From 814dcb43fae4f8f756909b161c4a1d10d755cc06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 09:22:11 +0000 Subject: [PATCH] ci(deps): bump the production-dependencies group with 3 updates Bumps the production-dependencies group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [step-security/harden-runner](https://github.com/step-security/harden-runner) and [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action). Updates `github/codeql-action` from 3.36.2 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.36.2...v4.36.2) Updates `step-security/harden-runner` from 2.14.0 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...9af89fc71515a100421586dfdb3dc9c984fbf411) Updates `lycheeverse/lychee-action` from 2.4.0 to 2.8.0 - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](https://github.com/lycheeverse/lychee-action/compare/v2.4.0...v2.8.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: lycheeverse/lychee-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- .github/workflows/codeql.yml | 4 ++-- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lychee.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/stale.yml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8821b0d..30979b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -69,7 +69,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@v4.36.2 with: # Scan both the Python backend and the Next.js frontend. # `security-extended` adds queries beyond the default @@ -79,7 +79,7 @@ jobs: languages: python, javascript, typescript queries: security-extended - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@v4.36.2 with: # The frontend is a TS/JSX project under frontend/src; # without this filter CodeQL still walks the whole tree but diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 13bb476..67ef46e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,12 +37,12 @@ jobs: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@v4.36.2 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@v4.36.2 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 98f7f36..4474036 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,7 +15,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit diff --git a/.github/workflows/lychee.yml b/.github/workflows/lychee.yml index 7e96c22..d00319f 100644 --- a/.github/workflows/lychee.yml +++ b/.github/workflows/lychee.yml @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 0 - name: lychee - uses: lycheeverse/lychee-action@v2.4.0 + uses: lycheeverse/lychee-action@v2.8.0 with: args: --verbose --no-progress --exclude-mail --exclude-loopback env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 65093db..2fb4c2e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -40,7 +40,7 @@ jobs: - name: Upload to code-scanning if: always() - uses: github/codeql-action/upload-sarif@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.27.5 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3.27.5 with: sarif_file: results.sarif category: scorecard diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 265f806..8f37878 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit