From 417bde6e6f30bb78d309dc82eb0ae243aa348315 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Tue, 21 Jan 2025 17:16:33 +0100 Subject: [PATCH] chore(deps): update github-actions (#823) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.1.0` -> `v5.3.0` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.4.3` -> `v4.6.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.27.6` -> `v3.28.1` | | [golangci/golangci-lint-action](https://redirect.github.com/golangci/golangci-lint-action) | action | minor | `v6.1.1` -> `v6.2.0` | --- ### Release Notes
actions/setup-go (actions/setup-go) ### [`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0) ##### What's Changed - Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by [@​Link-](https://redirect.github.com/Link-) in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) - Configure Dependabot settings by [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530) - Document update - permission section by [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534) ##### New Contributors - [@​Link-](https://redirect.github.com/Link-) made their first contribution in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) **Full Changelog**: https://github.com/actions/setup-go/compare/v5...v5.3.0 ### [`v5.2.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.1.0...v5.2.0) #### What's Changed - Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by [@​Shegox](https://redirect.github.com/Shegox) in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) #### New Contributors - [@​Shegox](https://redirect.github.com/Shegox) made their first contribution in [https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496) **Full Changelog**: https://github.com/actions/setup-go/compare/v5...v5.2.0
actions/upload-artifact (actions/upload-artifact) ### [`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) #### What's Changed - Expose env vars to control concurrency and timeout by [@​yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/662](https://redirect.github.com/actions/upload-artifact/pull/662) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v4...v4.6.0 ### [`v4.5.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0)
github/codeql-action (github/codeql-action) ### [`v3.28.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.0...v3.28.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see [this changelog post](https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/). [#​2677](https://redirect.github.com/github/codeql-action/pull/2677) - Update default CodeQL bundle version to 2.20.1. [#​2678](https://redirect.github.com/github/codeql-action/pull/2678) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.1/CHANGELOG.md) for more information. ### [`v3.28.0`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.9...v3.28.0) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL bundle version to 2.15.5. [#​2655](https://redirect.github.com/github/codeql-action/pull/2655) - Don't fail in the unusual case that a file is on the search path. [#​2660](https://redirect.github.com/github/codeql-action/pull/2660). See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.0/CHANGELOG.md) for more information. ### [`v3.27.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.8...v3.27.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.9 - 12 Dec 2024 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.9/CHANGELOG.md) for more information. ### [`v3.27.8`](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8) ### [`v3.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.6...v3.27.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.27.7 - 10 Dec 2024 - We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. [#​2631](https://redirect.github.com/github/codeql-action/pull/2631) - Update default CodeQL bundle version to 2.20.0. [#​2636](https://redirect.github.com/github/codeql-action/pull/2636) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md) for more information.
golangci/golangci-lint-action (golangci/golangci-lint-action) ### [`v6.2.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v6.2.0) [Compare Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v6.1.1...v6.2.0) #### What's Changed ##### Changes - chore: use new build tag syntax by [@​alexandear](https://redirect.github.com/alexandear) in [https://github.com/golangci/golangci-lint-action/pull/1133](https://redirect.github.com/golangci/golangci-lint-action/pull/1133) - feat: support linux arm64 public preview by [@​ldez](https://redirect.github.com/ldez) in [https://github.com/golangci/golangci-lint-action/pull/1144](https://redirect.github.com/golangci/golangci-lint-action/pull/1144) ##### Documentation - docs: update local development instructions by [@​dmitris](https://redirect.github.com/dmitris) in [https://github.com/golangci/golangci-lint-action/pull/1125](https://redirect.github.com/golangci/golangci-lint-action/pull/1125) ##### Dependencies - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1112](https://redirect.github.com/golangci/golangci-lint-action/pull/1112) - build(deps): bump the dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1113](https://redirect.github.com/golangci/golangci-lint-action/pull/1113) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1114](https://redirect.github.com/golangci/golangci-lint-action/pull/1114) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.7.4 to 22.7.5 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1115](https://redirect.github.com/golangci/golangci-lint-action/pull/1115) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1117](https://redirect.github.com/golangci/golangci-lint-action/pull/1117) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.7.5 to 22.7.7 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1118](https://redirect.github.com/golangci/golangci-lint-action/pull/1118) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1119](https://redirect.github.com/golangci/golangci-lint-action/pull/1119) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.7.7 to 22.8.1 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1120](https://redirect.github.com/golangci/golangci-lint-action/pull/1120) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1122](https://redirect.github.com/golangci/golangci-lint-action/pull/1122) - build(deps): bump the dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1123](https://redirect.github.com/golangci/golangci-lint-action/pull/1123) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1126](https://redirect.github.com/golangci/golangci-lint-action/pull/1126) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.8.7 to 22.9.0 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1127](https://redirect.github.com/golangci/golangci-lint-action/pull/1127) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1128](https://redirect.github.com/golangci/golangci-lint-action/pull/1128) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.9.0 to 22.9.3 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1130](https://redirect.github.com/golangci/golangci-lint-action/pull/1130) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.9.3 to 22.10.1 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1131](https://redirect.github.com/golangci/golangci-lint-action/pull/1131) - build(deps-dev): bump the dev-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1132](https://redirect.github.com/golangci/golangci-lint-action/pull/1132) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1134](https://redirect.github.com/golangci/golangci-lint-action/pull/1134) - build(deps): bump [@​actions/cache](https://redirect.github.com/actions/cache) from 3.3.0 to 4.0.0 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1135](https://redirect.github.com/golangci/golangci-lint-action/pull/1135) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1136](https://redirect.github.com/golangci/golangci-lint-action/pull/1136) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.10.1 to 22.10.2 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1137](https://redirect.github.com/golangci/golangci-lint-action/pull/1137) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1138](https://redirect.github.com/golangci/golangci-lint-action/pull/1138) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1139](https://redirect.github.com/golangci/golangci-lint-action/pull/1139) - build(deps-dev): bump the dev-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1141](https://redirect.github.com/golangci/golangci-lint-action/pull/1141) - build(deps): bump [@​types/node](https://redirect.github.com/types/node) from 22.10.2 to 22.10.5 in the dependencies group by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1142](https://redirect.github.com/golangci/golangci-lint-action/pull/1142) - build(deps-dev): bump the dev-dependencies group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/golangci/golangci-lint-action/pull/1143](https://redirect.github.com/golangci/golangci-lint-action/pull/1143) #### New Contributors - [@​dmitris](https://redirect.github.com/dmitris) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/1125](https://redirect.github.com/golangci/golangci-lint-action/pull/1125) - [@​alexandear](https://redirect.github.com/alexandear) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/1133](https://redirect.github.com/golangci/golangci-lint-action/pull/1133) **Full Changelog**: https://github.com/golangci/golangci-lint-action/compare/v6.1.1...v6.2.0
--- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-verifier). --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/pre-submit.actions.yml | 2 +- .github/workflows/pre-submit.cli.yml | 4 ++-- .github/workflows/pre-submit.e2e.yml | 2 +- .github/workflows/pre-submit.lint.yml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/update-actions-dist-post-commit.yml | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1d424b791..219ba6bb1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: # TODO(#740): Workaround for go1.21 compatibility. Remove when GHA runners have Go 1.21+. - name: setup-go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: "go.mod" # not needed but gets rid of warnings @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -63,7 +63,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index 887c2079a..a694adbed 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -34,7 +34,7 @@ jobs: fi # If index.js was different from expected, upload the expected version as an artifact - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: ${{ failure() && steps.diff.conclusion == 'failure' }} with: name: dist diff --git a/.github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.cli.yml index 89b8e5eed..d1e3fcb2e 100644 --- a/.github/workflows/pre-submit.cli.yml +++ b/.github/workflows/pre-submit.cli.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: setup-go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: "go.mod" # not needed but gets rid of warnings @@ -30,7 +30,7 @@ jobs: run: | echo "$EVENT_NAME" > ./event_name.txt - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: event_name path: ./event_name.txt diff --git a/.github/workflows/pre-submit.e2e.yml b/.github/workflows/pre-submit.e2e.yml index 3e9705d88..4621efe2f 100644 --- a/.github/workflows/pre-submit.e2e.yml +++ b/.github/workflows/pre-submit.e2e.yml @@ -16,7 +16,7 @@ jobs: path: __THIS_REPO__ - name: setup-go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: "__THIS_REPO__/go.mod" # not needed but gets rid of warnings diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index 6b60cabb1..b1ff1bfbb 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -11,12 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: "go.mod" # not needed but gets rid of warnings cache: false - - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + - uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 name: golangci-lint with: # Require: The version of golangci-lint to use. diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 27a5eb567..5c2c2e4c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/update-actions-dist-post-commit.yml b/.github/workflows/update-actions-dist-post-commit.yml index 39a15dfa3..d4434148e 100644 --- a/.github/workflows/update-actions-dist-post-commit.yml +++ b/.github/workflows/update-actions-dist-post-commit.yml @@ -57,7 +57,7 @@ jobs: [ -z "$(cat changes.patch)" ] && RESULT=false || RESULT=true echo "patch_not_empty=$RESULT" >> "$GITHUB_OUTPUT" - name: upload - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: changes.patch path: changes.patch