From 83a270c9be5992eea16a88ef98704f620b125a49 Mon Sep 17 00:00:00 2001 From: "update-github-actions[bot]" Date: Tue, 16 Jan 2024 17:20:11 +0000 Subject: [PATCH 1/2] Update GitHub Action Versions --- .github/workflows/bump-version.yml | 2 +- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/dependency-review.yml | 2 +- .github/workflows/scorecard.yml | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index e56ee946e..679216e7d 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -75,7 +75,7 @@ jobs: echo "new_version=${NEW_VERSION}" echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV - name: Push Changes - uses: ad-m/github-push-action@v0.8.0 + uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df with: force: false github_token: ${{ secrets.BUMP_VERSION_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6b1097b66..7de9ab54a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,10 +52,10 @@ jobs: uses: actions/checkout@v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@codeql-bundle-20230524 + uses: github/codeql-action/init@1245696032ecf7d39f87d54daa406e22ddf769a8 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@codeql-bundle-20230524 + uses: github/codeql-action/autobuild@1245696032ecf7d39f87d54daa406e22ddf769a8 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@codeql-bundle-20230524 + uses: github/codeql-action/analyze@1245696032ecf7d39f87d54daa406e22ddf769a8 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 368b283c9..ba457fc32 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,4 +28,4 @@ jobs: uses: actions/checkout@v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3.1.4 + uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2f02236e9..f981f011e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v3.1.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@1245696032ecf7d39f87d54daa406e22ddf769a8 # v2.2.4 with: sarif_file: results.sarif From fcf7b6ded3faadeaf5e96c45b3f892d1514751e7 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Tue, 16 Jan 2024 12:22:25 -0500 Subject: [PATCH 2/2] Update scorecard.yml --- .github/workflows/scorecard.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f981f011e..f8714314d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v3.1.0 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1245696032ecf7d39f87d54daa406e22ddf769a8 # v2.2.4 + uses: github/codeql-action/upload-sarif@1245696032ecf7d39f87d54daa406e22ddf769a8 with: sarif_file: results.sarif