diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index df19b5788..d0eca23d0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b2f9ef845756500b97acbdaf5c1dd4e9c1d15734 # v3.35.2 + uses: github/codeql-action/init@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -42,7 +42,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b2f9ef845756500b97acbdaf5c1dd4e9c1d15734 # v3.35.2 + uses: github/codeql-action/autobuild@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -56,4 +56,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b2f9ef845756500b97acbdaf5c1dd4e9c1d15734 # v3.35.2 + uses: github/codeql-action/analyze@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml index 4218fd9bb..71e113db1 100644 --- a/.github/workflows/nightly.yaml +++ b/.github/workflows/nightly.yaml @@ -43,7 +43,7 @@ jobs: - name: Cache tool downloads # ubuntu runner has persistent cache if: matrix.os == 'windows-latest' - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache # No need to key on trunk version unless we change how we store downloads. @@ -116,7 +116,7 @@ jobs: - name: Get Latest Release id: get-release - uses: WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce # v1.4.0 + uses: WyriHaximus/github-action-get-previous-tag@61819f33034117e6c686e6a31dba995a85afc9de # v2.0.0 with: # only use releases tagged v prefix: v @@ -148,7 +148,7 @@ jobs: - name: Cache tool downloads # ubuntu, mac runners have persistent cache if: matrix.os == 'windows-latest' - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache # No need to key on trunk version unless we change how we store downloads. @@ -180,7 +180,7 @@ jobs: - name: Upload Test Outputs for Upload Job # Only upload results from latest. Always run, except when cancelled. if: (failure() || success()) && matrix.linter-version == 'Latest' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.results-file }}-test-results path: ${{ matrix.results-file }}-res.json @@ -240,7 +240,7 @@ jobs: - name: Upload Test Outputs for Notification Job # Always run, except when cancelled. if: (failure() || success()) - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: tools-${{ matrix.results-file }}-test-results path: ${{ matrix.results-file }}-res.json diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index e9a3739d1..ca589b28c 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -56,7 +56,7 @@ jobs: echo "TEST_UPSTREAM=${upstream}" >>"${GITHUB_ENV}" - name: Detect changed paths - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: base: ${{ env.TEST_UPSTREAM }} @@ -249,7 +249,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache tool downloads - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache key: trunk-${{ runner.os }} @@ -278,7 +278,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache tool downloads - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache key: trunk-${{ runner.os }} diff --git a/.github/workflows/repo_tests.reusable.yaml b/.github/workflows/repo_tests.reusable.yaml index fe5fe8c08..b818480f3 100644 --- a/.github/workflows/repo_tests.reusable.yaml +++ b/.github/workflows/repo_tests.reusable.yaml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5925e72c0..9a982430e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@99c09fe975337306107572b4fdf4db224cf8e2f2 # v2.4.3 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b2f9ef845756500b97acbdaf5c1dd4e9c1d15734 # v3.35.2 + uses: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a # v3.35.2 with: sarif_file: results.sarif diff --git a/.github/workflows/upload_results.reusable.yaml b/.github/workflows/upload_results.reusable.yaml index 287787bda..efe1aa2f3 100644 --- a/.github/workflows/upload_results.reusable.yaml +++ b/.github/workflows/upload_results.reusable.yaml @@ -62,14 +62,14 @@ jobs: - name: Retrieve Test Outputs ubuntu id: download-ubuntu - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 continue-on-error: true with: name: ${{ inputs.results-prefix }}ubuntu-latest-test-results - name: Retrieve Test Outputs macOS id: download-macos - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 continue-on-error: true with: name: ${{ inputs.results-prefix }}macos-latest-test-results @@ -77,7 +77,7 @@ jobs: # TODO(Tyler): Re-add Windows runners. # - name: Retrieve Test Outputs Windows # id: download-windows - # uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + # uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 # continue-on-error: true # with: # name: ${{ inputs.results-prefix }}windows-latest-test-results @@ -99,7 +99,7 @@ jobs: # echo "::endgroup::" - name: Slack Notification For Missing Artifacts - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 if: steps.download-ubuntu.outcome == 'failure' || steps.download-macos.outcome == 'failure' # || steps.download-windows.outcome == 'failure' @@ -116,7 +116,7 @@ jobs: text: "Failure: " - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 @@ -163,7 +163,7 @@ jobs: # Slack notifications - name: Slack Notification For Failures - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 if: always() && steps.parse.outputs.failures == 'true' with: method: chat.postMessage @@ -171,7 +171,7 @@ jobs: payload: ${{ steps.parse.outputs.failures-payload }} - name: Slack Notification For Prod Upload Failure - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 if: inputs.upload-validated-versions == true && steps.upload-prod.outcome == 'failure' with: method: chat.postMessage @@ -195,7 +195,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 @@ -232,7 +232,7 @@ jobs: private_key: ${{ secrets.TRUNK_OPEN_PR_APP_PRIVATE_KEY }} - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@v8 with: title: Auto-add missing snapshots body: diff --git a/.github/workflows/windows_nightly.yaml b/.github/workflows/windows_nightly.yaml index 0644b5e0c..3ac3665dc 100644 --- a/.github/workflows/windows_nightly.yaml +++ b/.github/workflows/windows_nightly.yaml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache tool downloads - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache # No need to key on trunk version unless we change how we store downloads. @@ -62,7 +62,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Cache tool downloads - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: /tmp/plugins_testing_download_cache # No need to key on trunk version unless we change how we store downloads.