From 3f65aeaad76da9e32138cb2908b754bdbfb8d3b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Apr 2026 08:58:28 +0000 Subject: [PATCH] ci(deps): bump the actions group with 8 updates Bumps the actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `3.0.3` | `3.0.4` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.0.0` | `7.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.2` | Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/57a97c7e7821a5776cebc9bb87c984fa69cba8f1...ed142fd0673e97e23eac54620cfb913e5ce36c25) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `marocchino/sticky-pull-request-comment` from 3.0.3 to 3.0.4 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/d4d6b0936434b21bc8345ad45a440c5f7d2c40ff...0ea0beb66eb9baf113663a64ec522f60e49231c0) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `goreleaser/goreleaser-action` from 7.0.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/ec59f474b9834571250b370d4735c50f8e2d1e29...1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 3.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-matrix.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/ckb.yml | 16 ++++++++-------- .github/workflows/cov.yml | 2 +- .github/workflows/nfr.yml | 8 ++++---- .github/workflows/release.yml | 4 ++-- .github/workflows/security-dependencies.yml | 4 ++-- .github/workflows/security-gate.yml | 2 +- .github/workflows/security-sast-common.yml | 4 ++-- .github/workflows/security-sast-go.yml | 4 ++-- .github/workflows/security-sast-python.yml | 4 ++-- .github/workflows/security-secrets.yml | 6 +++--- 12 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-matrix.yml b/.github/workflows/build-matrix.yml index cbcb42a2..40912313 100644 --- a/.github/workflows/build-matrix.yml +++ b/.github/workflows/build-matrix.yml @@ -49,7 +49,7 @@ jobs: go build -ldflags="-s -w" -o "ckb-${GOOS}-${GOARCH}${ext}" ./cmd/ckb - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ckb-${{ matrix.os }}-${{ matrix.arch }} path: ckb-${{ matrix.os }}-${{ matrix.arch }}* diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b3cc1527..6e89a126 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,7 +149,7 @@ jobs: govulncheck ./... - name: Run Trivy filesystem scan - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: scan-type: 'fs' scan-ref: '.' @@ -177,7 +177,7 @@ jobs: run: ./ckb version - name: Upload binary - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ckb-linux-amd64 path: ckb diff --git a/.github/workflows/ckb.yml b/.github/workflows/ckb.yml index 8e60de36..8e9191ee 100644 --- a/.github/workflows/ckb.yml +++ b/.github/workflows/ckb.yml @@ -95,7 +95,7 @@ jobs: # ─────────────────────────────────────────────────────────────────────── - name: Cache id: cache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: .ckb/ key: ckb-${{ runner.os }}-${{ hashFiles('go.sum') }}-${{ github.base_ref }} @@ -172,7 +172,7 @@ jobs: fi - name: Post Impact Comment - uses: marocchino/sticky-pull-request-comment@d4d6b0936434b21bc8345ad45a440c5f7d2c40ff # v3.0.3 + uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 with: header: ckb-impact path: impact.md @@ -377,7 +377,7 @@ jobs: # ─────────────────────────────────────────────────────────────────────── - name: Comment if: always() - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: CACHE_HIT: ${{ steps.cache.outputs.cache-hit }} INDEX_MODE: ${{ steps.index.outputs.mode }} @@ -928,7 +928,7 @@ jobs: - name: Reviewers if: always() continue-on-error: true - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); @@ -954,14 +954,14 @@ jobs: # ─────────────────────────────────────────────────────────────────────── - name: Save Cache if: always() - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: .ckb/ key: ckb-${{ runner.os }}-${{ hashFiles('go.sum') }}-${{ github.base_ref }} - name: Upload if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ckb-analysis path: '*.json' @@ -992,7 +992,7 @@ jobs: run: go install github.com/scip-code/scip-go/cmd/scip-go@latest - name: Cache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 with: path: .ckb/ key: ckb-${{ runner.os }}-refresh-${{ github.run_id }} @@ -1035,7 +1035,7 @@ jobs: echo "| Language Quality | $(jq '.overallQuality * 100 | floor' reports/languages.json)% |" >> $GITHUB_STEP_SUMMARY - name: Upload - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ckb-refresh path: reports/ diff --git a/.github/workflows/cov.yml b/.github/workflows/cov.yml index 4a818800..a152e01b 100644 --- a/.github/workflows/cov.yml +++ b/.github/workflows/cov.yml @@ -69,7 +69,7 @@ jobs: - name: Upload coverage if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage path: | diff --git a/.github/workflows/nfr.yml b/.github/workflows/nfr.yml index 5920a549..ada0e724 100644 --- a/.github/workflows/nfr.yml +++ b/.github/workflows/nfr.yml @@ -39,7 +39,7 @@ jobs: exit 0 - name: Upload head results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: nfr-head path: nfr-output.txt @@ -72,7 +72,7 @@ jobs: exit 0 - name: Upload base results - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: nfr-base path: nfr-output.txt @@ -270,7 +270,7 @@ jobs: - name: Comment on PR if: always() && github.event_name == 'pull_request' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); @@ -308,7 +308,7 @@ jobs: - name: Upload NFR results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: nfr-results path: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e3643bc6..530f0ec7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: cache: true - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: '20' registry-url: 'https://registry.npmjs.org' @@ -79,7 +79,7 @@ jobs: run: go test -race ./... - name: Run GoReleaser - uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 + uses: goreleaser/goreleaser-action@1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8 # v7.2.1 with: version: '~> v2' args: release --clean diff --git a/.github/workflows/security-dependencies.yml b/.github/workflows/security-dependencies.yml index 10ed1783..9af6bbc4 100644 --- a/.github/workflows/security-dependencies.yml +++ b/.github/workflows/security-dependencies.yml @@ -142,7 +142,7 @@ jobs: - name: Upload Trivy SARIF if: inputs.scan_trivy && hashFiles('trivy-vuln.sarif') != '' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: trivy-vuln.sarif category: trivy @@ -220,7 +220,7 @@ jobs: echo "| **Total** | **$TOTAL** |" >> $GITHUB_STEP_SUMMARY - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: dependency-scan-results diff --git a/.github/workflows/security-gate.yml b/.github/workflows/security-gate.yml index 66fdba3a..6086b538 100644 --- a/.github/workflows/security-gate.yml +++ b/.github/workflows/security-gate.yml @@ -201,7 +201,7 @@ jobs: - name: PR Comment if: github.event_name == 'pull_request' - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/security-sast-common.yml b/.github/workflows/security-sast-common.yml index 106796d7..0ee7eba2 100644 --- a/.github/workflows/security-sast-common.yml +++ b/.github/workflows/security-sast-common.yml @@ -91,14 +91,14 @@ jobs: - name: Upload SARIF if: hashFiles('semgrep.sarif') != '' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: semgrep.sarif category: semgrep continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: semgrep-results diff --git a/.github/workflows/security-sast-go.yml b/.github/workflows/security-sast-go.yml index 64da052f..5da71199 100644 --- a/.github/workflows/security-sast-go.yml +++ b/.github/workflows/security-sast-go.yml @@ -134,14 +134,14 @@ jobs: echo "| **Total** | **$FINDINGS** |" >> $GITHUB_STEP_SUMMARY - name: Upload SARIF - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: gosec.sarif category: gosec continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: gosec-results diff --git a/.github/workflows/security-sast-python.yml b/.github/workflows/security-sast-python.yml index a48e0c94..d787ad22 100644 --- a/.github/workflows/security-sast-python.yml +++ b/.github/workflows/security-sast-python.yml @@ -134,14 +134,14 @@ jobs: - name: Upload SARIF if: hashFiles('bandit.sarif') != '' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: bandit.sarif category: bandit continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: bandit-results diff --git a/.github/workflows/security-secrets.yml b/.github/workflows/security-secrets.yml index f2df7323..b455a875 100644 --- a/.github/workflows/security-secrets.yml +++ b/.github/workflows/security-secrets.yml @@ -121,7 +121,7 @@ jobs: - name: Upload CKB SARIF to Code Scanning if: inputs.scan_ckb && steps.ckb_sarif.outputs.valid == 'true' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: ckb-secrets.sarif category: ckb-secrets @@ -151,7 +151,7 @@ jobs: - name: Upload Gitleaks SARIF if: inputs.scan_gitleaks && hashFiles('gitleaks.sarif') != '' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: gitleaks.sarif category: gitleaks @@ -217,7 +217,7 @@ jobs: echo "| **Total** | **$TOTAL** |" >> $GITHUB_STEP_SUMMARY - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: secret-scan-results