diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64968e2..c1613a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: python-version: ['3.10', '3.11', '3.12'] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.3 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v6 @@ -73,7 +73,7 @@ jobs: node-version: ['20'] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.3 - name: Set up Node.js ${{ matrix.node-version }} uses: actions/setup-node@v6 @@ -99,7 +99,7 @@ jobs: runs-on: ubuntu-latest needs: [backend-test, frontend] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.3 - name: Set up Python uses: actions/setup-python@v6 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7933eb0..13bb476 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,15 +34,15 @@ jobs: build-mode: none steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b14666a..4474036 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Dependency Review uses: actions/dependency-review-action@595ce4cd8b5399062ddf67f3a81c54cfa1448b86 # v4.7.2 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 276918d..135aff6 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -22,13 +22,13 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@v4 - name: Login to GHCR if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} @@ -36,7 +36,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: ghcr.io/${{ github.repository }} tags: | @@ -46,7 +46,7 @@ jobs: type=raw,value=latest,enable={{is_default_branch}} - name: Build & push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index bd806cc..c52a1f2 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout (full history) - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 964c03b..1c85389 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,12 +22,12 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -40,7 +40,7 @@ jobs: - name: Upload to code-scanning if: always() - uses: github/codeql-action/upload-sarif@4e828ff8d448a8a6e532957b1811f387a63867b2 # v3.27.5 + uses: github/codeql-action/upload-sarif@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.27.5 with: sarif_file: results.sarif category: scorecard diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 265f806..8f37878 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit