diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bfdb863dc..e6ad3e5f8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01" # v3.30.1 + uses: "github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885" # v3.30.6 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: "Autobuild" - uses: "github/codeql-action/autobuild@f1f6e5f6af878fb37288ce1c627459e94dbf7d01" # v3.30.1 + uses: "github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885" # v3.30.6 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: "Perform CodeQL Analysis" - uses: "github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01" # v3.30.1 + uses: "github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885" # v3.30.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index c6daf667b..58e5ad64f 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b0891387a..e1b0def82 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -33,4 +33,4 @@ jobs: EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b" # v4.7.3 + uses: "actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3" # v4.8.0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b6684a61b..d4e356a2b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -35,7 +35,7 @@ jobs: package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -60,7 +60,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -112,7 +112,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -164,7 +164,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -216,7 +216,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -240,7 +240,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -265,7 +265,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -315,7 +315,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml index 16435b9b6..d891c869f 100644 --- a/.github/workflows/lock-file-maintenance.yml +++ b/.github/workflows/lock-file-maintenance.yml @@ -21,7 +21,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml index 5130ab04f..8e28434a3 100644 --- a/.github/workflows/preview-release.yaml +++ b/.github/workflows/preview-release.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml index 05ec981ff..1041b24a6 100644 --- a/.github/workflows/require-allow-edits.yml +++ b/.github/workflows/require-allow-edits.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ef09923a1..759143416 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: "ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde" # v2.4.2 + uses: "ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a" # v2.4.3 with: results_file: "results.sarif" results_format: "sarif" @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01" # v3.30.1 + uses: "github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885" # v3.30.6 with: sarif_file: "results.sarif" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index d82eaa954..373381c70 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 5d7cd5d0a..d2b119f40 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -29,12 +29,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" - name: "Wait for tests to succeed" - uses: "lewagon/wait-on-check-action@0dceb95e7c4cad8cc7422aee3885998f5cab9c79" # v1.4.0 + uses: "lewagon/wait-on-check-action@3603e826ee561ea102b58accb5ea55a1a7482343" # v1.4.1 timeout-minutes: 20 with: ref: "${{ github.event.pull_request.head.sha || github.sha }}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 05a07c80c..879af5e7e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: codecov: "${{ steps.changes.outputs.codecov }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -72,7 +72,7 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit" @@ -141,7 +141,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911" # v2.13.0 + uses: "step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a" # v2.13.1 with: egress-policy: "audit"