From e1527ff04f957e5edfbeb44c2cd998063e9b2422 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 01:56:51 +0000 Subject: [PATCH] build(deps): bump the github-actions group across 1 directory with 13 updates Bumps the github-actions group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.2.0` | | [actions-hub/kubectl](https://github.com/actions-hub/kubectl) | `1.35.3` | `1.36.1` | | [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling) | `0.0.25` | `0.0.26` | | [shimataro/ssh-key-action](https://github.com/shimataro/ssh-key-action) | `2.8.0` | `2.8.1` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.0` | `8.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.9` | `4.36.0` | Updates `actions/setup-node` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `actions/setup-go` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/030e881283bb7a6894de51c315a6bfe6a94e05cf...80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9) Updates `docker/login-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) Updates `docker/build-push-action` from 7.0.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...f9f3042f7e2789586610d6e8b85c8f03e5195baf) Updates `actions-hub/kubectl` from 1.35.3 to 1.36.1 - [Release notes](https://github.com/actions-hub/kubectl/releases) - [Commits](https://github.com/actions-hub/kubectl/compare/934aaa4354bbbc3d2176ae8d7cae92d515032dff...af0e87aaa9cd98820383c16cba28c644ba85c067) Updates `actions/cache` from 5.0.3 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `check-spelling/check-spelling` from 0.0.25 to 0.0.26 - [Release notes](https://github.com/check-spelling/check-spelling/releases) - [Commits](https://github.com/check-spelling/check-spelling/compare/c635c2f3f714eec2fcf27b643a1919b9a811ef2e...cfb6f7e75bbfc89c71eaa30366d0c166f1bd9c8c) Updates `shimataro/ssh-key-action` from 2.8.0 to 2.8.1 - [Release notes](https://github.com/shimataro/ssh-key-action/releases) - [Changelog](https://github.com/shimataro/ssh-key-action/blob/v2/CHANGELOG.md) - [Commits](https://github.com/shimataro/ssh-key-action/compare/6b84f2e793b32fa0b03a379cadadec75cc539391...87a8f067114a8ce263df83e9ed5c849953548bc3) Updates `astral-sh/setup-uv` from 7.3.0 to 8.1.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/eac588ad8def6316056a12d4907a9d4d84ff7a3b...08807647e7069bb48b6ef5acd8ec9567f424441b) Updates `github/codeql-action` from 4.31.9 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...7211b7c8077ea37d8641b6271f6a365a22a5fbfa) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions-hub/kubectl dependency-version: 1.36.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: check-spelling/check-spelling dependency-version: 0.0.26 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: shimataro/ssh-key-action dependency-version: 2.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/asset-verification.yml | 4 ++-- .github/workflows/docker-pr.yml | 6 +++--- .github/workflows/docker.yml | 8 ++++---- .github/workflows/docs-deploy.yml | 12 ++++++------ .github/workflows/docs-test.yml | 6 +++--- .github/workflows/go-mod-tidy-check.yml | 2 +- .github/workflows/go.yml | 6 +++--- .github/workflows/package-builds-stable.yml | 4 ++-- .github/workflows/package-builds-unstable.yml | 6 +++--- .github/workflows/smoke-tests.yml | 6 +++--- .github/workflows/spelling.yml | 2 +- .github/workflows/ssh-ci-runner-cron.yml | 4 ++-- .github/workflows/ssh-ci.yml | 4 ++-- .github/workflows/zizmor.yml | 4 ++-- 14 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/asset-verification.yml b/.github/workflows/asset-verification.yml index 1ade7d196..5aec6c470 100644 --- a/.github/workflows/asset-verification.yml +++ b/.github/workflows/asset-verification.yml @@ -22,10 +22,10 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "1.25.7" diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 823c460b6..dc049de27 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -26,10 +26,10 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" @@ -37,7 +37,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/${{ github.repository }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 76c04dc23..414e5294b 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,17 +36,17 @@ jobs: run: | echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Log into registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -54,7 +54,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ${{ env.IMAGE }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 0247537e7..590b0f43f 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -22,10 +22,10 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Log into registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: techarohq @@ -33,7 +33,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/techarohq/anubis/docs tags: | @@ -42,7 +42,7 @@ jobs: - name: Build and push id: build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: ./docs cache-to: type=gha @@ -53,14 +53,14 @@ jobs: push: true - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@934aaa4354bbbc3d2176ae8d7cae92d515032dff # v1.35.3 + uses: actions-hub/kubectl@af0e87aaa9cd98820383c16cba28c644ba85c067 # v1.36.1 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: args: apply -k docs/manifest - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@934aaa4354bbbc3d2176ae8d7cae92d515032dff # v1.35.3 + uses: actions-hub/kubectl@af0e87aaa9cd98820383c16cba28c644ba85c067 # v1.36.1 env: KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} with: diff --git a/.github/workflows/docs-test.yml b/.github/workflows/docs-test.yml index 122f0ef9c..48c4bd6c0 100644 --- a/.github/workflows/docs-test.yml +++ b/.github/workflows/docs-test.yml @@ -18,11 +18,11 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Docker meta id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ghcr.io/techarohq/anubis/docs tags: | @@ -31,7 +31,7 @@ jobs: - name: Build and push id: build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: ./docs cache-to: type=gha diff --git a/.github/workflows/go-mod-tidy-check.yml b/.github/workflows/go-mod-tidy-check.yml index 81274a560..9de6db9ca 100644 --- a/.github/workflows/go-mod-tidy-check.yml +++ b/.github/workflows/go-mod-tidy-check.yml @@ -17,7 +17,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 3ab4e0d1b..b7f93c0c6 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -24,15 +24,15 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" - name: Cache playwright binaries - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 id: playwright-cache with: path: | diff --git a/.github/workflows/package-builds-stable.yml b/.github/workflows/package-builds-stable.yml index d1623a912..35d344c98 100644 --- a/.github/workflows/package-builds-stable.yml +++ b/.github/workflows/package-builds-stable.yml @@ -25,10 +25,10 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" diff --git a/.github/workflows/package-builds-unstable.yml b/.github/workflows/package-builds-unstable.yml index e244262c4..2c2e1df36 100644 --- a/.github/workflows/package-builds-unstable.yml +++ b/.github/workflows/package-builds-unstable.yml @@ -26,10 +26,10 @@ jobs: sudo apt-get update sudo apt-get install -y build-essential - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" @@ -41,7 +41,7 @@ jobs: run: | go tool yeet - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: packages path: var/* diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 2746e3127..3774d4f15 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -34,10 +34,10 @@ jobs: with: persist-credentials: false - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: "24.11.0" - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" @@ -57,7 +57,7 @@ jobs: run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a if: always() with: name: ${{ env.ARTIFACT_NAME }} diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 599cc784f..0cc01976d 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -89,7 +89,7 @@ jobs: steps: - name: check-spelling id: spelling - uses: check-spelling/check-spelling@c635c2f3f714eec2fcf27b643a1919b9a811ef2e # v0.0.25 + uses: check-spelling/check-spelling@cfb6f7e75bbfc89c71eaa30366d0c166f1bd9c8c # v0.0.26 with: suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }} checkout: true diff --git a/.github/workflows/ssh-ci-runner-cron.yml b/.github/workflows/ssh-ci-runner-cron.yml index 12a211335..267828165 100644 --- a/.github/workflows/ssh-ci-runner-cron.yml +++ b/.github/workflows/ssh-ci-runner-cron.yml @@ -24,13 +24,13 @@ jobs: fetch-depth: 0 persist-credentials: false - name: Log into registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build and push run: | cd ./test/ssh-ci diff --git a/.github/workflows/ssh-ci.yml b/.github/workflows/ssh-ci.yml index a89a992e0..36119712b 100644 --- a/.github/workflows/ssh-ci.yml +++ b/.github/workflows/ssh-ci.yml @@ -30,13 +30,13 @@ jobs: persist-credentials: false - name: Install CI target SSH key - uses: shimataro/ssh-key-action@6b84f2e793b32fa0b03a379cadadec75cc539391 # v2.8.0 + uses: shimataro/ssh-key-action@87a8f067114a8ce263df83e9ed5c849953548bc3 # v2.8.1 with: key: ${{ secrets.CI_SSH_KEY }} name: id_rsa known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }} - - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "stable" diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index a382e618f..25257c5ea 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif @@ -29,7 +29,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: results.sarif category: zizmor