
Loading