From 6001b18549ceeac31f3b6866e7471680039b100e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 20:05:48 +0000 Subject: [PATCH 1/5] :arrow_up: action: Bump the actions group across 1 directory with 2 updates Bumps the actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action). Updates `actions/checkout` from 4.1.4 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...692973e3d937129bcbf40652eb9f2f61becf3332) Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/0c155c5e8556a497adf53f2c18edabf945ed8e70...72eb03d02c7872a771aacd928f3123ac62ad6d3a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/policy-lerna-publish.yml | 4 ++-- .github/workflows/policy-lerna-test.yml | 2 +- .github/workflows/policy-node-codeql.yml | 2 +- .github/workflows/policy-node-publish.yml | 4 ++-- .github/workflows/policy-node-test.yml | 4 ++-- .github/workflows/policy-workspaces-publish.yml | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/policy-lerna-publish.yml b/.github/workflows/policy-lerna-publish.yml index aa0b238..552373e 100644 --- a/.github/workflows/policy-lerna-publish.yml +++ b/.github/workflows/policy-lerna-publish.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 diff --git a/.github/workflows/policy-lerna-test.yml b/.github/workflows/policy-lerna-test.yml index 1bdd776..f93590c 100644 --- a/.github/workflows/policy-lerna-test.yml +++ b/.github/workflows/policy-lerna-test.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: lfs: true diff --git a/.github/workflows/policy-node-codeql.yml b/.github/workflows/policy-node-codeql.yml index 005f301..dbc4eb7 100644 --- a/.github/workflows/policy-node-codeql.yml +++ b/.github/workflows/policy-node-codeql.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL uses: github/codeql-action/init@592977e6ae857384aa79bb31e7a1d62d63449ec5 diff --git a/.github/workflows/policy-node-publish.yml b/.github/workflows/policy-node-publish.yml index ce3a9c3..4721155 100644 --- a/.github/workflows/policy-node-publish.yml +++ b/.github/workflows/policy-node-publish.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 diff --git a/.github/workflows/policy-node-test.yml b/.github/workflows/policy-node-test.yml index 1918e67..1af7b3a 100644 --- a/.github/workflows/policy-node-test.yml +++ b/.github/workflows/policy-node-test.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Check repository visibility if: ${{ github.event_name == 'pull_request' }} @@ -45,7 +45,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check repository dependency graph - uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 + uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a if: ${{ github.event_name == 'pull_request' && steps.visibility.outputs.isPrivate == 'false' }} - name: Setup Node.js v${{ matrix.node-version }} diff --git a/.github/workflows/policy-workspaces-publish.yml b/.github/workflows/policy-workspaces-publish.yml index 9f19088..ef8103c 100644 --- a/.github/workflows/policy-workspaces-publish.yml +++ b/.github/workflows/policy-workspaces-publish.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 From 1a423c1754ece5d9393337850d6b7e6b130c2fbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= Date: Tue, 2 Jul 2024 06:47:14 +0200 Subject: [PATCH 2/5] =?UTF-8?q?=F0=9F=93=8C=20Add=20comment=20to=20pinned?= =?UTF-8?q?=20SHAs=20(actions/checkout)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/policy-lerna-publish.yml | 4 ++-- .github/workflows/policy-lerna-test.yml | 2 +- .github/workflows/policy-node-codeql.yml | 2 +- .github/workflows/policy-node-publish.yml | 4 ++-- .github/workflows/policy-node-test.yml | 2 +- .github/workflows/policy-workspaces-publish.yml | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/policy-lerna-publish.yml b/.github/workflows/policy-lerna-publish.yml index 552373e..1a16c11 100644 --- a/.github/workflows/policy-lerna-publish.yml +++ b/.github/workflows/policy-lerna-publish.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 diff --git a/.github/workflows/policy-lerna-test.yml b/.github/workflows/policy-lerna-test.yml index f93590c..700e2c1 100644 --- a/.github/workflows/policy-lerna-test.yml +++ b/.github/workflows/policy-lerna-test.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: lfs: true diff --git a/.github/workflows/policy-node-codeql.yml b/.github/workflows/policy-node-codeql.yml index dbc4eb7..35b5ec4 100644 --- a/.github/workflows/policy-node-codeql.yml +++ b/.github/workflows/policy-node-codeql.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL uses: github/codeql-action/init@592977e6ae857384aa79bb31e7a1d62d63449ec5 diff --git a/.github/workflows/policy-node-publish.yml b/.github/workflows/policy-node-publish.yml index 4721155..492ed89 100644 --- a/.github/workflows/policy-node-publish.yml +++ b/.github/workflows/policy-node-publish.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 diff --git a/.github/workflows/policy-node-test.yml b/.github/workflows/policy-node-test.yml index 1af7b3a..e3dc704 100644 --- a/.github/workflows/policy-node-test.yml +++ b/.github/workflows/policy-node-test.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Check repository visibility if: ${{ github.event_name == 'pull_request' }} diff --git a/.github/workflows/policy-workspaces-publish.yml b/.github/workflows/policy-workspaces-publish.yml index ef8103c..fbf4a26 100644 --- a/.github/workflows/policy-workspaces-publish.yml +++ b/.github/workflows/policy-workspaces-publish.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 From f1e204f63c36c8e8afed66beee15a818368820e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= Date: Tue, 2 Jul 2024 06:48:16 +0200 Subject: [PATCH 3/5] =?UTF-8?q?=F0=9F=93=8C=20Add=20comment=20to=20pinned?= =?UTF-8?q?=20SHAs=20(actions/setup-node)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/policy-lerna-publish.yml | 4 ++-- .github/workflows/policy-lerna-test.yml | 2 +- .github/workflows/policy-node-publish.yml | 4 ++-- .github/workflows/policy-node-test.yml | 2 +- .github/workflows/policy-workspaces-publish.yml | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/policy-lerna-publish.yml b/.github/workflows/policy-lerna-publish.yml index 1a16c11..a10a38f 100644 --- a/.github/workflows/policy-lerna-publish.yml +++ b/.github/workflows/policy-lerna-publish.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://registry.npmjs.org' @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/policy-lerna-test.yml b/.github/workflows/policy-lerna-test.yml index 700e2c1..cdc51d7 100644 --- a/.github/workflows/policy-lerna-test.yml +++ b/.github/workflows/policy-lerna-test.yml @@ -32,7 +32,7 @@ jobs: lfs: true - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ matrix.node-version }} registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/policy-node-publish.yml b/.github/workflows/policy-node-publish.yml index 492ed89..1d9a5b7 100644 --- a/.github/workflows/policy-node-publish.yml +++ b/.github/workflows/policy-node-publish.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://registry.npmjs.org' @@ -76,7 +76,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/policy-node-test.yml b/.github/workflows/policy-node-test.yml index e3dc704..97f59e9 100644 --- a/.github/workflows/policy-node-test.yml +++ b/.github/workflows/policy-node-test.yml @@ -49,7 +49,7 @@ jobs: if: ${{ github.event_name == 'pull_request' && steps.visibility.outputs.isPrivate == 'false' }} - name: Setup Node.js v${{ matrix.node-version }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ matrix.node-version }} registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/policy-workspaces-publish.yml b/.github/workflows/policy-workspaces-publish.yml index fbf4a26..0eed8e3 100644 --- a/.github/workflows/policy-workspaces-publish.yml +++ b/.github/workflows/policy-workspaces-publish.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://registry.npmjs.org' @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 registry-url: 'https://npm.pkg.github.com' From 8158fe4f272aba484b106475c63df65b5537bacd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= Date: Tue, 2 Jul 2024 06:50:08 +0200 Subject: [PATCH 4/5] =?UTF-8?q?=F0=9F=93=8C=20Add=20comment=20to=20pinned?= =?UTF-8?q?=20SHAs=20(actions/dependency-review-action)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/policy-node-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/policy-node-test.yml b/.github/workflows/policy-node-test.yml index 97f59e9..38ec51c 100644 --- a/.github/workflows/policy-node-test.yml +++ b/.github/workflows/policy-node-test.yml @@ -45,7 +45,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check repository dependency graph - uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a + uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 if: ${{ github.event_name == 'pull_request' && steps.visibility.outputs.isPrivate == 'false' }} - name: Setup Node.js v${{ matrix.node-version }} From dc6facc7883881e48f02c3699c9756c63f49deac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20St=C3=B6lzle?= Date: Tue, 2 Jul 2024 07:05:47 +0200 Subject: [PATCH 5/5] =?UTF-8?q?=E2=AC=86=EF=B8=8F=20Use=20unpinned=20SHA?= =?UTF-8?q?=20for=20github/codeql-action?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit They never get updated when pinned by @dependabot --- .github/workflows/policy-node-codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/policy-node-codeql.yml b/.github/workflows/policy-node-codeql.yml index 35b5ec4..5b5478a 100644 --- a/.github/workflows/policy-node-codeql.yml +++ b/.github/workflows/policy-node-codeql.yml @@ -34,12 +34,12 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@592977e6ae857384aa79bb31e7a1d62d63449ec5 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@592977e6ae857384aa79bb31e7a1d62d63449ec5 + uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@592977e6ae857384aa79bb31e7a1d62d63449ec5 + uses: github/codeql-action/analyze@v3