diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35258d4..3f64006 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: contents: read steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Run dependency review uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 @@ -47,10 +47,10 @@ jobs: contents: read steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9801c49..22f9562 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,15 +32,15 @@ jobs: timeout-minutes: 30 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 - name: Initialize CodeQL - uses: github/codeql-action/init@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 + uses: github/codeql-action/init@b8bb9f28b8d3f992092362369c57161b755dea45 with: languages: javascript-typescript build-mode: none - name: Analyze - uses: github/codeql-action/analyze@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 + uses: github/codeql-action/analyze@b8bb9f28b8d3f992092362369c57161b755dea45 diff --git a/.github/workflows/live-codex-smoke.yml b/.github/workflows/live-codex-smoke.yml index ec56e0d..a00b3b7 100644 --- a/.github/workflows/live-codex-smoke.yml +++ b/.github/workflows/live-codex-smoke.yml @@ -17,10 +17,10 @@ jobs: timeout-minutes: 45 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 6aff47a..a8a0f96 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -25,12 +25,12 @@ jobs: REPOSITORY: ${{ github.repository }} steps: - name: Check out default branch - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event.repository.default_branch }} - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2cdad5d..5490400 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,12 +25,12 @@ jobs: id-token: write steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }} - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm @@ -104,7 +104,7 @@ jobs: upload-release-assets: false - name: Create provenance attestation - uses: actions/attest-build-provenance@b3e506e8c389afc651c5bacf2b8f2a1ea0557215 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: | release/${{ steps.release_paths.outputs.package_file }} diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml index f5dc1ab..c856cdc 100644 --- a/.github/workflows/secrets.yml +++ b/.github/workflows/secrets.yml @@ -29,7 +29,7 @@ jobs: timeout-minutes: 20 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 3e50abe..fa772f6 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -18,10 +18,10 @@ jobs: timeout-minutes: 30 steps: - name: Check out repository - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: 24 cache: npm @@ -66,7 +66,7 @@ jobs: upload-artifact: false - name: Run OSSF Scorecard - uses: ossf/scorecard-action@99c09fe975337306107572b4fdf4db224cf8e2f2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a with: results_file: reports/scorecard.sarif results_format: sarif @@ -76,7 +76,7 @@ jobs: - name: Upload security reports if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: security-reports path: reports/