From e13caf04793d07c8c2241325339f2452319e1b97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Feb 2025 23:32:41 +0000 Subject: [PATCH] chore(deps): bump the github-actions group across 1 directory with 6 updates Bumps the github-actions group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.2.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.10.0` | `6.13.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.1.0` | `2.2.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.9` | `0.18.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.9` | `2.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.0` | `3.28.8` | Updates `docker/setup-qemu-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/49b3bc8e6bdd4a60e6116a5414239cba5943d3cf...53851d14592bedcffcf25ea515637cff71ef929a) Updates `docker/build-push-action` from 6.10.0 to 6.13.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/48aba3b46d1b1fec4febb7c5d0c644b249a11355...ca877d9245402d1537745e0e356eab47c3520991) Updates `actions/attest-build-provenance` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/7668571508540a607bdfd90a87a560489fe372eb...520d128f165991a6c774bcb264f323e3d70747f4) Updates `anchore/sbom-action` from 0.17.9 to 0.18.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/df80a981bc6edbc4e220a492d3cbe9f5547a6e75...f325610c9f50a54015d37c8d16cb3b0e2c8f4de0) Updates `softprops/action-gh-release` from 2.0.9 to 2.2.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8...c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda) Updates `github/codeql-action` from 3.28.0 to 3.28.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/48ab28a6f5dbc2a99bf1e0131198dd8f1df78169...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/athenapdf-service-image.yaml | 12 ++++++------ .github/workflows/database-tools-image.yaml | 12 ++++++------ .github/workflows/docker-host-image.yaml | 12 ++++++------ .github/workflows/drush-alias-image.yaml | 12 ++++++------ .github/workflows/insights-scanner-image.yaml | 12 ++++++------ .github/workflows/logs-concentrator-image.yaml | 12 ++++++------ .github/workflows/logs-dispatcher-image.yaml | 12 ++++++------ .github/workflows/ossf-analysis.yaml | 2 +- 8 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/athenapdf-service-image.yaml b/.github/workflows/athenapdf-service-image.yaml index 8fb491e..186e82d 100644 --- a/.github/workflows/athenapdf-service-image.yaml +++ b/.github/workflows/athenapdf-service-image.yaml @@ -87,7 +87,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -106,7 +106,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: athenapdf-service @@ -115,18 +115,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/athenapdf-service push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/athenapdf-service push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/athenapdf-service@${{steps.build-and-push.outputs.digest}} @@ -134,7 +134,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/database-tools-image.yaml b/.github/workflows/database-tools-image.yaml index ac4d9db..e3e6471 100644 --- a/.github/workflows/database-tools-image.yaml +++ b/.github/workflows/database-tools-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: database-tools @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/database-tools push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/database-tools push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/database-tools@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/docker-host-image.yaml b/.github/workflows/docker-host-image.yaml index 4da6b92..f02a326 100644 --- a/.github/workflows/docker-host-image.yaml +++ b/.github/workflows/docker-host-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: docker-host @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/docker-host push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/docker-host push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/docker-host@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/drush-alias-image.yaml b/.github/workflows/drush-alias-image.yaml index 8b3211c..b37a369 100644 --- a/.github/workflows/drush-alias-image.yaml +++ b/.github/workflows/drush-alias-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: drush-alias @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/drush-alias push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/drush-alias push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/drush-alias@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/insights-scanner-image.yaml b/.github/workflows/insights-scanner-image.yaml index 4fede4e..ef27f97 100644 --- a/.github/workflows/insights-scanner-image.yaml +++ b/.github/workflows/insights-scanner-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: insights-scanner @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/insights-scanner push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/insights-scanner push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/insights-scanner@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/logs-concentrator-image.yaml b/.github/workflows/logs-concentrator-image.yaml index f19ac50..806d143 100644 --- a/.github/workflows/logs-concentrator-image.yaml +++ b/.github/workflows/logs-concentrator-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: logs-concentrator @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/logs-concentrator push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/logs-concentrator push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/logs-concentrator@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/logs-dispatcher-image.yaml b/.github/workflows/logs-dispatcher-image.yaml index 2e02d23..bc3bae1 100644 --- a/.github/workflows/logs-dispatcher-image.yaml +++ b/.github/workflows/logs-dispatcher-image.yaml @@ -86,7 +86,7 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 id: build-and-push with: context: logs-dispatcher @@ -114,18 +114,18 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/logs-dispatcher push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 + uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/logs-dispatcher push-to-registry: true - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 if: startsWith(github.ref, 'refs/tags/') with: image: ghcr.io/${{ github.repository_owner }}/logs-dispatcher@${{steps.build-and-push.outputs.digest}} @@ -133,7 +133,7 @@ jobs: upload-artifact: false upload-release-assets: false - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 if: startsWith(github.ref, 'refs/tags/') with: files: | diff --git a/.github/workflows/ossf-analysis.yaml b/.github/workflows/ossf-analysis.yaml index 83c25b4..76e04b3 100644 --- a/.github/workflows/ossf-analysis.yaml +++ b/.github/workflows/ossf-analysis.yaml @@ -26,6 +26,6 @@ jobs: # of the value entered here. publish_results: true - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif