Skip to content

Commit e7b6b79

Browse files
hyperpolymathhyperpolymath
authored
Merge branch 'main' into claude/integrate-security-tools-KZlaE
2 parents a89684e + 289e9c5 commit e7b6b79

14 files changed

+33
-85
lines changed

.github/workflows/codeql-analysis.yml

Lines changed: 0 additions & 52 deletions
This file was deleted.

.github/workflows/codeql.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,19 +24,19 @@ jobs:
2424
- language: actions
2525
build-mode: none
2626
steps:
27-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
27+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2828

2929
- name: Initialize CodeQL
30-
uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
30+
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.28.1
3131
with:
3232
languages: ${{ matrix.language }}
3333
queries: +security-and-quality
3434
continue-on-error: true
3535

3636
- name: Autobuild
37-
uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
37+
uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.28.1
3838
continue-on-error: true
3939

4040
- name: Perform Analysis
41-
uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
41+
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.28.1
4242
continue-on-error: true

.github/workflows/comprehensive-quality.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
permissions:
1818
contents: read
1919
steps:
20-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
20+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2121
- name: Check test coverage
2222
run: |
2323
echo "Checking for test files..."
@@ -38,7 +38,7 @@ jobs:
3838
permissions:
3939
contents: read
4040
steps:
41-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
41+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
4242
- name: Secret scanning
4343
uses: trufflesecurity/trufflehog@8a8ef8526528d8a4ff3e2c90be08e25ef8efbd9b # v3.88.3
4444
continue-on-error: true
@@ -60,7 +60,7 @@ jobs:
6060
permissions:
6161
contents: read
6262
steps:
63-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
63+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
6464
- name: Check API specs
6565
run: |
6666
if [ -f "openapi.yaml" ] || [ -f "openapi.json" ]; then
@@ -79,7 +79,7 @@ jobs:
7979
permissions:
8080
contents: read
8181
steps:
82-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
82+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
8383
- name: Check for validation patterns
8484
run: |
8585
VALIDATION=$(grep -rE "validate|sanitize|Schema|Validator" --include="*.rs" --include="*.res" --include="*.ex" . 2>/dev/null | wc -l || echo "0")
@@ -93,7 +93,7 @@ jobs:
9393
contents: read
9494
attestations: write
9595
steps:
96-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
96+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
9797
- name: Generate SBOM
9898
run: |
9999
echo "SBOM generation would run here"
@@ -111,7 +111,7 @@ jobs:
111111
permissions:
112112
contents: read
113113
steps:
114-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
114+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
115115
- name: Check SPARK proofs
116116
run: |
117117
if find . -name "*.ads" | grep -q .; then
@@ -129,7 +129,7 @@ jobs:
129129
permissions:
130130
contents: read
131131
steps:
132-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
132+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
133133
- name: Check TODOs and FIXMEs
134134
run: |
135135
echo "=== Incomplete items ==="
@@ -144,7 +144,7 @@ jobs:
144144
permissions:
145145
contents: read
146146
steps:
147-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
147+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
148148
- name: Check for benchmarks
149149
run: |
150150
BENCHES=$(find . -name "*bench*" -o -name "*perf*" | wc -l)
@@ -163,7 +163,7 @@ jobs:
163163
contents: read
164164
if: hashFiles('**/*.html') != ''
165165
steps:
166-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
166+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
167167
- name: HTML accessibility check
168168
run: |
169169
echo "Checking for a11y attributes..."
@@ -179,7 +179,7 @@ jobs:
179179
permissions:
180180
contents: read
181181
steps:
182-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
182+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
183183
- name: Check license files
184184
run: |
185185
if [ -f "LICENSE" ] || [ -f "LICENSE.txt" ] || [ -f "LICENSE.md" ]; then
@@ -199,7 +199,7 @@ jobs:
199199
permissions:
200200
contents: read
201201
steps:
202-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
202+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
203203
- name: Check docs completeness
204204
run: |
205205
DOCS=""

.github/workflows/generator-generic-ossf-slsa3-publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929
digests: ${{ steps.hash.outputs.digests }}
3030

3131
steps:
32-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
32+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
3333

3434
# ========================================================
3535
#

.github/workflows/guix-nix-policy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
permissions:
1212
contents: read
1313
steps:
14-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
14+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
1515
- name: Enforce Guix primary / Nix fallback
1616
run: |
1717
# Check for package manager files

.github/workflows/haskell.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,14 @@ jobs:
1616
contents: read
1717

1818
steps:
19-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
19+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2020
- uses: actions/setup-haskell@28c8ff1d6cbeaed15ce310b1952dc19352a0a07d # v1.1.5
2121
with:
2222
ghc-version: '8.10.3'
2323
cabal-version: '3.2'
2424

2525
- name: Cache
26-
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
26+
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
2727
env:
2828
cache-name: cache-cabal
2929
with:

.github/workflows/instant-sync.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
runs-on: ubuntu-latest
1717
steps:
1818
- name: Trigger Propagation
19-
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
19+
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3
2020
with:
2121
token: ${{ secrets.FARM_DISPATCH_TOKEN }}
2222
repository: hyperpolymath/.git-private-farm

.github/workflows/mirror.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,12 @@ jobs:
1919

2020
steps:
2121
- name: Checkout
22-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
22+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
2323
with:
2424
fetch-depth: 0
2525

2626
- name: Setup SSH
27-
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
27+
uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
2828
with:
2929
ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }}
3030

@@ -49,12 +49,12 @@ jobs:
4949

5050
steps:
5151
- name: Checkout
52-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
52+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
5353
with:
5454
fetch-depth: 0
5555

5656
- name: Setup SSH
57-
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
57+
uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
5858
with:
5959
ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }}
6060

.github/workflows/npm-bun-blocker.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
permissions:
1212
contents: read
1313
steps:
14-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
14+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
1515
- name: Block npm/bun
1616
run: |
1717
if [ -f "package-lock.json" ] || [ -f "bun.lockb" ] || [ -f ".npmrc" ]; then

.github/workflows/php-security.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
permissions:
1212
contents: read
1313
steps:
14-
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
14+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
1515
- name: PHP Security Scan
1616
run: |
1717
# Check for dangerous functions

0 commit comments

Comments
 (0)