From a565c51d1884829f7f5aa6bbc7ccd6cbc3eb1e2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 09:01:38 +0000 Subject: [PATCH] chore(deps): bump the actions-deps group across 1 directory with 9 updates Bumps the actions-deps group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.0` | `2.16.1` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.69.1` | `2.75.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.33.0` | `4.35.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.3` | `6.0.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `7.3.2` | `7.4.0` | | [act10ns/slack](https://github.com/act10ns/slack) | `2.1.0` | `2.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` | | [iarekylew00t/verified-bot-commit](https://github.com/iarekylew00t/verified-bot-commit) | `2.1.8` | `2.2.2` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.23.1` | `0.24.0` | Updates `step-security/harden-runner` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594...fe104658747b27e96e4f7e80cd0a94068e53901d) Updates `taiki-e/install-action` from 2.69.1 to 2.75.0 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/e24b8b7a939c6a537188f34a4163cb153dd85cf6...cf39a74df4a72510be4e5b63348d61067f11e64a) Updates `github/codeql-action` from 4.33.0 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b1bff81932f5cdfc8695c7752dcee935dcd061c8...c10b8064de6f491fea524254123dbe5e09572f13) Updates `codecov/codecov-action` from 5.5.3 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/1af58845a975a7985b0beb0cbe6fbbb71a41dbad...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) Updates `anchore/scan-action` from 7.3.2 to 7.4.0 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/7037fa011853d5a11690026fb85feee79f4c946c...e1165082ffb1fe366ebaf02d8526e7c4989ea9d2) Updates `act10ns/slack` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/act10ns/slack/releases) - [Changelog](https://github.com/act10ns/slack/blob/master/RELEASE.md) - [Commits](https://github.com/act10ns/slack/compare/44541246747a30eb3102d87f7a4cc5471b0ffb7d...d96404edccc6d6467fc7f8134a420c851b1e9054) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121) Updates `iarekylew00t/verified-bot-commit` from 2.1.8 to 2.2.2 - [Release notes](https://github.com/iarekylew00t/verified-bot-commit/releases) - [Commits](https://github.com/iarekylew00t/verified-bot-commit/compare/b12a1250f23e606d9aa77e54ecba1d788dfa06be...4aeee0954ea68e4e91e5fd326e9a0827ebc5b19a) Updates `anchore/sbom-action` from 0.23.1 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/57aae528053a48a3f6235f2d9461b05fbcb7366d...e22c389904149dbc22b58101806040fa8d37a610) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: taiki-e/install-action dependency-version: 2.75.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: anchore/scan-action dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: act10ns/slack dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: iarekylew00t/verified-bot-commit dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 32 ++++++++++++------------ .github/workflows/cla.yml | 2 +- .github/workflows/codeql.yml | 6 ++--- .github/workflows/integration-tests.yaml | 2 +- .github/workflows/pr-title.yaml | 2 +- .github/workflows/rc.yml | 2 +- .github/workflows/release-docker.yml | 8 +++--- .github/workflows/release-docs.yml | 4 +-- .github/workflows/release-please.yml | 14 +++++------ .github/workflows/release-sbom.yml | 8 +++--- .github/workflows/scorecard.yml | 4 +-- .github/workflows/semgrep.yml | 4 +-- .github/workflows/update-lock.yaml | 4 +-- 13 files changed, 46 insertions(+), 46 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f05cd30da..3b92a3fa7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -38,7 +38,7 @@ jobs: steps: # Checkout the repository - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -77,7 +77,7 @@ jobs: runs-on: ubuntu-22.04-oz-8core steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Failed @@ -90,7 +90,7 @@ jobs: steps: # Checkout the repository - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -103,7 +103,7 @@ jobs: - name: Get cache-hit output run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' - name: Install cargo hack - uses: taiki-e/install-action@e24b8b7a939c6a537188f34a4163cb153dd85cf6 # v2.69.1 + uses: taiki-e/install-action@cf39a74df4a72510be4e5b63348d61067f11e64a # v2.75.0 with: tool: cargo-hack @@ -117,7 +117,7 @@ jobs: steps: # Checkout the repository - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -140,7 +140,7 @@ jobs: steps: # Checkout the repository - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -170,7 +170,7 @@ jobs: path: clippy-results.sarif retention-days: 1 - name: Upload - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 with: sarif_file: clippy-results.sarif wait-for-processing: true @@ -186,7 +186,7 @@ jobs: runs-on: ubuntu-22.04-oz-8core steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -224,7 +224,7 @@ jobs: - name: Get cache-hit output run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' - name: Install cargo hack and cargo-llvm-cov - uses: taiki-e/install-action@e24b8b7a939c6a537188f34a4163cb153dd85cf6 # v2.69.1 + uses: taiki-e/install-action@cf39a74df4a72510be4e5b63348d61067f11e64a # v2.75.0 with: tool: cargo-hack,cargo-llvm-cov - name: Run Developer Tests (excluding AI) and Generate Coverage Report @@ -248,7 +248,7 @@ jobs: # Upload coverage reports - name: Upload AI Coverage to Codecov - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} name: ai-coverage @@ -256,7 +256,7 @@ jobs: flags: ai fail_ci_if_error: true - name: Upload Developer Coverage to Codecov - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} name: dev-coverage @@ -273,7 +273,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -311,7 +311,7 @@ jobs: - name: Get cache-hit output run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' - name: Install cargo hack and cargo-llvm-cov - uses: taiki-e/install-action@e24b8b7a939c6a537188f34a4163cb153dd85cf6 # v2.69.1 + uses: taiki-e/install-action@cf39a74df4a72510be4e5b63348d61067f11e64a # v2.75.0 with: tool: cargo-hack,cargo-llvm-cov - name: Run Properties Tests and Generate Coverage Report @@ -322,7 +322,7 @@ jobs: CARGO_PROFILE_DEV_DEBUG: 1 run: cargo hack llvm-cov --locked --ignore-filename-regex "(src/api/routes/docs/.*_docs\.rs$|src/repositories/.*/.*_redis\.rs$)" --lcov --output-path properties-lcov.info --test properties - name: Upload Properties Coverage to Codecov - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} name: properties-coverage @@ -339,7 +339,7 @@ jobs: steps: # Checkout the repository - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code @@ -355,7 +355,7 @@ jobs: file: Dockerfile.development platforms: linux/amd64 - name: Scan image - uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2 + uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7.4.0 with: image: openzeppelin-relayer-dev:${{ github.sha }} fail-build: true diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml index 4ef2cd08f..15f90b30e 100644 --- a/.github/workflows/cla.yml +++ b/.github/workflows/cla.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Private Repo for Allowlist diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5f2118d33..c1fb66e46 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,7 +35,7 @@ jobs: build-mode: none steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout repository @@ -43,11 +43,11 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 with: category: /language:${{matrix.language}} diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index 7c6708575..bde0eb29a 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -14,7 +14,7 @@ jobs: id-token: write # Required for OIDC authentication with AWS steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout Code diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index 069cab7e6..139341f4d 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - uses: thehanimo/pr-title-checker@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70 # v1.4.3 diff --git a/.github/workflows/rc.yml b/.github/workflows/rc.yml index 03f5977f1..069805e1c 100644 --- a/.github/workflows/rc.yml +++ b/.github/workflows/rc.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0 diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml index 3f6584fb6..0d1cfc6d6 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/release-docker.yml @@ -18,11 +18,11 @@ jobs: SLACK_CHANNEL: '#oss-releases' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Slack notification - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: starting steps: ${{ toJson(steps) }} @@ -53,7 +53,7 @@ jobs: env: DOCKER_METADATA_SHORT_SHA_LENGTH: 10 - name: Login to Dockerhub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PAT }} @@ -96,7 +96,7 @@ jobs: short-description: ${{ github.event.repository.description }} readme-filepath: ./DOCKER_README.md - name: Slack notification success or failure - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: ${{ job.status }} steps: ${{ toJson(steps) }} diff --git a/.github/workflows/release-docs.yml b/.github/workflows/release-docs.yml index c9baddb58..ccab26c2c 100644 --- a/.github/workflows/release-docs.yml +++ b/.github/workflows/release-docs.yml @@ -29,7 +29,7 @@ jobs: TAG: ${{ inputs.tag || github.event.inputs.tag }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get github app token @@ -44,7 +44,7 @@ jobs: ref: ${{ env.TAG }} token: ${{ steps.gh-app-token.outputs.token }} - name: Slack notification - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: starting steps: ${{ toJson(steps) }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 65127cd68..8bfbabbad 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -26,7 +26,7 @@ jobs: SLACK_CHANNEL: '#oss-releases' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get github app token @@ -36,7 +36,7 @@ jobs: app-id: ${{ vars.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - name: Slack notification - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: starting steps: ${{ toJson(steps) }} @@ -103,7 +103,7 @@ jobs: run: | echo "release_branch=${{ fromJSON(steps.release.outputs.pr).headBranchName }}" >> $GITHUB_OUTPUT - name: Slack notification success or failure - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: ${{ job.status }} steps: ${{ toJson(steps) }} @@ -119,7 +119,7 @@ jobs: if: ${{ needs.release-please.outputs.release_created == 'false' && needs.release-please.outputs.pr_created == 'true' }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get github app token @@ -158,7 +158,7 @@ jobs: fi - name: Commit cargo update if: steps.lock-file-commit.outputs.cargo_changed == 'true' - uses: iarekylew00t/verified-bot-commit@b12a1250f23e606d9aa77e54ecba1d788dfa06be # v2.1.8 + uses: iarekylew00t/verified-bot-commit@4aeee0954ea68e4e91e5fd326e9a0827ebc5b19a # v2.2.2 with: message: 'chore: Updating lock file' token: ${{ steps.gh-app-token.outputs.token }} @@ -174,7 +174,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get github app token @@ -214,7 +214,7 @@ jobs: fi - name: Commit openapi spec file if: steps.update-openapi-spec-commit.outputs.openapi_changed == 'true' - uses: iarekylew00t/verified-bot-commit@b12a1250f23e606d9aa77e54ecba1d788dfa06be # v2.1.8 + uses: iarekylew00t/verified-bot-commit@4aeee0954ea68e4e91e5fd326e9a0827ebc5b19a # v2.2.2 with: message: 'chore: Updating openapi spec file and bumping version' token: ${{ steps.gh-app-token.outputs.token }} diff --git a/.github/workflows/release-sbom.yml b/.github/workflows/release-sbom.yml index 1723d2abe..d706d911d 100644 --- a/.github/workflows/release-sbom.yml +++ b/.github/workflows/release-sbom.yml @@ -17,7 +17,7 @@ jobs: SLACK_CHANNEL: '#oss-releases' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get github app token @@ -32,7 +32,7 @@ jobs: ref: ${{ inputs.tag }} token: ${{ steps.gh-app-token.outputs.token }} - name: Slack notification - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: starting steps: ${{ toJson(steps) }} @@ -40,7 +40,7 @@ jobs: message: Starting generating sbom for ${{ github.repository }} with tag ${{ inputs.tag }}...... if: always() - name: Run SBOM - uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1 + uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 with: upload-artifact-retention: 7 upload-release-assets: false @@ -57,7 +57,7 @@ jobs: subject-path: ./openzeppelin-relayer-${{ inputs.tag }}-spdx.json github-token: ${{ steps.gh-app-token.outputs.token }} - name: Slack notification - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 with: status: ${{ job.status }} steps: ${{ toJson(steps) }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index de68c6f98..a2cd6345d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,7 +30,7 @@ jobs: # actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout code @@ -53,6 +53,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload SARIF to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index b7b0ed4a5..7d2bdf0fe 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -29,7 +29,7 @@ jobs: if: (github.actor != 'dependabot[bot]') steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout code @@ -44,6 +44,6 @@ jobs: # No metrics SEMGREP_SEND_METRICS: 'off' - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3.29.5 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3.29.5 with: sarif_file: semgrep.sarif diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index 9160bd1a0..cf5841cd7 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout @@ -43,7 +43,7 @@ jobs: fi - name: Install cargo hack if: steps.lock-file-commit.outputs.changes == 'true' - uses: taiki-e/install-action@e24b8b7a939c6a537188f34a4163cb153dd85cf6 # v2.69.1 + uses: taiki-e/install-action@cf39a74df4a72510be4e5b63348d61067f11e64a # v2.75.0 with: tool: cargo-hack - name: Check MSRV