chore: update actions

Author: ChrisMcKee

.github/workflows/ci-build-pr.yml

@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - name: 'Harden Runner'
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
       with:
         egress-policy: audit
 
@@ -43,7 +43,7 @@ jobs:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
 
     - name: 'Setup .NET SDK'
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
       with:
         dotnet-version: 10.x
 
@@ -59,7 +59,7 @@ jobs:
       run: dotnet run --configuration Release --coverage --coverage-output-format cobertura --report-github --project tests/UnitTests/BCrypt.Net.UnitTests.csproj
 
     - name: 'Generate Coverage Reports'
-      uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b # v5.4.12
+      uses: danielpalme/ReportGenerator-GitHub-Action@049f7ec958c672fd31d5cc1cb01622dc8d2e23ab # 5.5.10
       with:
         reports: "tests/**/*.cobertura.xml"
         targetdir: "${{ github.workspace }}"
@@ -84,7 +84,7 @@ jobs:
         thresholds: "10 30"
 
     - name: Upload Code Coverage Results
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: coverage-results
         path: |
@@ -93,13 +93,13 @@ jobs:
         retention-days: 5
 
     - name: Publish Test Results
-      uses: EnricoMi/publish-unit-test-result-action@afb2984f4d89672b2f9d9c13ae23d53779671984 # v2.19.0
+      uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2.23.0
       if: always()
       with:
         files: "tests/**/TestResults.xml"
 
     - name: Upload Test Artifacts
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
       with:
         name: test-results
         path: "tests/**/TestResults.xml"

.github/workflows/ci-build.yml

@@ -24,92 +24,92 @@ env:
 jobs:
   build:
     name: Build and Test
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
-    - name: 'Harden Runner'
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
-      with:
-        egress-policy: audit
-
-    - name: 'Checkout'
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
- 
-    - name: 'Setup .NET SDK'
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
-      with:
-        dotnet-version: 10.0.x
-
-    - name: 'Restore external dependencies'
-      run: dotnet restore
-
-    - name: 'Build'
-      id: build
-      run: dotnet build --configuration Debug --no-restore
-
-    - name: Upload Build Artifacts
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      with:
-        name: build-artifacts
-        path: |
-          src/**/BCrypt.*.nupkg
-        retention-days: 5
-
-    - name: 'Test'
-      id: test
-      run: dotnet run --configuration Release --coverage --coverage-output-format cobertura --report-github --project tests/UnitTests/BCrypt.Net.UnitTests.csproj
-
-    - name: 'Create test summary'
-      uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
-      with:
-        paths: tests/UnitTests/**/TestResults.xml
-        show: "fail, skip"
-      if: always()
-
-    - name: 'Generate Coverage Reports'
-      uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b # v5.4.12
-      with:
-        reports: "tests/**/*.cobertura.xml"
-        targetdir: "${{ github.workspace }}"
-        reporttypes: "Cobertura" 
-        verbosity: "Info" 
-        title: "Code Coverage" 
-        tag: "${{ github.run_number }}_${{ github.run_id }}"
-        toolpath: "reportgeneratortool"
-        license: ${{ secrets.REPORT_GENERATOR_LICENSE }}
-
-    - name: Publish Code Coverage Report
-      uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0
-      with:
-        filename: "Cobertura.xml"
-        badge: true
-        fail_below_min: false # just informative for now
-        format: markdown
-        hide_branch_rate: false
-        hide_complexity: false
-        indicators: true
-        output: both
-        thresholds: "10 30"
-
-    - name: Upload Code Coverage Results
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      with:
-        name: coverage-results
-        path: |
-          ${{ github.workspace }}/Cobertura.xml
-          ${{ github.workspace }}/code-coverage-results.md
-        retention-days: 5
-
-    - name: Publish Test Results
-      uses: EnricoMi/publish-unit-test-result-action@afb2984f4d89672b2f9d9c13ae23d53779671984 # v2.19.0
-      if: always()
-      with:
-        files: "tests/**/TestResults.xml"
-
-    - name: Upload Test Artifacts
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      with:
-        name: test-results
-        path: "tests/**/TestResults.xml"
-        retention-days: 5
+      - name: Harden the runner
+        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
+
+      - name: 'Setup .NET SDK'
+        uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
+        with:
+          dotnet-version: 10.x
+
+      - name: 'Restore external dependencies'
+        run: dotnet restore
+
+      - name: 'Build'
+        id: build
+        run: dotnet build --configuration Debug --no-restore
+
+      - name: Upload Build Artifacts
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: build-artifacts
+          path: |
+            src/**/BCrypt.*.nupkg
+          retention-days: 5
+
+      - name: 'Test'
+        id: test
+        run: dotnet run --configuration Release --coverage --coverage-output-format cobertura --report-github --project tests/UnitTests/BCrypt.Net.UnitTests.csproj
+
+      - name: 'Create test summary'
+        uses: test-summary/action@37b508cfee6d4d080eedd00b5bb240a6a784a6a5 # v2.6
+        with:
+          paths: tests/UnitTests/**/TestResults.xml
+          show: "fail, skip"
+        if: always()
+
+      - name: 'Generate Coverage Reports'
+        uses: danielpalme/ReportGenerator-GitHub-Action@049f7ec958c672fd31d5cc1cb01622dc8d2e23ab # 5.5.10
+        with:
+          reports: "tests/**/*.cobertura.xml"
+          targetdir: "${{ github.workspace }}"
+          reporttypes: "Cobertura"
+          verbosity: "Info"
+          title: "Code Coverage"
+          tag: "${{ github.run_number }}_${{ github.run_id }}"
+          toolpath: "reportgeneratortool"
+          license: ${{ secrets.REPORT_GENERATOR_LICENSE }}
+
+      - name: Publish Code Coverage Report
+        uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0
+        with:
+          filename: "Cobertura.xml"
+          badge: true
+          fail_below_min: false # just informative for now
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: false
+          indicators: true
+          output: both
+          thresholds: "10 30"
+
+      - name: Upload Code Coverage Results
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: coverage-results
+          path: |
+            ${{ github.workspace }}/Cobertura.xml
+            ${{ github.workspace }}/code-coverage-results.md
+          retention-days: 5
+
+      - name: Publish Test Results
+        uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2.23.0
+        if: always()
+        with:
+          files: "tests/**/TestResults.xml"
+
+      - name: Upload Test Artifacts
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: test-results
+          path: "tests/**/TestResults.xml"
+          retention-days: 5

.github/workflows/codeql-analysis.yml

@@ -36,7 +36,7 @@ env:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
@@ -50,33 +50,33 @@ jobs:
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
-      with:
-        egress-policy: audit
+      - name: Harden the runner
+        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
+        with:
+          egress-policy: audit
 
-    - name: 'Checkout repository'
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
+      - name: 'Checkout repository'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
 
-    - name: 'Setup .NET SDK'
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
-      with:
-        dotnet-version: 10.x
+      - name: 'Setup .NET SDK'
+        uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
+        with:
+          dotnet-version: 10.x
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
-      with:
-        languages: ${{ matrix.language }}
-        config-file: ./.github/codeql/codeql-config.yml
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/codeql/codeql-config.yml
 
-    # We can't use autobuild because we want to restrict the build to just src folder solutions
-    # and avoid triggering deterministic builds and git commit based versioning
-    # (as GitHub workflows shallow clone by default, and that breaks the versioning.)
-    - run: dotnet build --configuration CodeQL /p:UseSharedCompilation=false /t:rebuild
+      # We can't use autobuild because we want to restrict the build to just src folder solutions
+      # and avoid triggering deterministic builds and git commit based versioning
+      # (as GitHub workflows shallow clone by default, and that breaks the versioning.)
+      - run: dotnet build --configuration CodeQL /p:UseSharedCompilation=false /t:rebuild
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
 

.github/workflows/dependency-review.yml

@@ -11,15 +11,15 @@ permissions:
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      - name: Harden the runner
+        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3
+        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0

.github/workflows/devskim.yml

@@ -1,32 +1,32 @@
-name: 'MSFT Dev Skim'
-
-on:
-  workflow_dispatch:
-  pull_request:
-    branches:
-      - 'main'
-
-permissions:
-  # required for all workflows
-  security-events: write
-  # only required for workflows in private repositories
-  actions: read
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-24.04
-    steps:
-    - name: 'Harden Runner'
-      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
-      with:
-        egress-policy: audit
-
-    - name: 'Checkout'
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
-    - uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 #v1.0.16
-    - uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6  #v4.32.3
-      with:
-        sarif_file: devskim-results.sarif
+name: 'MSFT Dev Skim'
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - 'main'
+
+permissions:
+  # required for all workflows
+  security-events: write
+  # only required for workflows in private repositories
+  actions: read
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-24.04
+    steps:
+    - name: 'Harden Runner'
+      uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
+      with:
+        egress-policy: audit
+
+    - name: 'Checkout'
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
+    - uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 #v1.0.16
+    - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba  #v4.32.3 # v4.35.5
+      with:
+        sarif_file: devskim-results.sarif