diff --git a/.github/workflows/add-from-issue.yml b/.github/workflows/add-from-issue.yml index d8a128b..7d86ff6 100644 --- a/.github/workflows/add-from-issue.yml +++ b/.github/workflows/add-from-issue.yml @@ -17,9 +17,9 @@ jobs: pull-requests: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 52c6136..75f5a8a 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -23,9 +23,9 @@ jobs: path: ['.', 'mcp', 'cli'] steps: # pin: v4.2.2 -- actions/checkout - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v4.4.0 -- actions/setup-node - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index d67e03c..aa0d86a 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -43,7 +43,7 @@ jobs: - name: Fetch Dependabot metadata id: meta # pin: v2.2.0 -- dependabot/fetch-metadata - uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index d17b61e..2f38501 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -16,7 +16,7 @@ jobs: checks: read steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 diff --git a/.github/workflows/cflite-batch.yml b/.github/workflows/cflite-batch.yml index 3706978..f787a1d 100644 --- a/.github/workflows/cflite-batch.yml +++ b/.github/workflows/cflite-batch.yml @@ -29,7 +29,7 @@ jobs: matrix: sanitizer: [address, undefined] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build fuzzers id: build uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 diff --git a/.github/workflows/cflite-pr.yml b/.github/workflows/cflite-pr.yml index ac0640c..2eb5578 100644 --- a/.github/workflows/cflite-pr.yml +++ b/.github/workflows/cflite-pr.yml @@ -32,7 +32,7 @@ jobs: sanitizer: [address, undefined] steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: main -- google/clusterfuzzlite/actions/build_fuzzers - name: Build fuzzers diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d680b7b..210bcdf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: # pin: v6.0.0 -- actions/checkout - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v4.35.4 -- github/codeql-action - name: Initialize CodeQL diff --git a/.github/workflows/docs-on-release.yml b/.github/workflows/docs-on-release.yml index 84204b2..2d81b61 100644 --- a/.github/workflows/docs-on-release.yml +++ b/.github/workflows/docs-on-release.yml @@ -21,12 +21,12 @@ jobs: actions: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 1 # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 7982a1e..9f54217 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -20,7 +20,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # pin: v5.0.0 + - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # pin: v6.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/labeler.yml diff --git a/.github/workflows/lychee.yml b/.github/workflows/lychee.yml index 9771c0f..4f163f8 100644 --- a/.github/workflows/lychee.yml +++ b/.github/workflows/lychee.yml @@ -31,10 +31,10 @@ jobs: issues: write steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # pin: v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v5.0.0 - name: Restore lychee cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # pin: v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # pin: v5.0.5 with: path: .lycheecache key: lychee-${{ github.run_id }} @@ -58,7 +58,7 @@ jobs: - name: Open or update tracking issue on scheduled failures if: steps.lychee.outputs.exit_code != 0 && github.event_name == 'schedule' - uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # pin: v5.0.1 + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # pin: v6.0.0 with: title: "Link check: broken links detected" content-filepath: ./lychee/out.md diff --git a/.github/workflows/node-matrix.yml b/.github/workflows/node-matrix.yml index b736768..3a76fe4 100644 --- a/.github/workflows/node-matrix.yml +++ b/.github/workflows/node-matrix.yml @@ -25,10 +25,10 @@ jobs: node-version: [18.x, 20.x, 22.x] steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version: ${{ matrix.node-version }} cache: "npm" diff --git a/.github/workflows/outdated-watch.yml b/.github/workflows/outdated-watch.yml index 0ed232e..1d4fdcc 100644 --- a/.github/workflows/outdated-watch.yml +++ b/.github/workflows/outdated-watch.yml @@ -31,15 +31,15 @@ jobs: issues: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' # pin: v6.0.0 -- actions/setup-python - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: '3.12' diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 55e9cc6..87511f3 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -32,10 +32,10 @@ jobs: contents: read steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml index bf21315..cbff25b 100644 --- a/.github/workflows/publish-cli.yml +++ b/.github/workflows/publish-cli.yml @@ -19,10 +19,10 @@ jobs: working-directory: cli steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org/' @@ -44,7 +44,7 @@ jobs: # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'cli/*.tgz' diff --git a/.github/workflows/publish-mcp.yml b/.github/workflows/publish-mcp.yml index ea68abe..8e88724 100644 --- a/.github/workflows/publish-mcp.yml +++ b/.github/workflows/publish-mcp.yml @@ -19,9 +19,9 @@ jobs: working-directory: mcp steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org/' @@ -37,7 +37,7 @@ jobs: run: npm pack # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'mcp/*.tgz' - name: Publish diff --git a/.github/workflows/publish-pysdk.yml b/.github/workflows/publish-pysdk.yml index 5d1a8f9..6cff0a2 100644 --- a/.github/workflows/publish-pysdk.yml +++ b/.github/workflows/publish-pysdk.yml @@ -46,19 +46,19 @@ jobs: steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event.inputs.ref || github.ref }} # pin: v6.0.0 -- actions/setup-python - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: '3.12' # pin: v6.0.0 -- actions/setup-node - name: Set up Node (for version check) - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' @@ -79,13 +79,13 @@ jobs: # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'python-sdk/dist/*' # pin: v4.6.2 -- actions/upload-artifact - name: Upload artifacts to workflow - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: name: python-sdk-dist path: python-sdk/dist/* @@ -94,7 +94,7 @@ jobs: # pin: v2.2.1 -- softprops/action-gh-release - name: Attach wheel + sdist to GitHub release if: github.event_name == 'release' - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: files: python-sdk/dist/* @@ -106,7 +106,7 @@ jobs: id: pypi_oidc if: github.event_name == 'release' continue-on-error: true - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b with: packages-dir: python-sdk/dist skip-existing: true diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 225e4d7..499b655 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -26,7 +26,7 @@ jobs: contents: write pull-requests: write steps: - - uses: release-drafter/release-drafter@67e173cadb2fbd3de94f4a861e0c48c913b462ae # pin: v6.4.0 + - uses: release-drafter/release-drafter@6a93d829887aa2e0748befe2e808c66c0ec6e4c7 # pin: v6.4.0 with: config-name: release.yml env: diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 1b1d4d1..f3abc61 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: # pin: v4.1.5 -- googleapis/release-please-action - - uses: googleapis/release-please-action@5792afc6b46e9bb55deda9eda973a18c226bc3fc + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 with: config-file: release-please-config.json manifest-file: .release-please-manifest.json diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml index f6f8142..7a1b69e 100644 --- a/.github/workflows/render.yml +++ b/.github/workflows/render.yml @@ -16,9 +16,9 @@ jobs: contents: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7d47fb7..64e3b8a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin: v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.2 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: publish_results: true - name: Upload SARIF results - uses: github/codeql-action/upload-sarif@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # pin: v3.27.0 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # pin: v3.27.0 with: sarif_file: results.sarif category: ossf-scorecard diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index 452d0ef..eb4d61c 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -27,7 +27,7 @@ jobs: timeout-minutes: 5 steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: # Full history so the scan can compare base..head (PRs) or walk # the new commits (push). TruffleHog needs both endpoints. @@ -35,7 +35,7 @@ jobs: # pin: v3.95.2 -- trufflesecurity/trufflehog - name: Run TruffleHog - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 + uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab with: # `base` is unset on push events; the action computes the # commit range itself in that case. On PR events the action diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml index 34421ca..d9ced9d 100644 --- a/.github/workflows/semantic-pr.yml +++ b/.github/workflows/semantic-pr.yml @@ -27,7 +27,7 @@ jobs: contents: read pull-requests: read steps: - - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # pin: v5.5.3 + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # pin: v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 33ad702..16875fc 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' @@ -36,7 +36,7 @@ jobs: # pin: v7.0.0 -- actions/upload-artifact - name: Upload Playwright HTML report if: failure() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: name: playwright-report path: tests/playwright/report diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2cb44f8..6de7dfa 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # pin: v9.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # pin: v10.2.0 with: days-before-issue-stale: 60 days-before-issue-close: 15 diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 2ab55ce..a9a2f56 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -48,9 +48,9 @@ jobs: actions: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 343f4bb..122310a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 2 # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm'