Skip to content

Commit b3be712

Browse files
cleanstart-community-admincleanstart-community-admin
authored
Merge branch 'master' into updatesource
2 parents f3ba778 + 42c786b commit b3be712

251 files changed

Lines changed: 16522 additions & 7072 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/codeql-analysis.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -39,11 +39,11 @@ jobs:
3939

4040
steps:
4141
- name: Checkout repository
42-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
42+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4343

4444
# Initializes the CodeQL tools for scanning.
4545
- name: Initialize CodeQL
46-
uses: github/codeql-action/init@4bdb89f48054571735e3792627da6195c57459e2 # v3.31.10
46+
uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
4747
with:
4848
languages: ${{ matrix.language }}
4949
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
5454
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5555
# If this step fails, then you should remove it and run the build manually (see below)
5656
- name: Autobuild
57-
uses: github/codeql-action/autobuild@4bdb89f48054571735e3792627da6195c57459e2 # v3.31.10
57+
uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
5858

5959
# ℹ️ Command-line programs to run using the OS shell.
6060
# 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
6868
# make release
6969

7070
- name: Perform CodeQL Analysis
71-
uses: github/codeql-action/analyze@4bdb89f48054571735e3792627da6195c57459e2 # v3.31.10
71+
uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0

.github/workflows/links.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
contents: read # to fetch code (actions/checkout)
2121
runs-on: ubuntu-latest
2222
steps:
23-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
23+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2424
- uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225 # v1.1.2
2525
with:
2626
use-quiet-mode: "yes"

.github/workflows/lint.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
filenames:
2929
runs-on: ubuntu-latest
3030
steps:
31-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
31+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232
with:
3333
persist-credentials: false
3434
- run: |
@@ -40,17 +40,17 @@ jobs:
4040
runs-on: ubuntu-latest
4141
steps:
4242
- name: Check out code
43-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
43+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4444
- name: Set up Python
45-
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
45+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4646
with:
4747
python-version: '3.13'
4848
- name: Install poetry
4949
run: pip install poetry==2.2.1
5050
- name: Set up poetry
5151
run: poetry install
5252
- name: Set up Go
53-
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
53+
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
5454
with:
5555
go-version: '>=1.23.6'
5656
- name: Set up terraform

.github/workflows/pr-check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,6 @@ jobs:
3030
name: Validate PR title
3131
runs-on: ubuntu-latest
3232
steps:
33-
- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
33+
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
3434
env:
3535
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-to-pypi.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,12 @@ jobs:
2424
name: Publish
2525
runs-on: ubuntu-latest
2626
steps:
27-
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
27+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2828
with:
2929
fetch-depth: 0
3030
submodules: recursive
3131
- name: Set up Python 3
32-
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
32+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
3333
with:
3434
python-version: 3.13
3535
- name: Install pypa/build

.github/workflows/renovate-validator.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,10 @@ jobs:
1717
runs-on: ubuntu-latest
1818
steps:
1919
- name: Checkout code
20-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
20+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121

2222
- name: Set up Nodes.js
23-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
23+
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
2424
with:
2525
node-version: '^24'
2626

.github/workflows/scorecards.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
id-token: write
2323
steps:
2424
- name: "Checkout code"
25-
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
25+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2626
with:
2727
persist-credentials: false
2828

@@ -42,14 +42,14 @@ jobs:
4242

4343
# Upload the results as artifacts (optional).
4444
- name: "Upload artifact"
45-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
45+
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
4646
with:
4747
name: SARIF file
4848
path: results.sarif
4949
retention-days: 5
5050

5151
# Upload the results to GitHub's code scanning dashboard.
5252
- name: "Upload to code-scanning"
53-
uses: github/codeql-action/upload-sarif@4bdb89f48054571735e3792627da6195c57459e2 # v3.31.10
53+
uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
5454
with:
5555
sarif_file: results.sarif

.github/workflows/snapshots.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
pull-requests: write # Create pull requests
2222
runs-on: ubuntu-latest
2323
steps:
24-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
24+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2525
with:
2626
persist-credentials: false
2727
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
@@ -33,7 +33,7 @@ jobs:
3333
env:
3434
OSV_API_BASE_URL: api.test.osv.dev
3535
UPDATE_SNAPS: always
36-
- uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
36+
- uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
3737
with:
3838
token: ${{ secrets.PR_TOKEN_BOT }}
3939
title: "test: update apitester snapshots"

.github/workflows/staleness.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
pull-requests: write
1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
16+
- uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
1717
with:
1818
days-before-stale: 60
1919
days-before-close: 14

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ update-api-snapshots:
5555
cd gcp/api && UPDATE_SNAPS=true ./run_tests_e2e.sh $(HOME)/.config/gcloud/application_default_credentials.json
5656

5757
lint:
58-
GOTOOLCHAIN=go1.25.5 $(run-cmd) tools/lint_and_format.sh
58+
GOTOOLCHAIN=go1.25.6 $(run-cmd) tools/lint_and_format.sh
5959

6060
build-osv-protos:
6161
cd osv && $(run-cmd) python -m grpc_tools.protoc --python_out=. --mypy_out=. --proto_path=. --proto_path=osv-schema/proto vulnerability.proto importfinding.proto

0 commit comments

Comments
 (0)