From 3d9e645c6847dfd36eca85affc29a7dc78133927 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jul 2026 05:09:50 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 5 updates Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.4` | `2.20.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.3` | `4.37.0` | | [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.36.3` | `4.37.0` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.3` | `4.37.0` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.3` | `4.37.0` | Updates `step-security/harden-runner` from 2.19.4 to 2.20.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/9af89fc71515a100421586dfdb3dc9c984fbf411...bf7454d06d71f1098171f2acdf0cd4708d7b5920) Updates `github/codeql-action/init` from 4.36.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) Updates `github/codeql-action/autobuild` from 4.36.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) Updates `github/codeql-action/analyze` from 4.36.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) Updates `github/codeql-action/upload-sarif` from 4.36.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/init dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/autobuild dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/analyze dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/dependency-review.yml | 2 +- .github/workflows/docs.yml | 4 ++-- .github/workflows/lf-build.yml | 2 +- .github/workflows/lf-release.yml | 2 +- .github/workflows/lf-unit-tests.yml | 2 +- .github/workflows/pre-commit-autoupdate.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8a154e42..085baea3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,7 +31,7 @@ jobs: steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' @@ -39,14 +39,14 @@ jobs: uses: 'actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0' # v7.0.0 - name: 'Initialize CodeQL' - uses: 'github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a' # v4.36.3 + uses: 'github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9' # v4.37.0 with: languages: '${{ matrix.language }}' - name: 'Autobuild' - uses: 'github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a' # v4.36.3 + uses: 'github/codeql-action/autobuild@99df26d4f13ea111d4ec1a7dddef6063f76b97e9' # v4.37.0 - name: 'Perform CodeQL Analysis' - uses: 'github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a' # v4.36.3 + uses: 'github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9' # v4.37.0 with: category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9e1758e3..30fe7294 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,7 +11,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 0736e550..ff3537e6 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -19,7 +19,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' @@ -53,7 +53,7 @@ jobs: url: '${{ steps.deployment.outputs.page_url }}' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/lf-build.yml b/.github/workflows/lf-build.yml index d39eb30d..71edd080 100644 --- a/.github/workflows/lf-build.yml +++ b/.github/workflows/lf-build.yml @@ -28,7 +28,7 @@ jobs: steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/lf-release.yml b/.github/workflows/lf-release.yml index 087ec5e9..3c7140ac 100644 --- a/.github/workflows/lf-release.yml +++ b/.github/workflows/lf-release.yml @@ -17,7 +17,7 @@ jobs: steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/lf-unit-tests.yml b/.github/workflows/lf-unit-tests.yml index d25e9dfe..95120e5b 100644 --- a/.github/workflows/lf-unit-tests.yml +++ b/.github/workflows/lf-unit-tests.yml @@ -27,7 +27,7 @@ jobs: - '3.13' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/pre-commit-autoupdate.yml b/.github/workflows/pre-commit-autoupdate.yml index 5dd82323..8d383b6d 100644 --- a/.github/workflows/pre-commit-autoupdate.yml +++ b/.github/workflows/pre-commit-autoupdate.yml @@ -15,7 +15,7 @@ jobs: pull-requests: 'write' steps: - name: 'Harden the runner (Audit all outbound calls)' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4275f1e2..46211d24 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' @@ -42,6 +42,6 @@ jobs: retention-days: 5 - name: 'Upload to code-scanning' - uses: 'github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a' # v4.36.3 + uses: 'github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9' # v4.37.0 with: sarif_file: 'results.sarif'