From 498318ace3c8f05d1cf9699da1d106c420fa65e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 23:06:54 +0000 Subject: [PATCH] chore: bump the all group with 10 updates Updates the requirements on [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [actions/setup-node](https://github.com/actions/setup-node), [actions/cache](https://github.com/actions/cache), [actions/setup-go](https://github.com/actions/setup-go), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact), [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action) to permit the latest version. Updates `step-security/harden-runner` from 2.6.0 to 2.6.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/1b05615854632b887b69ae1be8cbefe72d3ae423...eb238b55efaa70779f274895e782ed17c84f2895) Updates `github/codeql-action` to cdcdbb579706841c47f7063dda365e292e5cad7a - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/commits/cdcdbb579706841c47f7063dda365e292e5cad7a) Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/01bc87099ba56df1e897b6874784491ea6309bc4...c74b580d73376b7750d3d2a50bfb8adc2c937507) Updates `actions/setup-node` from 3.8.1 to 4.0.1 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d...b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8) Updates `actions/cache` from 3.3.2 to 4.0.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...13aacd865c20de90d75de3b17ebe84f7a17d57d2) Updates `actions/setup-go` from 4.1.0 to 5.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/93397bea11091df50f3d7e59dc26a7711a8bcfbe...0c52d547c9bc32b1aa3301fd7a9cb496313a4491) Updates `actions/upload-artifact` from 3.1.3 to 4.1.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...1eb3cb2b3e0f29609092a73eb033bb759a334595) Updates `actions/download-artifact` from 3.0.2 to 4.1.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/9bc31d5ccc31df68ecc42ccf4149144866c47d8a...6b208ae046db98c579e8a3aa621ab581ff575935) Updates `aquasecurity/trivy-action` from 0.12.0 to 0.16.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/fbd16365eb88e12433951383f5e99bd901fc618f...d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca) Updates `ossf/scorecard-action` from 2.3.0 to 2.3.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/483ef80eb98fb506c348f7d62e28055e49fe2398...0864cf19026789058feabb7e87baa5f140aac736) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production dependency-group: all - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/build-id.yaml | 2 +- .github/workflows/codeql.yaml | 2 +- .github/workflows/dep-review.yaml | 4 ++-- .github/workflows/deploy_docs.yaml | 6 +++--- .github/workflows/e2e-build.yaml | 32 +++++++++++++++--------------- .github/workflows/e2e-test.yaml | 10 +++++----- .github/workflows/release-pr.yaml | 4 ++-- .github/workflows/release.yaml | 4 ++-- .github/workflows/scan-images.yaml | 12 +++++------ .github/workflows/scorecard.yml | 6 +++--- .github/workflows/test.yaml | 16 +++++++-------- 11 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.github/workflows/build-id.yaml b/.github/workflows/build-id.yaml index c85435fa93..91c2c7f047 100644 --- a/.github/workflows/build-id.yaml +++ b/.github/workflows/build-id.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 336e68090c..eda9726f08 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit diff --git a/.github/workflows/dep-review.yaml b/.github/workflows/dep-review.yaml index 60b92b0811..a8a28cdaf7 100644 --- a/.github/workflows/dep-review.yaml +++ b/.github/workflows/dep-review.yaml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit @@ -17,4 +17,4 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: 'Dependency Review' - uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 + uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507 diff --git a/.github/workflows/deploy_docs.yaml b/.github/workflows/deploy_docs.yaml index 2b991ca0ca..bdf9d3394f 100644 --- a/.github/workflows/deploy_docs.yaml +++ b/.github/workflows/deploy_docs.yaml @@ -30,12 +30,12 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: 16.x @@ -44,7 +44,7 @@ jobs: run: echo "dir=$(yarn cache dir)" > $GITHUB_OUTPUT - name: Cache dependencies - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: path: ${{ steps.yarn-cache.outputs.dir }} key: ${{ runner.os }}-website-${{ hashFiles('**/yarn.lock') }} diff --git a/.github/workflows/e2e-build.yaml b/.github/workflows/e2e-build.yaml index 023e33386f..341df98c67 100644 --- a/.github/workflows/e2e-build.yaml +++ b/.github/workflows/e2e-build.yaml @@ -14,11 +14,11 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -26,7 +26,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: use: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | @@ -45,7 +45,7 @@ jobs: - name: Build remover run: 'make docker-build-remover OUTPUT_TYPE=type=oci,dest=./${REMOVER_REPO}_${REMOVER_TAG}.tar,name=${REMOVER_REPO}:${REMOVER_TAG}' - name: Upload Build Artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ inputs.bucket-id }} path: remover_test.tar @@ -56,11 +56,11 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -68,7 +68,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: use: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | @@ -86,7 +86,7 @@ jobs: - name: Build trivy-scanner run: 'make docker-build-trivy-scanner OUTPUT_TYPE=type=oci,dest=./${TRIVY_SCANNER_REPO}_${TRIVY_SCANNER_TAG}.tar,name=${TRIVY_SCANNER_REPO}:${TRIVY_SCANNER_TAG}' - name: Upload Build Artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ inputs.bucket-id }} path: scanner_test.tar @@ -97,11 +97,11 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -109,7 +109,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: use: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | @@ -127,7 +127,7 @@ jobs: - name: Build manager run: 'make docker-build-manager OUTPUT_TYPE=type=oci,dest=./${MANAGER_REPO}_${MANAGER_TAG}.tar,name=${MANAGER_REPO}:${MANAGER_TAG}' - name: Upload Build Artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ inputs.bucket-id }} path: manager_test.tar @@ -138,11 +138,11 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -150,7 +150,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 with: use: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | @@ -168,7 +168,7 @@ jobs: - name: Build collector run: 'make docker-build-collector OUTPUT_TYPE=type=oci,dest=./${COLLECTOR_REPO}_${COLLECTOR_TAG}.tar,name=${COLLECTOR_REPO}:${COLLECTOR_TAG}' - name: Upload Build Artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ inputs.bucket-id }} path: collector_test.tar diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index b952fe77e3..7bd1c84cd4 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit @@ -47,18 +47,18 @@ jobs: E2E_TEST: ${{ fromJson(needs.build-e2e-test-list.outputs.e2e-tests) }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Check out code into the Go module directory uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Fetch Build Artifacts - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 with: name: ${{ inputs.bucket-id }} path: ${{ github.workspace }}/images - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -100,7 +100,7 @@ jobs: KUBERNETES_VERSION=${{ matrix.KUBERNETES_VERSION }} \ E2E_TESTS=${{ matrix.E2E_TEST }} - name: Upload artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 if: always() with: name: test_logs diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 1bb8722af5..636d880916 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -18,12 +18,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 75f5b6b3fc..874f31fa07 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit @@ -32,7 +32,7 @@ jobs: with: use: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | diff --git a/.github/workflows/scan-images.yaml b/.github/workflows/scan-images.yaml index fd62f89930..6f61131ecb 100644 --- a/.github/workflows/scan-images.yaml +++ b/.github/workflows/scan-images.yaml @@ -37,7 +37,7 @@ jobs: - {image: eraser-trivy-scanner, build_cmd: docker-build-trivy-scanner, repo_environment_var: TRIVY_SCANNER_REPO} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: make ${{ matrix.data.build_cmd }} VERSION=${{ env.TAG }} ${{ matrix.data.repo_environment_var }}=${{ env.REGISTRY }}/${{ matrix.data.image }} - name: Scan for vulnerabilities - uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 with: image-ref: ${{ env.REGISTRY }}/${{ matrix.data.image }}:${{ env.TAG }} vuln-type: 'os,library' @@ -59,7 +59,7 @@ jobs: format: 'sarif' output: ${{ matrix.data.image }}-results.sarif - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: ${{ matrix.data.image }} Scan Results path: ${{ matrix.data.image }}-results.sarif @@ -78,16 +78,16 @@ jobs: image: [remover, eraser-manager, collector, eraser-trivy-scanner] steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 with: name: ${{ matrix.image }} Scan Results path: ${{ matrix.image }}-results.sarif - name: Upload results to GitHub Security - uses: github/codeql-action/upload-sarif@798e74c57dbcad53929892efdf30dfafe12c8c37 # v2.14.4 + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.14.4 with: sarif_file: ${{ matrix.image }}-results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 58a0a8b9f8..8e2622d6e7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 2e23342d2c..9d52d6c212 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,12 +45,12 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -87,15 +87,15 @@ jobs: timeout-minutes: 40 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 with: key: ${{ runner.OS }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | @@ -120,13 +120,13 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit - name: Check out code into the Go module directory uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: "1.21" check-latest: true @@ -145,7 +145,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 with: egress-policy: audit