diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c6033ad22..b8c87b3f5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,16 +43,16 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Checkout repository" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee" # v4.31.2 + uses: "github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6" # v4.32.3 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: "Autobuild" - uses: "github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee" # v4.31.2 + uses: "github/codeql-action/autobuild@9e907b5e64f6b83e7804b09294d44122997950d6" # v4.32.3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: "Perform CodeQL Analysis" - uses: "github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee" # v4.31.2 + uses: "github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6" # v4.32.3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index a19126a12..b4f3686ca 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f2f1e0411..068aadb9a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,16 +21,16 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a" # v4.8.1 + uses: "actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261" # v4.8.2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c09db6f6e..d53c7c72d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -35,12 +35,12 @@ jobs: package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -60,12 +60,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -77,7 +77,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1" # v4 + uses: "nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1" # v4 - name: "Setup resources and environment" id: "setup" @@ -89,7 +89,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62" # v47.0.0 + uses: "tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a" # v47.0.4 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -112,12 +112,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -129,7 +129,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1" # v4 + uses: "nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1" # v4 - name: "Setup resources and environment" id: "setup" @@ -141,7 +141,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62" # v47.0.0 + uses: "tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a" # v47.0.4 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -164,12 +164,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -181,7 +181,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1" # v4 + uses: "nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1" # v4 - name: "Setup resources and environment" id: "setup" @@ -193,7 +193,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62" # v47.0.0 + uses: "tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a" # v47.0.4 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -216,12 +216,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -240,12 +240,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -265,12 +265,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -281,9 +281,9 @@ jobs: run_install: false - name: "Use Node.js 20.x" - uses: "actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903" # v6.0.0 + uses: "actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238" # v6.2.0 with: - node-version: "20.19.5" + node-version: "20.20.0" cache: "pnpm" - name: "Install packages" @@ -312,7 +312,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml index e5fe5d643..c715a84fb 100644 --- a/.github/workflows/preview-release.yaml +++ b/.github/workflows/preview-release.yaml @@ -26,12 +26,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 with: # Number of commits to fetch. 0 indicates all history for all branches and tags. # Pulls all commits (needed for NX) @@ -43,7 +43,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1" # v4 + uses: "nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1" # v4 - name: "Setup resources and environment" id: "setup" @@ -55,7 +55,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62" # v47.0.0 + uses: "tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a" # v47.0.4 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml index 472506fc1..6cc2f49fd 100644 --- a/.github/workflows/require-allow-edits.yml +++ b/.github/workflows/require-allow-edits.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c732d3b55..78e3dbbd6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,12 +33,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Checkout code" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 with: persist-credentials: false @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee" # v4.31.2 + uses: "github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6" # v4.32.3 with: sarif_file: "results.sarif" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index 680aa5b6c..96d2b404c 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 1322306b4..da87c9f20 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -29,12 +29,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Wait for tests to succeed" - uses: "lewagon/wait-on-check-action@3603e826ee561ea102b58accb5ea55a1a7482343" # v1.4.1 + uses: "lewagon/wait-on-check-action@74049309dfeff245fe8009a0137eacf28136cb3c" # v1.5.0 timeout-minutes: 20 with: ref: "${{ github.event.pull_request.head.sha || github.sha }}" @@ -45,7 +45,7 @@ jobs: ignore-checks: "lock-closed / lock-closed, Socket Security: Pull Request Alerts, Dependabot" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 with: fetch-depth: 0 token: "${{ secrets.SEMANTIC_RELEASE_GITHUB_TOKEN }}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 75f796876..d62105f8c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,12 +32,12 @@ jobs: codecov: "${{ steps.changes.outputs.codecov }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -72,12 +72,12 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit" - name: "Git checkout ${{ env.HEAD_REPOSITORY }}:${{ env.HEAD_REF }}" - uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" # v6.0.0 + uses: "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd" # v6.0.2 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -89,7 +89,7 @@ jobs: - name: "Derive appropriate SHAs for base and head for `nx affected` commands" id: "setSHAs" - uses: "nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1" # v4 + uses: "nrwl/nx-set-shas@3e9ad7370203c1e93d109be57f3b72eb0eb511b1" # v4 - name: "Setup resources and environment" id: "setup" @@ -101,7 +101,7 @@ jobs: # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259 - name: "Get changed files" id: "files" - uses: "tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62" # v47.0.0 + uses: "tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a" # v47.0.4 with: files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml" base_sha: "${{ steps.setSHAs.outputs.base }}" @@ -141,7 +141,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2" # v2.13.2 + uses: "step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e" # v2.14.2 with: egress-policy: "audit"