Skip to content

Commit 7d0fa27

Browse files
chore(deps): update workflows (#167)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | patch | `v6.0.1` → `v6.0.2` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v6.1.0` → `v6.2.0` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v6.1.0` → `v6.2.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v4.31.7` → `v4.31.10` | | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | minor | `v8.0.0` → `v8.1.0` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v6.0.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v602) [Compare Source](https://redirect.github.com/actions/checkout/compare/v6.0.1...v6.0.2) - Fix tag handling: preserve annotations and explicit fetch-tags by [@&#8203;ericsciple](https://redirect.github.com/ericsciple) in [#&#8203;2356](https://redirect.github.com/actions/checkout/pull/2356) </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v6.2.0`](https://redirect.github.com/actions/setup-node/compare/v6.1.0...v6.2.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v6.1.0...v6.2.0) </details> <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v6.2.0`](https://redirect.github.com/actions/setup-python/compare/v6.1.0...v6.2.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v6.1.0...v6.2.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v4.31.10`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.10) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.9...v4.31.10) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.10 - 12 Jan 2026 - Update default CodeQL bundle version to 2.23.9. [#&#8203;3393](https://redirect.github.com/github/codeql-action/pull/3393) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.10/CHANGELOG.md) for more information. ### [`v4.31.9`](https://redirect.github.com/github/codeql-action/compare/v4.31.8...v4.31.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.8...v4.31.9) ### [`v4.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v4.31.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.31.7...v4.31.8) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#&#8203;3354](https://redirect.github.com/github/codeql-action/pull/3354) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v4.31.8/CHANGELOG.md) for more information. </details> <details> <summary>peter-evans/create-pull-request (peter-evans/create-pull-request)</summary> ### [`v8.1.0`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v8.1.0): Create Pull Request v8.1.0 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v8.0.0...v8.1.0) #### What's Changed - README.md: bump given GitHub actions to their latest versions by [@&#8203;deining](https://redirect.github.com/deining) in [#&#8203;4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265) - build(deps): bump the github-actions group with 2 updates by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;4273](https://redirect.github.com/peter-evans/create-pull-request/pull/4273) - build(deps-dev): bump the npm group with 2 updates by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;4274](https://redirect.github.com/peter-evans/create-pull-request/pull/4274) - build(deps-dev): bump undici from 6.22.0 to 6.23.0 by [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in [#&#8203;4284](https://redirect.github.com/peter-evans/create-pull-request/pull/4284) - Update distribution by [@&#8203;actions-bot](https://redirect.github.com/actions-bot) in [#&#8203;4289](https://redirect.github.com/peter-evans/create-pull-request/pull/4289) - fix: Handle remote prune failures gracefully on self-hosted runners by [@&#8203;peter-evans](https://redirect.github.com/peter-evans) in [#&#8203;4295](https://redirect.github.com/peter-evans/create-pull-request/pull/4295) - feat: add [@&#8203;octokit/plugin-retry](https://redirect.github.com/octokit/plugin-retry) to handle retriable server errors by [@&#8203;peter-evans](https://redirect.github.com/peter-evans) in [#&#8203;4298](https://redirect.github.com/peter-evans/create-pull-request/pull/4298) #### New Contributors - [@&#8203;deining](https://redirect.github.com/deining) made their first contribution in [#&#8203;4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265) **Full Changelog**: <peter-evans/create-pull-request@v8.0.0...v8.1.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/DrupalSecurityTeam/drupal-advisory-database). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi40Mi4yIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 518eea2 commit 7d0fa27

3 files changed

Lines changed: 15 additions & 15 deletions

File tree

.github/workflows/ci.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
runs-on: ubuntu-latest
2121
timeout-minutes: 15
2222
steps:
23-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
23+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
with:
2525
persist-credentials: false
2626
- name: Audit dependencies for security vulnerabilities
@@ -31,7 +31,7 @@ jobs:
3131
runs-on: ubuntu-latest
3232
timeout-minutes: 15
3333
steps:
34-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
34+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3535
with:
3636
persist-credentials: false
3737
- uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1 # v3.5.1
@@ -48,10 +48,10 @@ jobs:
4848
runs-on: ubuntu-latest
4949
timeout-minutes: 15
5050
steps:
51-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
51+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5252
with:
5353
persist-credentials: false
54-
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
54+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
5555
with:
5656
python-version-file: '.python-version'
5757
- run: pipx install poetry~=2.0
@@ -63,10 +63,10 @@ jobs:
6363
runs-on: ubuntu-latest
6464
timeout-minutes: 15
6565
steps:
66-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
66+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6767
with:
6868
persist-credentials: false
69-
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
69+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
7070
with:
7171
python-version-file: '.python-version'
7272
- run: pipx install poetry~=2.0
@@ -78,10 +78,10 @@ jobs:
7878
runs-on: ubuntu-latest
7979
timeout-minutes: 15
8080
steps:
81-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
81+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8282
with:
8383
persist-credentials: false
84-
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
84+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
8585
with:
8686
python-version-file: '.python-version'
8787
- run: pipx install poetry~=2.0
@@ -93,8 +93,8 @@ jobs:
9393
runs-on: ubuntu-latest
9494
timeout-minutes: 15
9595
steps:
96-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
96+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
9797
with:
9898
persist-credentials: false
99-
- uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
99+
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
100100
- run: npx prettier --check .

.github/workflows/generate.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,18 +20,18 @@ jobs:
2020
actions: write # to manually dispatch checks on the pull request
2121
runs-on: ubuntu-latest
2222
steps:
23-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
23+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
with:
2525
persist-credentials: false
26-
- uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
26+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2727
with:
2828
python-version-file: '.python-version'
2929
- run: pipx install poetry~=2.0
3030
- run: poetry install
3131
- run: poetry run scripts/download_sa_advisories.py
3232
- run: poetry run scripts/precache_nodes.py
3333
- run: poetry run scripts/generate_osv_advisories.py
34-
- uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
34+
- uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
3535
with:
3636
token: ${{ secrets.GENERATOR_GH_TOKEN }}
3737
title: 'feat: update advisories'

.github/workflows/scorecard.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636

3737
steps:
3838
- name: 'Checkout code'
39-
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
39+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4040
with:
4141
persist-credentials: false
4242

@@ -75,6 +75,6 @@ jobs:
7575
# Upload the results to GitHub's code scanning dashboard (optional).
7676
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7777
- name: 'Upload to code-scanning'
78-
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
78+
uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
7979
with:
8080
sarif_file: results.sarif

0 commit comments

Comments
 (0)