From b61257bc52311b9aec4d6cf7bd22eaa71354fd81 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 05:36:12 +0000 Subject: [PATCH] chore(deps): update weekly update --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/issue-management-stale-action.yml | 6 +++--- .github/workflows/ossf-scorecard.yml | 4 ++-- .github/workflows/publish-petclinic-benchmark-image.yml | 2 +- .github/workflows/publish-smoke-test-early-jdk8-images.yml | 2 +- .../workflows/publish-smoke-test-fake-backend-images.yml | 4 ++-- .github/workflows/publish-smoke-test-servlet-images.yml | 2 +- .github/workflows/reusable-native-tests.yml | 2 +- .github/workflows/reusable-publish-smoke-test-images.yml | 2 +- benchmark-overhead/Dockerfile.petclinic | 2 +- smoke-tests/images/early-jdk8/Dockerfile | 2 +- 11 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e0a370ec2913..86d2e1e1b633 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -63,7 +63,7 @@ jobs: cache-read-only: ${{ github.event_name == 'pull_request' }} - name: Initialize CodeQL - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: languages: ${{ matrix.language }} # using "linked" helps to keep up with the linked Kotlin support @@ -84,6 +84,6 @@ jobs: --no-build-cache --no-daemon - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/issue-management-stale-action.yml b/.github/workflows/issue-management-stale-action.yml index abcb7dca3602..c8ca477acad3 100644 --- a/.github/workflows/issue-management-stale-action.yml +++ b/.github/workflows/issue-management-stale-action.yml @@ -21,7 +21,7 @@ jobs: # Action #1: Handle issues/PRs awaiting author feedback # - After 7 days inactive: Adds "stale" label + warning comment # - After 7 more days inactive: Closes - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0 + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 with: only-labels: "needs author feedback" days-before-stale: 7 @@ -40,7 +40,7 @@ jobs: # - Targets: Issues with "enhancement" label (but NOT "needs author feedback") # - After 365 days inactive: Adds "stale" label + closes immediately (no warning period) # - Skips: Issues with "needs author feedback" to avoid conflicts with Action #1 - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0 + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 with: only-labels: "enhancement" # Skip issues that need author feedback (handled by the first action with 7+7 day policy) @@ -58,7 +58,7 @@ jobs: # Action #3: Handle stale PRs # - After 180 days inactive: Adds "stale" label + warning comment # - After 14 more days inactive: Closes - - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0 + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0 with: days-before-issue-stale: -1 days-before-issue-close: -1 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index cb839e384b8f..f34bc4899356 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 with: sarif_file: results.sarif diff --git a/.github/workflows/publish-petclinic-benchmark-image.yml b/.github/workflows/publish-petclinic-benchmark-image.yml index bbf785c60e48..7742f9434555 100644 --- a/.github/workflows/publish-petclinic-benchmark-image.yml +++ b/.github/workflows/publish-petclinic-benchmark-image.yml @@ -22,7 +22,7 @@ jobs: - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to GitHub container registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/publish-smoke-test-early-jdk8-images.yml b/.github/workflows/publish-smoke-test-early-jdk8-images.yml index f2e138f7dab3..275d5296116f 100644 --- a/.github/workflows/publish-smoke-test-early-jdk8-images.yml +++ b/.github/workflows/publish-smoke-test-early-jdk8-images.yml @@ -31,7 +31,7 @@ jobs: java-version-file: .java-version - name: Login to GitHub package registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/publish-smoke-test-fake-backend-images.yml b/.github/workflows/publish-smoke-test-fake-backend-images.yml index c86f834213e4..2c79a53bad01 100644 --- a/.github/workflows/publish-smoke-test-fake-backend-images.yml +++ b/.github/workflows/publish-smoke-test-fake-backend-images.yml @@ -31,7 +31,7 @@ jobs: java-version-file: .java-version - name: Login to GitHub package registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -67,7 +67,7 @@ jobs: java-version-file: .java-version - name: Login to GitHub package registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/publish-smoke-test-servlet-images.yml b/.github/workflows/publish-smoke-test-servlet-images.yml index 500ccee9b4ed..ee9c66f24eb1 100644 --- a/.github/workflows/publish-smoke-test-servlet-images.yml +++ b/.github/workflows/publish-smoke-test-servlet-images.yml @@ -66,7 +66,7 @@ jobs: java-version-file: .java-version - name: Login to GitHub package registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/reusable-native-tests.yml b/.github/workflows/reusable-native-tests.yml index 4c2d1ed21c68..8310a6c34724 100644 --- a/.github/workflows/reusable-native-tests.yml +++ b/.github/workflows/reusable-native-tests.yml @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - id: read-java run: echo "version=$(cat .java-version)" >> "$GITHUB_OUTPUT" - - uses: graalvm/setup-graalvm@e140024fdc2d95d3c7e10a636887a91090d29990 # v1.4.0.1 + - uses: graalvm/setup-graalvm@2a2412009026a83f51d179f92dc2b3fd4c8142df # v1.4.1.1 with: version: "latest" java-version: ${{ matrix.test-java-version }} diff --git a/.github/workflows/reusable-publish-smoke-test-images.yml b/.github/workflows/reusable-publish-smoke-test-images.yml index 55bd8beddf85..ec43f8a64b42 100644 --- a/.github/workflows/reusable-publish-smoke-test-images.yml +++ b/.github/workflows/reusable-publish-smoke-test-images.yml @@ -51,7 +51,7 @@ jobs: java-version-file: .java-version - name: Login to GitHub package registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/benchmark-overhead/Dockerfile.petclinic b/benchmark-overhead/Dockerfile.petclinic index d27ebb776bb6..470b1a895ce5 100644 --- a/benchmark-overhead/Dockerfile.petclinic +++ b/benchmark-overhead/Dockerfile.petclinic @@ -1,4 +1,4 @@ -FROM eclipse-temurin:11.0.28_6-jdk@sha256:cbc00ee9dbeb737367035e19e2655529c4cd5e887f33a69a80dd56928f3bef65 as app-build +FROM eclipse-temurin:11.0.28_6-jdk@sha256:f6eb706417f377c64613258e3c6389e28da6dca2f5bf40274726acc7efc09dc6 as app-build # This is the base image that will contain a built version of the spring-petclinic-rest # application. Installing the dependencies and maven compiling the application is time diff --git a/smoke-tests/images/early-jdk8/Dockerfile b/smoke-tests/images/early-jdk8/Dockerfile index 275cdbedeb48..6a242ed29497 100644 --- a/smoke-tests/images/early-jdk8/Dockerfile +++ b/smoke-tests/images/early-jdk8/Dockerfile @@ -1,5 +1,5 @@ # https://github.com/zulu-openjdk/zulu-openjdk/blob/master/ubuntu/8u412-8.78/Dockerfile -FROM ubuntu:noble-20250910@sha256:353675e2a41babd526e2b837d7ec780c2a05bca0164f7ea5dbbd433d21d166fc +FROM ubuntu:noble-20250925@sha256:728785b59223d755e3e5c5af178fab1be7031f3522c5ccd7a0b32b80d8248123 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'