diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 7d99d8f9..1e8746b1 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -4,12 +4,12 @@ runs: using: 'composite' steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Node.js - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: '24.15.0' + node-version: '24.16.0' - name: Cache dependencies id: cache diff --git a/.github/workflows/_static-checks.yaml b/.github/workflows/_static-checks.yaml index 77834d6d..8768d9ac 100644 --- a/.github/workflows/_static-checks.yaml +++ b/.github/workflows/_static-checks.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup uses: ./.github/actions/setup diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index da52df20..cc8d0037 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -43,7 +43,7 @@ jobs: # repo itself; this first checkout only needs the .github # directory. - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 1 sparse-checkout: .github @@ -55,7 +55,7 @@ jobs: - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@51ea8ea73a139f2a74ff649e3092c25a904aed7e # v1 + uses: anthropics/claude-code-action@787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251 # v1.0.133 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} additional_permissions: | diff --git a/.github/workflows/upstream-release-docs.yml b/.github/workflows/upstream-release-docs.yml index 886faa4e..eb9e6689 100644 --- a/.github/workflows/upstream-release-docs.yml +++ b/.github/workflows/upstream-release-docs.yml @@ -152,7 +152,7 @@ jobs: # opened it. - name: Checkout dispatching branch for bootstrap if: steps.pr.outputs.mode == 'bootstrap' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref_name }} fetch-depth: 0 @@ -285,7 +285,7 @@ jobs: fi - name: Checkout PR branch - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ steps.eff.outputs.head_ref }} fetch-depth: 0 @@ -295,9 +295,9 @@ jobs: # with its own actions/checkout that overwrites the PR-branch # checkout above with the dispatching branch. - name: Set up Node.js - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - node-version: '24.15.0' + node-version: '24.16.0' - name: Cache dependencies id: cache @@ -473,7 +473,7 @@ jobs: # burns the full 90-minute job budget. Paired with --max-turns # below for a runaway-cost ceiling. timeout-minutes: 45 - uses: anthropics/claude-code-action@51ea8ea73a139f2a74ff649e3092c25a904aed7e # v1 + uses: anthropics/claude-code-action@787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251 # v1.0.133 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} additional_permissions: | @@ -684,7 +684,7 @@ jobs: # baseline -- cheap safety net for the rare case where review # spirals on a file it can't stop "improving". timeout-minutes: 10 - uses: anthropics/claude-code-action@51ea8ea73a139f2a74ff649e3092c25a904aed7e # v1 + uses: anthropics/claude-code-action@787c5a0ce96a9a6cfb050ea0c8f4c05f2447c251 # v1.0.133 with: anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} additional_permissions: |