diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e163bdd..9f74686 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -108,7 +108,7 @@ jobs: - name: Upload coverage report if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage-report path: coverage/ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7a25de5..7cbf739 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -51,11 +51,11 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: languages: ${{ matrix.language }} - name: Run CodeQL analysis - uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 47bb3af..1733cc7 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -205,7 +205,7 @@ jobs: echo "✓ Release branch created on remote" - name: Commit release preparation via API - uses: vig-os/commit-action@c0024cbad0e501764127cccab732c6cd465b4646 # v0.1.5 + uses: vig-os/commit-action@1bc004353d08d9332a0cb54920b148256220c8e0 # v0.2.0 env: GH_TOKEN: ${{ steps.app-token.outputs.token }} GITHUB_REPOSITORY: ${{ github.repository }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 486c8bd..0c82d76 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -225,7 +225,7 @@ jobs: python3 .github/prepare_changelog.py finalize "$VERSION" "$RELEASE_DATE" CHANGELOG.md - name: Commit and push finalization changes via API - uses: vig-os/commit-action@c0024cbad0e501764127cccab732c6cd465b4646 # v0.1.5 + uses: vig-os/commit-action@1bc004353d08d9332a0cb54920b148256220c8e0 # v0.2.0 env: GH_TOKEN: ${{ steps.app-token.outputs.token }} GITHUB_REPOSITORY: ${{ github.repository }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3f88105..235eb45 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -48,7 +48,7 @@ jobs: publish_results: true - name: Upload SARIF to GitHub Security - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: sarif_file: results.sarif category: 'scorecard' diff --git a/.github/workflows/sync-issues.yml b/.github/workflows/sync-issues.yml index fd136f6..635224a 100644 --- a/.github/workflows/sync-issues.yml +++ b/.github/workflows/sync-issues.yml @@ -65,7 +65,7 @@ jobs: - name: Restore sync state (last synced timestamp) id: restore-state - uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: .sync-state key: sync-issues-state-${{ github.repository }} @@ -107,7 +107,7 @@ jobs: - name: Commit and push changes via API id: commit if: steps.sync.outputs.modified-files != '' - uses: vig-os/commit-action@c0024cbad0e501764127cccab732c6cd465b4646 # v0.1.5 + uses: vig-os/commit-action@1bc004353d08d9332a0cb54920b148256220c8e0 # v0.2.0 env: # Use App token so push can bypass branch protection when App is in bypass list GH_TOKEN: ${{ steps.generate-token.outputs.token || github.token }} @@ -118,7 +118,7 @@ jobs: - name: Save sync state if: always() - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: .sync-state key: sync-issues-state-${{ github.repository }}