diff --git a/.github/workflows/auto-merge-on-approval.yml b/.github/workflows/auto-merge-on-approval.yml index 28336ce..9d87f69 100644 --- a/.github/workflows/auto-merge-on-approval.yml +++ b/.github/workflows/auto-merge-on-approval.yml @@ -169,7 +169,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🔍 Check conditions and enable auto-merge id: process - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9e606bf..6426d96 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -55,7 +55,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,7 +66,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/autobuild@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -80,4 +80,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 517aa06..61fbe25 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -261,7 +261,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: ⚠️ Alert on major version bump if: steps.determine-action.outputs.action == 'alert-major' || steps.determine-action.outputs.action == 'alert-security-major' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -329,7 +329,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🔍 Alert on minor production dependency if: steps.determine-action.outputs.action == 'alert-minor-prod' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -427,7 +427,7 @@ jobs: if: | startsWith(steps.determine-action.outputs.action, 'auto-merge-') || startsWith(steps.determine-action.outputs.action, 'alert-') - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/fortress-benchmarks.yml b/.github/workflows/fortress-benchmarks.yml index 8e49a75..6a06023 100644 --- a/.github/workflows/fortress-benchmarks.yml +++ b/.github/workflows/fortress-benchmarks.yml @@ -159,7 +159,7 @@ jobs: - name: 🏗️ Set up Go id: setup-go-bench - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go-version }} cache: false # we handle caches ourselves diff --git a/.github/workflows/fortress-code-quality.yml b/.github/workflows/fortress-code-quality.yml index 5fb3389..fe0a5a7 100644 --- a/.github/workflows/fortress-code-quality.yml +++ b/.github/workflows/fortress-code-quality.yml @@ -117,7 +117,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🏗️ Set up Go id: setup-go-vet - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ inputs.go-primary-version }} cache: false # we handle caches ourselves @@ -227,7 +227,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🏗️ Set up Go id: setup-go-lint - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ inputs.go-primary-version }} cache: false @@ -341,7 +341,7 @@ jobs: # Set up Node.js (no caching since we don't have package.json) # ———————————————————————————————————————————————————————————————— - name: 🏗️ Set up Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.0.4 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v4.0.4 with: node-version: ${{ env.NODE_VERSION }} diff --git a/.github/workflows/fortress-release.yml b/.github/workflows/fortress-release.yml index be88373..71f846d 100644 --- a/.github/workflows/fortress-release.yml +++ b/.github/workflows/fortress-release.yml @@ -155,7 +155,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🏗️ Set up Go id: setup-go-test - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ inputs.go-primary-version }} cache: false # we handle caches ourselves diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml index ae9811e..040bb10 100644 --- a/.github/workflows/fortress-security-scans.yml +++ b/.github/workflows/fortress-security-scans.yml @@ -90,7 +90,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🏗️ Set up Go id: setup-ask-nancy - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ inputs.go-primary-version }} cache: false # we handle caches ourselves @@ -169,7 +169,7 @@ jobs: - name: 🏗️ Set up Go id: setup-govulncheck - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ inputs.go-primary-version }} cache: false # we handle caches ourselves diff --git a/.github/workflows/fortress-test-suite.yml b/.github/workflows/fortress-test-suite.yml index b0d6b15..4f6052f 100644 --- a/.github/workflows/fortress-test-suite.yml +++ b/.github/workflows/fortress-test-suite.yml @@ -176,7 +176,7 @@ jobs: - name: 🏗️ Set up Go id: setup-go-test - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: ${{ matrix.go-version }} cache: false # we handle caches ourselves @@ -301,7 +301,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 📈 Upload coverage if: inputs.code-coverage-enabled == 'true' - uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 with: fail_ci_if_error: true flags: unittests diff --git a/.github/workflows/pull-request-management.yml b/.github/workflows/pull-request-management.yml index 3e1466c..1a14bdc 100644 --- a/.github/workflows/pull-request-management.yml +++ b/.github/workflows/pull-request-management.yml @@ -120,7 +120,7 @@ jobs: - name: 🏷️ Apply labels based on patterns id: apply-labels if: env.APPLY_TYPE_LABELS == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -289,7 +289,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 👤 Assign default assignee id: assign - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -376,7 +376,7 @@ jobs: - name: 👋 Welcome new contributor id: welcome if: env.WELCOME_FIRST_TIME == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -473,7 +473,7 @@ jobs: - name: 📏 Add size label id: analyze if: env.APPLY_SIZE_LABELS == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -675,7 +675,7 @@ jobs: - name: 🌿 Delete branch id: delete if: env.DELETE_BRANCH == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 62f785e..040de08 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -79,6 +79,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable the upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 + uses: github/codeql-action/upload-sarif@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 with: sarif_file: results.sarif diff --git a/.github/workflows/stale-check.yml b/.github/workflows/stale-check.yml index bbdc885..1d5de2f 100644 --- a/.github/workflows/stale-check.yml +++ b/.github/workflows/stale-check.yml @@ -151,7 +151,7 @@ jobs: # Process issues for stale marking and closing # ———————————————————————————————————————————————————————————————— - name: 📋 Process stale issues - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} with: @@ -288,7 +288,7 @@ jobs: # Process pull requests for stale marking and closing # ———————————————————————————————————————————————————————————————— - name: 🔀 Process stale pull requests - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} with: @@ -423,7 +423,7 @@ jobs: # Clean up stale labels from recently updated items # ———————————————————————————————————————————————————————————————— - name: 🏷️ Remove stale labels from updated items - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index d5776e2..6610402 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -209,7 +209,7 @@ jobs: # Sync labels using native GitHub API # ———————————————————————————————————————————————————————————————— - name: 🏷️ Sync labels from manifest - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: ENV_JSON: ${{ needs.load-env.outputs.env-json }} with: @@ -427,7 +427,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 🔍 Verify sync results if: github.event.inputs.dry_run != 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/update-pre-commit-hooks.yml b/.github/workflows/update-pre-commit-hooks.yml index 8ffc89b..b8cceb1 100644 --- a/.github/workflows/update-pre-commit-hooks.yml +++ b/.github/workflows/update-pre-commit-hooks.yml @@ -200,7 +200,7 @@ jobs: # Set up Python for pre-commit # ———————————————————————————————————————————————————————————————— - name: 🐍 Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x" diff --git a/.github/workflows/update-python-dependencies.yml b/.github/workflows/update-python-dependencies.yml index 5cc9619..c0861d2 100644 --- a/.github/workflows/update-python-dependencies.yml +++ b/.github/workflows/update-python-dependencies.yml @@ -182,7 +182,7 @@ jobs: # Set up Python for dependency management # ———————————————————————————————————————————————————————————————— - name: 🐍 Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x"