diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 6d19db1..7977ac0 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -17,7 +17,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: devops-actions/actionlint@e7ee33fbf5aa8c9f9ee1145137f3e52e25d6a35b #v0.1.3 continue-on-error: true id: action-lint diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 68dc88f..1d2d18a 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -44,7 +44,7 @@ jobs: pypi.org:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Bandit Scan uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c with: # optional arguments diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml index ed5f293..d1aa249 100644 --- a/.github/workflows/black.yml +++ b/.github/workflows/black.yml @@ -18,5 +18,5 @@ jobs: github.com:443 pypi.org:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: psf/black@3702ba224ecffbcec30af640c149f231d90aebdb # stable diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index b3a3124..ca5ba4b 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -41,7 +41,7 @@ jobs: egress-policy: audit - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI @@ -61,6 +61,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: results.sarif diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 0b2e63c..c2d23e7 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -13,7 +13,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Install pytest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d568e4d..5ab67ce 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,11 +46,11 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/init@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/autobuild@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/analyze@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/defender-for-devops.yml b/.github/workflows/defender-for-devops.yml index 9410d41..48b54bc 100644 --- a/.github/workflows/defender-for-devops.yml +++ b/.github/workflows/defender-for-devops.yml @@ -38,7 +38,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 with: dotnet-version: | @@ -48,6 +48,6 @@ jobs: uses: microsoft/security-devops-action@d16b24e8eb9f5afa5385fa133f26090c8e7689c9 # v1 id: msdo - name: Upload results to Security tab - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ee632c3..7affb6d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -34,7 +34,7 @@ jobs: egress-policy: audit - name: 'Checkout repository' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: 'Dependency Review' uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml index 78fadf9..f8c8698 100644 --- a/.github/workflows/devskim.yml +++ b/.github/workflows/devskim.yml @@ -35,12 +35,12 @@ jobs: github.com:443 - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run DevSkim scanner uses: microsoft/DevSkim-Action@914fa647b406c387000300b2f09bb28691be2b6d # v1.0.14 - name: Upload DevSkim scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: devskim-results.sarif diff --git a/.github/workflows/endorlabs.yml b/.github/workflows/endorlabs.yml index 604fbb2..fd7a32f 100644 --- a/.github/workflows/endorlabs.yml +++ b/.github/workflows/endorlabs.yml @@ -29,7 +29,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 #### Package Build Instructions ### Use this section to define the build steps used by your software package. ### Endor Labs builds your software for you where possible but the required build tools must be made available. @@ -54,6 +54,6 @@ jobs: ci_run: "false" sarif_file: findings.sarif - name: Upload SARIF to github - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 with: sarif_file: findings.sarif diff --git a/.github/workflows/filediff.yml b/.github/workflows/filediff.yml index c16b75e..09c1372 100644 --- a/.github/workflows/filediff.yml +++ b/.github/workflows/filediff.yml @@ -15,7 +15,7 @@ jobs: egress-policy: audit - name: Checkout default branch - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Create filediff comment uses: Shopify/filediff@a662df8303d1056aa3561b5524610ae65b63fc78 # main diff --git a/.github/workflows/ossar.yml b/.github/workflows/ossar.yml index cc4db3e..f30cd51 100644 --- a/.github/workflows/ossar.yml +++ b/.github/workflows/ossar.yml @@ -37,7 +37,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Ensure a compatible version of dotnet is installed. # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. @@ -56,6 +56,6 @@ jobs: # Upload results to the Security tab - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 553fe59..7a1f4fe 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -17,7 +17,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: diff --git a/.github/workflows/pyre.yml b/.github/workflows/pyre.yml index 605ab6d..fe6ffb9 100644 --- a/.github/workflows/pyre.yml +++ b/.github/workflows/pyre.yml @@ -39,7 +39,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: true - name: Run Pyre diff --git a/.github/workflows/pysa.yml b/.github/workflows/pysa.yml index a3d02a9..b18679b 100644 --- a/.github/workflows/pysa.yml +++ b/.github/workflows/pysa.yml @@ -53,7 +53,7 @@ jobs: ppa.launchpadcontent.net:443 pypi.org:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: true python-version: '3.11.8' diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index ac70bd6..871da39 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -30,7 +30,7 @@ jobs: objects.githubusercontent.com:443 pypi.org:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python 3.11.8 uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: diff --git a/.github/workflows/python-package-conda.yml b/.github/workflows/python-package-conda.yml index 379174d..945e5e5 100644 --- a/.github/workflows/python-package-conda.yml +++ b/.github/workflows/python-package-conda.yml @@ -17,7 +17,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python 3.11 uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index e9d68d0..e7279b3 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -37,7 +37,7 @@ jobs: pypi.org:443 upload.pypi.org:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f17162d..8d58ab8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -51,7 +51,7 @@ jobs: www.bestpractices.dev:443 - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -87,6 +87,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@530d4feaa9c62aaab2d250371e2061eb7a172363 # v3.25.9 with: sarif_file: results.sarif diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 892d87d..601214d 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -28,5 +28,5 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: semgrep ci diff --git a/.github/workflows/sitemap.yml b/.github/workflows/sitemap.yml index e7c5e22..82e98ac 100644 --- a/.github/workflows/sitemap.yml +++ b/.github/workflows/sitemap.yml @@ -19,7 +19,7 @@ jobs: github.com:443 - name: Checkout the repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/sobelow.yml b/.github/workflows/sobelow.yml index bdd9864..47c63a8 100644 --- a/.github/workflows/sobelow.yml +++ b/.github/workflows/sobelow.yml @@ -43,6 +43,6 @@ jobs: repo.hex.pm:443 sobelow.io:443 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: run-action uses: sobelow/action@1afd6d2cae70ae8bd900b58506f54487ed863912 diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 01929ed..7de83d8 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -34,7 +34,7 @@ jobs: pypi.org:443 - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0