From 470a2951b5e824bdbd6000cf370c17f27b3ccacb Mon Sep 17 00:00:00 2001 From: CloudQuery Bot Date: Wed, 25 Mar 2026 12:32:52 +0000 Subject: [PATCH] fix(deps): Pin dependencies --- .github/workflows/build.yml | 24 ++++++++++++------------ .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/conformance.yml | 10 +++++----- .github/workflows/dockerhub-readme.yml | 4 ++-- .github/workflows/docs.yml | 12 ++++++------ .github/workflows/e2e.yml | 8 ++++---- .github/workflows/fossa.yml | 4 ++-- .github/workflows/label.yaml | 2 +- .github/workflows/validate.yml | 2 +- 9 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ef89f5605c4..6c89882885d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,10 +35,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version: ${{ matrix.go }} - @@ -47,7 +47,7 @@ jobs: make ${{ matrix.target }} - name: Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: directory: ./ @@ -62,13 +62,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: | ${{ env.DOCKERHUB_SLUG }} @@ -94,25 +94,25 @@ jobs: org.opencontainers.image.description=The toolkit to pack, ship, store, and distribute container content - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Log in to GitHub Container registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build artifacts - uses: docker/bake-action@v4 + uses: docker/bake-action@aefd381cbaa93c62a1e8b02194ae420cc36269d2 # v4 with: targets: artifact-all - @@ -133,14 +133,14 @@ jobs: tree -nh ./bin - name: Upload artifacts - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: registry path: ./bin/* if-no-files-found: error - name: Build image - uses: docker/bake-action@v4 + uses: docker/bake-action@aefd381cbaa93c62a1e8b02194ae420cc36269d2 # v4 with: files: | ./docker-bake.hcl @@ -149,7 +149,7 @@ jobs: push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }} - name: GitHub Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 if: startsWith(github.ref, 'refs/tags/') with: draft: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 395e71cea74..50f15e77732 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 2 - @@ -45,12 +45,12 @@ jobs: git checkout HEAD^2 - name: Initialize CodeQL - uses: github/codeql-action/init@v3.31.0 + uses: github/codeql-action/init@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v3.31.0 + uses: github/codeql-action/autobuild@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.31.0 + uses: github/codeql-action/analyze@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3.31.0 diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index c843614e8e5..df37707ea64 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -17,16 +17,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Build image - uses: docker/bake-action@v6 + uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6 - name: Start distribution server run: | @@ -37,7 +37,7 @@ jobs: docker run --rm -p 5000:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true -idt "registry:local" - name: Run OCI Distribution Spec conformance tests - uses: opencontainers/distribution-spec@v1.1.1 + uses: opencontainers/distribution-spec@a139cc423184af6078077b9b7ee336eddbd03f8f # v1.1.1 env: OCI_ROOT_URL: ${{ env.OCI_ROOT_URL }} OCI_NAMESPACE: oci-conformance/distribution-test @@ -51,7 +51,7 @@ jobs: run: mkdir -p .out/ && mv {report.html,junit.xml} .out/ - name: Upload test results - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: oci-test-results-${{ github.sha }} path: .out/ diff --git a/.github/workflows/dockerhub-readme.yml b/.github/workflows/dockerhub-readme.yml index 6ace8cd93c8..646e001b47a 100644 --- a/.github/workflows/dockerhub-readme.yml +++ b/.github/workflows/dockerhub-readme.yml @@ -24,10 +24,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Update Docker Hub README - uses: peter-evans/dockerhub-description@v3 + uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 2681345c652..441595c5af2 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -23,14 +23,14 @@ jobs: # Build the site and upload artifacts using actions/upload-pages-artifact steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Pages id: pages - uses: actions/configure-pages@v4 + uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Build docs - uses: docker/bake-action@v4 + uses: docker/bake-action@aefd381cbaa93c62a1e8b02194ae420cc36269d2 # v4 with: files: | docker-bake.hcl @@ -45,7 +45,7 @@ jobs: echo "::warning title=Invalid file permissions automatically fixed::$line" done - name: Upload Pages artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 with: path: ./build/docs @@ -69,4 +69,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 # or the latest "vX.X.X" version tag for this action + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 # or the latest "vX.X.X" version tag for this action diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 38d90b1d8be..ff387363161 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -20,16 +20,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Build image - uses: docker/bake-action@v6 + uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6 with: targets: image-local - @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 - diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 919944b7dab..6e59dd4dbd5 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -17,9 +17,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Run FOSSA scan and upload build data - uses: fossa-contrib/fossa-action@v2 + uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2 with: fossa-api-key: cac3dc8d4f2ba86142f6c0f2199a160f diff --git a/.github/workflows/label.yaml b/.github/workflows/label.yaml index 6dda19bcdc4..28f1062709e 100644 --- a/.github/workflows/label.yaml +++ b/.github/workflows/label.yaml @@ -14,6 +14,6 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 with: dot: true diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b9e18b28d79..57fff8d90d1 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Run run: |