From 449c656c1d48bb83035f1c70254e6da2f6b57946 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jun 2026 09:28:41 +0000 Subject: [PATCH] ci(deps): bump the production-dependencies group with 2 updates Bumps the production-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [step-security/harden-runner](https://github.com/step-security/harden-runner). Updates `actions/checkout` from 4.1.1 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4.1.1...v6.0.3) Updates `step-security/harden-runner` from 2.14.0 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.14.0...9af89fc71515a100421586dfdb3dc9c984fbf411) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/build-android.yml | 4 ++-- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/deploy-web.yml | 2 +- .github/workflows/eas-build.yml | 2 +- .github/workflows/gitleaks.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index b616bf7..2aa27f0 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Set up Node.js uses: actions/setup-node@v6 @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Set up Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b14666a..4474036 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,12 +15,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Dependency Review uses: actions/dependency-review-action@595ce4cd8b5399062ddf67f3a81c54cfa1448b86 # v4.7.2 diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml index ba9c28e..e9d8095 100644 --- a/.github/workflows/deploy-web.yml +++ b/.github/workflows/deploy-web.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Setup Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/eas-build.yml b/.github/workflows/eas-build.yml index cd8f9b3..dad7454 100644 --- a/.github/workflows/eas-build.yml +++ b/.github/workflows/eas-build.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Setup Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index bd806cc..c52a1f2 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout (full history) - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 964c03b..7f3cd02 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,12 +22,12 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 265f806..8f37878 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 15 steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 793e4a1..9e33b66 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Setup Node.js uses: actions/setup-node@v6