From f2abd99b06974eca8e37ed84f917e62ab9b21f91 Mon Sep 17 00:00:00 2001 From: Daniel Bannert Date: Sun, 15 Dec 2024 19:49:12 +0000 Subject: [PATCH 1/3] chore(deps): update actions/dependency-review-action action to v4.5.0 (#95) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 8b47405..4b5715c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -33,4 +33,4 @@ jobs: EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a" # v4.4.0 + uses: "actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019" # v4.5.0 From fd30640f2c701385e3db4626b8c62dd6f8439464 Mon Sep 17 00:00:00 2001 From: Daniel Bannert Date: Sun, 15 Dec 2024 19:49:57 +0000 Subject: [PATCH 2/3] chore(deps): update github/codeql-action action to v3.27.9 (#96) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ca0876c..9101a37 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd" # v3.27.0 + uses: "github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: "Autobuild" - uses: "github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd" # v3.27.0 + uses: "github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: "Perform CodeQL Analysis" - uses: "github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd" # v3.27.0 + uses: "github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3fafc78..e3b7c87 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd" # v3.27.0 + uses: "github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9 with: sarif_file: "results.sarif" From b268131756d7cbb49d2b517924bf941a065a6ef0 Mon Sep 17 00:00:00 2001 From: Daniel Bannert Date: Sun, 15 Dec 2024 19:50:40 +0000 Subject: [PATCH 3/3] chore(deps): update step-security/harden-runner action to v2.10.2 (#97) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/comment-issue.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint.yml | 16 ++++++++-------- .github/workflows/require-allow-edits.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/semantic-pull-request.yml | 2 +- .github/workflows/semantic-release.yml | 2 +- .github/workflows/test.yml | 8 ++++---- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9101a37..120fc98 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index dce80d4..b590e1d 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4b5715c..f8eea13 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,7 +21,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3b2dbb0..8d55bbb 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -35,7 +35,7 @@ jobs: package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -60,7 +60,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -111,7 +111,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -162,7 +162,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -213,7 +213,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -237,7 +237,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -262,7 +262,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -312,7 +312,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml index 1b0e707..f4a0830 100644 --- a/.github/workflows/require-allow-edits.yml +++ b/.github/workflows/require-allow-edits.yml @@ -16,7 +16,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e3b7c87..82a9e1f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index 14c93f5..cf81610 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index afc9c1f..b5fddae 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -28,7 +28,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 35ae1e3..a4ec138 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: codecov: "${{ steps.changes.outputs.codecov }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -72,7 +72,7 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -128,7 +128,7 @@ jobs: NODE: "${{ matrix.node_version }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit" @@ -206,7 +206,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7" # v2.10.1 + uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2 with: egress-policy: "audit"