diff --git a/.github/workflows/automerge.yaml b/.github/workflows/automerge.yaml index f36fa3e..12a8c2b 100644 --- a/.github/workflows/automerge.yaml +++ b/.github/workflows/automerge.yaml @@ -10,7 +10,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit - uses: actions/create-github-app-token@v2 diff --git a/.github/workflows/build-gradle-ghtoken.yaml b/.github/workflows/build-gradle-ghtoken.yaml index b8e804e..c4ca8db 100644 --- a/.github/workflows/build-gradle-ghtoken.yaml +++ b/.github/workflows/build-gradle-ghtoken.yaml @@ -9,13 +9,13 @@ jobs: contents: read packages: read steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 - name: Generate sbom run: ./gradlew cyclonedxBom env: diff --git a/.github/workflows/build-gradle-pattoken.yaml b/.github/workflows/build-gradle-pattoken.yaml index 5e04ae7..acd8f4f 100644 --- a/.github/workflows/build-gradle-pattoken.yaml +++ b/.github/workflows/build-gradle-pattoken.yaml @@ -9,13 +9,13 @@ jobs: contents: read packages: read steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 - name: Generate sbom run: ./gradlew cyclonedxBom env: diff --git a/.github/workflows/build-npm-octoststoken.yaml b/.github/workflows/build-npm-octoststoken.yaml index c28f55d..c115f7c 100644 --- a/.github/workflows/build-npm-octoststoken.yaml +++ b/.github/workflows/build-npm-octoststoken.yaml @@ -10,13 +10,13 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@v4 - - uses: octo-sts/action@v1.0.0 + - uses: actions/checkout@v6 + - uses: octo-sts/action@v1.0.3 id: octo-sts with: scope: ${{ github.repository_owner }} identity: readertoken - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: 20 registry-url: "https://npm.pkg.github.com" diff --git a/.github/workflows/sts-reusable.yaml b/.github/workflows/sts-reusable.yaml index 44c2cc8..a3de7cd 100644 --- a/.github/workflows/sts-reusable.yaml +++ b/.github/workflows/sts-reusable.yaml @@ -10,7 +10,7 @@ jobs: contents: read id-token: write # for octo-sts steps: - - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f + - uses: octo-sts/action@d6c70ad3b9ac85df6da6b9749014d7283987cfec id: octo-sts with: scope: navikt/appsec-internal-test @@ -23,13 +23,13 @@ jobs: # -H "Accept: application/vnd.github+json" \ # -H "X-GitHub-Api-Version: 2022-11-28" \ # "/orgs/navikt/packages?package_type=maven" - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 - name: Generate sbom run: ./gradlew cyclonedxBom env: