Skip to content

Commit f2d3d0f

Browse files
renovate-botramonpetgrave64
renovate-bot
and
ramonpetgrave64
authored
chore(deps): update github-actions (#4041)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `cbb7224` -> `85e6279` | | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.2.0` -> `v5.3.0` | | [actions/setup-java](https://redirect.github.com/actions/setup-java) | action | minor | `v4.5.0` -> `v4.6.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v4.1.0` -> `v4.2.0` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | digest | `39370e3` -> `1d0ff46` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | minor | `v4.4.3` -> `v4.6.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | minor | `v3.27.9` -> `v3.28.6` | | [softprops/action-gh-release](https://redirect.github.com/softprops/action-gh-release) | action | minor | `v2.1.0` -> `v2.2.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0) ##### What's Changed - Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by [@&#8203;Link-](https://redirect.github.com/Link-) in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) - Configure Dependabot settings by [@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530) - Document update - permission section by [@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534) ##### New Contributors - [@&#8203;Link-](https://redirect.github.com/Link-) made their first contribution in [https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531) **Full Changelog**: actions/setup-go@v5...v5.3.0 </details> <details> <summary>actions/setup-java (actions/setup-java)</summary> ### [`v4.6.0`](https://redirect.github.com/actions/setup-java/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/setup-java/compare/v4.5.0...v4.6.0) #### What's Changed **Add-ons:** - Add Support for JetBrains Runtime by [@&#8203;gmitch215](https://redirect.github.com/gmitch215) in [https://github.com/actions/setup-java/pull/637](https://redirect.github.com/actions/setup-java/pull/637) ```steps: - name: Checkout uses: actions/checkout@v4 - name: Setup-java uses: actions/setup-java@v4 with: distribution: ‘jetbrains’ java-version: '21' ``` **Bug fixes:** - Fix Ubuntu-latest CI failures by [@&#8203;mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/693](https://redirect.github.com/actions/setup-java/pull/693) #### New Contributors - [@&#8203;gmitch215](https://redirect.github.com/gmitch215) made their first contribution in [https://github.com/actions/setup-java/pull/637](https://redirect.github.com/actions/setup-java/pull/637) **Full Changelog**: actions/setup-java@v4...v4.6.0 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.2.0`](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0) #### What's Changed - Expose env vars to control concurrency and timeout by [@&#8203;yacaovsnc](https://redirect.github.com/yacaovsnc) in [https://github.com/actions/upload-artifact/pull/662](https://redirect.github.com/actions/upload-artifact/pull/662) **Full Changelog**: actions/upload-artifact@v4...v4.6.0 ### [`v4.5.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.6`](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.5...v3.28.6) ### [`v3.28.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.4...v3.28.5) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [#&#8203;2717](https://redirect.github.com/github/codeql-action/pull/2717) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.5/CHANGELOG.md) for more information. ### [`v3.28.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.3...v3.28.4) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.4 - 23 Jan 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.4/CHANGELOG.md) for more information. ### [`v3.28.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.2...v3.28.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [#&#8203;2707](https://redirect.github.com/github/codeql-action/pull/2707) - Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the [CodeQL Action sync tool](https://redirect.github.com/github/codeql-action-sync-tool) and the Actions runner did not have Zstandard installed. [#&#8203;2710](https://redirect.github.com/github/codeql-action/pull/2710) - Uploading debug artifacts for CodeQL analysis is temporarily disabled. [#&#8203;2712](https://redirect.github.com/github/codeql-action/pull/2712) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.3/CHANGELOG.md) for more information. ### [`v3.28.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.1...v3.28.2) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.2 - 21 Jan 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.2/CHANGELOG.md) for more information. ### [`v3.28.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.0...v3.28.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see [this changelog post](https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/). [#&#8203;2677](https://redirect.github.com/github/codeql-action/pull/2677) - Update default CodeQL bundle version to 2.20.1. [#&#8203;2678](https://redirect.github.com/github/codeql-action/pull/2678) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.1/CHANGELOG.md) for more information. ### [`v3.28.0`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.0) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.27.9...v3.28.0) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. ##### 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL bundle version to 2.15.5. [#&#8203;2655](https://redirect.github.com/github/codeql-action/pull/2655) - Don't fail in the unusual case that a file is on the search path. [#&#8203;2660](https://redirect.github.com/github/codeql-action/pull/2660). See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.0/CHANGELOG.md) for more information. </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v2.2.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.2.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.2.0...v2.2.1) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - fix: big file uploads by [@&#8203;xen0n](https://redirect.github.com/xen0n) in [https://github.com/softprops/action-gh-release/pull/562](https://redirect.github.com/softprops/action-gh-release/pull/562) ##### Other Changes 🔄 - chore(deps): bump [@&#8203;types/node](https://redirect.github.com/types/node) from 22.10.1 to 22.10.2 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/559](https://redirect.github.com/softprops/action-gh-release/pull/559) - chore(deps): bump [@&#8203;types/node](https://redirect.github.com/types/node) from 22.10.2 to 22.10.5 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/569](https://redirect.github.com/softprops/action-gh-release/pull/569) - chore: update error and warning messages for not matching files in files field by [@&#8203;ytimocin](https://redirect.github.com/ytimocin) in [https://github.com/softprops/action-gh-release/pull/568](https://redirect.github.com/softprops/action-gh-release/pull/568) #### New Contributors - [@&#8203;ytimocin](https://redirect.github.com/ytimocin) made their first contribution in [https://github.com/softprops/action-gh-release/pull/568](https://redirect.github.com/softprops/action-gh-release/pull/568) **Full Changelog**: softprops/action-gh-release@v2.2.0...v2.2.1 ### [`v2.2.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.2.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.1.0...v2.2.0) #### What's Changed ##### Exciting New Features 🎉 - feat: read the release assets asynchronously by [@&#8203;xen0n](https://redirect.github.com/xen0n) in [https://github.com/softprops/action-gh-release/pull/552](https://redirect.github.com/softprops/action-gh-release/pull/552) ##### Bug fixes 🐛 - fix(docs): clarify the default for tag_name by [@&#8203;alexeagle](https://redirect.github.com/alexeagle) in [https://github.com/softprops/action-gh-release/pull/544](https://redirect.github.com/softprops/action-gh-release/pull/544) ##### Other Changes 🔄 - chore(deps): bump typescript from 5.6.3 to 5.7.2 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/548](https://redirect.github.com/softprops/action-gh-release/pull/548) - chore(deps): bump [@&#8203;types/node](https://redirect.github.com/types/node) from 22.9.0 to 22.9.4 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/547](https://redirect.github.com/softprops/action-gh-release/pull/547) - chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/545](https://redirect.github.com/softprops/action-gh-release/pull/545) - chore(deps): bump [@&#8203;vercel/ncc](https://redirect.github.com/vercel/ncc) from 0.38.2 to 0.38.3 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/543](https://redirect.github.com/softprops/action-gh-release/pull/543) - chore(deps): bump prettier from 3.3.3 to 3.4.1 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/550](https://redirect.github.com/softprops/action-gh-release/pull/550) - chore(deps): bump [@&#8203;types/node](https://redirect.github.com/types/node) from 22.9.4 to 22.10.1 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/551](https://redirect.github.com/softprops/action-gh-release/pull/551) - chore(deps): bump prettier from 3.4.1 to 3.4.2 by [@&#8203;dependabot](https://redirect.github.com/dependabot) in [https://github.com/softprops/action-gh-release/pull/554](https://redirect.github.com/softprops/action-gh-release/pull/554) #### New Contributors - [@&#8203;alexeagle](https://redirect.github.com/alexeagle) made their first contribution in [https://github.com/softprops/action-gh-release/pull/544](https://redirect.github.com/softprops/action-gh-release/pull/544) - [@&#8203;xen0n](https://redirect.github.com/xen0n) made their first contribution in [https://github.com/softprops/action-gh-release/pull/552](https://redirect.github.com/softprops/action-gh-release/pull/552) **Full Changelog**: softprops/action-gh-release@v2.1.0...v2.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-github-generator). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44NS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTI1LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> Signed-off-by: Mend Renovate <[email protected]> Co-authored-by: Ramon Petgrave <[email protected]>
1 parent be0c57c commit f2d3d0f

File tree

20 files changed

+38
-38
lines changed

20 files changed

+38
-38
lines changed

.github/actions/generate-builder/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ runs:
7676
token: ${{ inputs.token }}
7777

7878
- name: Set up Go environment
79-
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
79+
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
8080
with:
8181
go-version: ${{ inputs.go-version }}
8282

.github/actions/secure-project-checkout-go/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ runs:
6565
fi
6666
6767
- name: Set up Go environment
68-
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
68+
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
6969
with:
7070
go-version: ${{ steps.validate.outputs.go_version }}
7171
go-version-file: ${{ steps.validate.outputs.go_version_file }}

.github/actions/secure-project-checkout-node/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,6 @@ runs:
4141
path: ${{ inputs.path }}
4242

4343
- name: Set up Node environment
44-
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
44+
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
4545
with:
4646
node-version: ${{ inputs.node-version }}

.github/actions/secure-upload-artifact/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ runs:
3737
path: "${{ inputs.path }}"
3838

3939
- name: Upload the artifact
40-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
40+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
4141
with:
4242
name: "${{ inputs.name }}"
4343
path: "${{ inputs.path }}"

.github/workflows/builder_container-based_slsa3.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ jobs:
209209
allow-private-repository: ${{ inputs.rekor-log-public }}
210210

211211
- name: Upload builder
212-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
212+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
213213
with:
214214
name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}"
215215
path: "${{ env.BUILDER_BINARY }}"
@@ -462,7 +462,7 @@ jobs:
462462
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/1655): Use a
463463
# secure upload or verify this against the SLSA layout file.
464464
id: upload-artifacts
465-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
465+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
466466
with:
467467
name: ${{ steps.build.outputs.build-outputs-name }}
468468
path: /tmp/build-outputs-${{ needs.rng.outputs.value }}
@@ -535,7 +535,7 @@ jobs:
535535
- name: Upload unsigned intoto attestations file for pull request
536536
if: ${{ github.event_name == 'pull_request' }}
537537
id: upload-unsigned
538-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
538+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
539539
with:
540540
name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
541541
path: "attestations-${{ needs.rng.outputs.value }}"
@@ -556,7 +556,7 @@ jobs:
556556
- name: Upload the signed attestations
557557
id: upload-signed
558558
if: ${{ github.event_name != 'pull_request' }}
559-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
559+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
560560
with:
561561
name: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
562562
path: "${{ env.OUTPUT_FOLDER }}-${{ needs.rng.outputs.value }}"
@@ -598,7 +598,7 @@ jobs:
598598
path: "${{ needs.provenance.outputs.provenance-name }}"
599599

600600
- name: Upload provenance new tag
601-
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
601+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
602602
if: startsWith(github.ref, 'refs/tags/') && inputs.upload-tag-name == ''
603603
id: release-new-tags
604604
with:
@@ -609,7 +609,7 @@ jobs:
609609
draft: ${{ inputs.draft-release }}
610610

611611
- name: Upload provenance tag name
612-
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
612+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
613613
if: inputs.upload-tag-name != ''
614614
with:
615615
prerelease: ${{ inputs.prerelease }}

.github/workflows/builder_go_slsa3.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ jobs:
169169
allow-private-repository: ${{ inputs.private-repository }}
170170

171171
- name: Upload builder
172-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
172+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
173173
with:
174174
name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}"
175175
path: "${{ env.BUILDER_BINARY }}"
@@ -358,7 +358,7 @@ jobs:
358358
--workingDir "$UNTRUSTED_WORKING_DIR"
359359
360360
- name: Upload the signed provenance
361-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
361+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
362362
with:
363363
name: "${{ steps.sign-prov.outputs.signed-provenance-name }}"
364364
path: "${{ steps.sign-prov.outputs.signed-provenance-name }}"
@@ -399,7 +399,7 @@ jobs:
399399
sha256: "${{ needs.provenance.outputs.go-provenance-sha256 }}"
400400

401401
- name: Upload provenance
402-
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
402+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
403403
with:
404404
tag_name: ${{ inputs.upload-tag-name }}
405405
prerelease: ${{ inputs.prerelease }}

.github/workflows/codeql-analysis.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ jobs:
5959

6060
# Initializes the CodeQL tools for scanning.
6161
- name: Initialize CodeQL
62-
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
62+
uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
6363
with:
6464
languages: ${{ matrix.language }}
6565
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -72,7 +72,7 @@ jobs:
7272
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
7373
# If this step fails, then you should remove it and run the build manually (see below)
7474
- name: Autobuild
75-
uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
75+
uses: github/codeql-action/autobuild@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
7676

7777
# Command-line programs to run using the OS shell.
7878
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -85,7 +85,7 @@ jobs:
8585
# ./location_of_script_within_repo/buildscript.sh
8686

8787
- name: Perform CodeQL Analysis
88-
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
88+
uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6
8989

9090
# NOTE: Checks that the matrix job above completes successfully.
9191
# This is necessary because the matrix strategy generates new jobs with

.github/workflows/e2e.sign-attestations.schedule.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ jobs:
4040
attestations: .github/actions/sign-attestations/testdata/attestations
4141
output-folder: outputs
4242
- name: Setup node
43-
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
43+
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4
4444
with:
4545
node-version: 20
4646
- name: install sigstore-js

.github/workflows/generator_generic_slsa3.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -239,7 +239,7 @@ jobs:
239239
- name: Upload the signed provenance
240240
id: upload-prov
241241
continue-on-error: true
242-
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
242+
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
243243
with:
244244
name: "${{ steps.sign-prov.outputs.provenance-name }}"
245245
path: "${{ steps.sign-prov.outputs.provenance-name }}"
@@ -285,7 +285,7 @@ jobs:
285285
sha256: "${{ needs.generator.outputs.provenance-sha256 }}"
286286

287287
- name: Upload provenance
288-
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
288+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
289289
id: release
290290
with:
291291
draft: ${{ inputs.draft-release }}

.github/workflows/pre-submit.actions.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ jobs:
7878
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
7979

8080
- name: Set Node.js 18
81-
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
81+
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
8282
with:
8383
node-version: 18
8484

@@ -98,7 +98,7 @@ jobs:
9898
fi
9999
100100
# If index.js was different from expected, upload the expected version as an artifact
101-
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
101+
- uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
102102
if: ${{ failure() && steps.diff.conclusion == 'failure' }}
103103
with:
104104
name: dist

0 commit comments

Comments
 (0)