diff --git a/.github/workflows/codeql-dynamic.yml b/.github/workflows/codeql-dynamic.yml index 6e54c32..0ab1bab 100644 --- a/.github/workflows/codeql-dynamic.yml +++ b/.github/workflows/codeql-dynamic.yml @@ -33,19 +33,19 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/codeql-iac.yml b/.github/workflows/codeql-iac.yml index e62a6d0..2c4a138 100644 --- a/.github/workflows/codeql-iac.yml +++ b/.github/workflows/codeql-iac.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Initialize and Analyze IaC id: codeql_iac uses: advanced-security/codeql-extractor-iac@main - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.codeql_iac.outputs.sarif }} diff --git a/.github/workflows/codeql-packs.yml b/.github/workflows/codeql-packs.yml index b79bf2b..27dba7c 100644 --- a/.github/workflows/codeql-packs.yml +++ b/.github/workflows/codeql-packs.yml @@ -17,7 +17,7 @@ jobs: steps: - name: "Set Matrix" id: set-matrix - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | const packs = '${{ inputs.packs }}'.split(','); @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Build and Publish CodeQL Packs" env: diff --git a/.github/workflows/codeql-ql.yml b/.github/workflows/codeql-ql.yml index 02cf7cf..b806fb4 100644 --- a/.github/workflows/codeql-ql.yml +++ b/.github/workflows/codeql-ql.yml @@ -18,16 +18,16 @@ jobs: steps: - name: "Checkout repository" - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Set up Rust" - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # v1.85.1 + uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 # v1.85.1 with: toolchain: stable - name: "Restore cached Cargo" id: cache-restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@v5 with: path: | ~/.cargo/bin/ @@ -111,7 +111,7 @@ jobs: mv updated_sarif.sarif ${{ steps.run_ql.outputs.sarif }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run_ql.outputs.sarif }} category: "/codeql:ql" @@ -119,7 +119,7 @@ jobs: - name: Save Cargo / Rust Cache id: cache-save if: ${{ github.event_name == 'push' }} - uses: actions/cache/save@v4 + uses: actions/cache/save@v5 with: path: | ~/.cargo/bin/ diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index ec9227d..bf56e7f 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -45,20 +45,20 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to the Container registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set Container Metadata - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 id: meta with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} @@ -72,7 +72,7 @@ jobs: type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.version }} - name: Build & Publish Container ${{ env.IMAGE_NAME }} - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 id: build with: file: "${{ inputs.container-file }}" @@ -85,20 +85,20 @@ jobs: # Upload Software Bill of Materials (SBOM) to GitHub - name: Upload SBOM - uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # v0.1.1 + uses: advanced-security/spdx-dependency-submission-action@f957edbb35161c1f9e33f61026fc86a671c58cae # v0.1.2 with: filePath: '.' filePattern: '*.spdx.json' # Build provenance attestations - name: Attest Container Image - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true # - name: Attest Container SBOM - # uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + # uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 # with: # subject-path:: '*.spdx.json' diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml index cfdd8fa..f785308 100644 --- a/.github/workflows/container-security.yml +++ b/.github/workflows/container-security.yml @@ -40,13 +40,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Build Initial Container - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 id: build with: file: "${{ inputs.container-file }}" @@ -57,7 +57,7 @@ jobs: # Scan the image for vulnerabilities - name: Run the Anchore / Grype scan action - uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 + uses: anchore/scan-action@0d444ed77d83ee2ba7f5ced0d90d640a1281d762 # v7.3.0 id: scan with: image: localbuild/testimage:latest @@ -65,12 +65,12 @@ jobs: fail-build: ${{ inputs.scanning-block }} - name: Upload SARIF artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: sarif path: ${{ steps.scan.outputs.sarif }} - name: Upload vulnerability report - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 80e9539..8ba95cf 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -63,7 +63,7 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Get and Set version" id: set-version env: diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 58a2f6b..fa7be27 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@v6 # [optional] This setup isn't required but if your repository have a configuration, # we use that versus the centralised config. diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 4370233..67b86c8 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 # Check if the .github/labeler.yml file exists - name: Check for labeler configuration @@ -46,7 +46,7 @@ jobs: fi - - uses: "actions/labeler@v5" + - uses: "actions/labeler@v6" with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: "${{ steps.labeler-config.outputs.config }}" diff --git a/.github/workflows/language-detection-and-assignment.yml b/.github/workflows/language-detection-and-assignment.yml index 99e8f44..9ec5ea4 100644 --- a/.github/workflows/language-detection-and-assignment.yml +++ b/.github/workflows/language-detection-and-assignment.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Detect languages id: detect-languages diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml index 0f08e9a..92efe3b 100644 --- a/.github/workflows/markdown-lint.yml +++ b/.github/workflows/markdown-lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Filter Changes" uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml index 7e9af6a..1f73c41 100644 --- a/.github/workflows/python-build.yml +++ b/.github/workflows/python-build.yml @@ -39,10 +39,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/python-linting.yml b/.github/workflows/python-linting.yml index 1e8c157..f93ec4f 100644 --- a/.github/workflows/python-linting.yml +++ b/.github/workflows/python-linting.yml @@ -45,10 +45,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index 2ee55e3..430aeac 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Check release" id: check_release diff --git a/.github/workflows/python-testing.yml b/.github/workflows/python-testing.yml index 1bc64d8..2e9d88c 100644 --- a/.github/workflows/python-testing.yml +++ b/.github/workflows/python-testing.yml @@ -39,10 +39,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/python-vendor.yml b/.github/workflows/python-vendor.yml index d924b70..b1a45e1 100644 --- a/.github/workflows/python-vendor.yml +++ b/.github/workflows/python-vendor.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Get Custom Property" id: get_custom_property env: @@ -51,10 +51,10 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python ${{ inputs.version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ inputs.version }} @@ -79,7 +79,7 @@ jobs: - name: "Create Pull Request with updated vendored dependencies" if: ${{ steps.vendoring.outputs.changes > 0 }} - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ github.token }} commit-message: "[chore]: Update vendored dependencies" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1cfb4e1..c978277 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,15 +30,15 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@f950db6bce09f2156a5f2d1cc86ac60ed1663a9e # 0.5.3 + uses: 42ByteLabs/patch-release-me@ef44b04c04fde87280adf14548664bfbcebba04d # 0.6.4 with: mode: ${{ github.event.inputs.bump }} - name: "Create Release" - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 with: token: ${{ github.token }} commit-message: "[chore]: Create release for ${{ github.event.inputs.version }}" diff --git a/.github/workflows/sec-opengrep.yml b/.github/workflows/sec-opengrep.yml index 19db2a9..d268cbd 100644 --- a/.github/workflows/sec-opengrep.yml +++ b/.github/workflows/sec-opengrep.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout code" - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Download / Install Opengrep" run: | @@ -39,7 +39,7 @@ jobs: run: opengrep scan --metrics=on --sarif-output ./results.sarif . - name: "Upload SARIF file" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: results.sarif if: always() diff --git a/.github/workflows/self-release.yml b/.github/workflows/self-release.yml index 7a68a4b..a3a3dd8 100644 --- a/.github/workflows/self-release.yml +++ b/.github/workflows/self-release.yml @@ -15,7 +15,7 @@ jobs: version: ${{ steps.version-changes.outputs.version }} steps: - name: "Checkout" - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: "Fetch Release" id: version-changes diff --git a/.github/workflows/self-wiki.yml b/.github/workflows/self-wiki.yml index 321f339..f0deb5a 100644 --- a/.github/workflows/self-wiki.yml +++ b/.github/workflows/self-wiki.yml @@ -16,6 +16,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - - uses: Andrew-Chen-Wang/github-wiki-action@50650fccf3a10f741995523cf9708c53cec8912a + - uses: Andrew-Chen-Wang/github-wiki-action@6448478bd55f1f3f752c93af8ac03207eccc3213