From 33a33db200cffa688ca005e4108dcd5910b10a1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 May 2026 07:25:08 +0000 Subject: [PATCH] chore(actions): bump the actions group with 17 updates Bumps the actions group with 17 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.35.4` | `4.35.4` | | [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.1.0` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` | | [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) | `5.0.1` | `6.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.0.0` | `6.2.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3.2.0` | `4.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.1` | `3.0.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.4` | `1.14.0` | | [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `67e173cadb2fbd3de94f4a861e0c48c913b462ae` | `6a93d829887aa2e0748befe2e808c66c0ec6e4c7` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.1.5` | `5.0.0` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.2` | `3.95.3` | | [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5` | `6` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.2.0` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `actions/setup-node` from 4.4.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4.4.0...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e) Updates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/dbb049abf0d677abbd7f7eee0375145b417fdd34...25dd0e34f4fe68f24cc83900b1fe3fe149efef98) Updates `github/codeql-action` from 3.35.4 to 4.35.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.35.4...68bde559dea0fdcac2102bfdf6230c5f70eb485e) Updates `actions/labeler` from 5.0.0 to 6.1.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](https://github.com/actions/labeler/compare/8558fd74291d67161a8a78ce36a881fa63b766a9...f27b608878404679385c85cfa523b85ccb86e213) Updates `actions/cache` from 4.3.0 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `peter-evans/create-issue-from-file` from 5.0.1 to 6.0.0 - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](https://github.com/peter-evans/create-issue-from-file/compare/e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd...fca9117c27cdc29c6c4db3b86c48e4115a786710) Updates `actions/setup-python` from 6.0.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/e797f83bcb11b83ae66e0230d6156d7c80228e7c...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `actions/attest-build-provenance` from 3.2.0 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/96278af6caaf10aea03fd8d33a09a777ca52d62f...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.2...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `softprops/action-gh-release` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/76f52bc884231f62b9a034ebfe128415bbaabdfc...cef221092ed1bacb1cc03d23a2d87d1d172e277b) Updates `release-drafter/release-drafter` from 67e173cadb2fbd3de94f4a861e0c48c913b462ae to 6a93d829887aa2e0748befe2e808c66c0ec6e4c7 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/67e173cadb2fbd3de94f4a861e0c48c913b462ae...6a93d829887aa2e0748befe2e808c66c0ec6e4c7) Updates `googleapis/release-please-action` from 4.1.5 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/release-please-action/compare/5792afc6b46e9bb55deda9eda973a18c226bc3fc...45996ed1f6d02564a971a2fa1b5860e934307cf7) Updates `trufflesecurity/trufflehog` from 3.95.2 to 3.95.3 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/17456f8c7d042d8c82c9a8ca9e937231f9f42e26...37b77001d0174ebec2fcca2bd83ff83a6d45a3ab) Updates `amannn/action-semantic-pull-request` from 5 to 6 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e32d7e603df1aa1ba07e981f2a23455dee596825...48f256284bd46cdaab1048c3721360e808335d50) Updates `actions/stale` from 9.1.0 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/5bef64f19d7facfb25b37b414482c7164d639639...b5d41d4e1d5dceea10e7104786b73624c18a190f) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: peter-evans/create-issue-from-file dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: release-drafter/release-drafter dependency-version: 6a93d829887aa2e0748befe2e808c66c0ec6e4c7 dependency-type: direct:production dependency-group: actions - dependency-name: googleapis/release-please-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: amannn/action-semantic-pull-request dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/add-from-issue.yml | 4 ++-- .github/workflows/audit.yml | 4 ++-- .github/workflows/auto-merge-dependabot.yml | 2 +- .github/workflows/auto-merge.yml | 2 +- .github/workflows/cflite-batch.yml | 2 +- .github/workflows/cflite-pr.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/docs-on-release.yml | 4 ++-- .github/workflows/labeler.yml | 2 +- .github/workflows/lychee.yml | 6 +++--- .github/workflows/node-matrix.yml | 4 ++-- .github/workflows/outdated-watch.yml | 6 +++--- .github/workflows/pages.yml | 4 ++-- .github/workflows/publish-cli.yml | 6 +++--- .github/workflows/publish-mcp.yml | 6 +++--- .github/workflows/publish-pysdk.yml | 14 +++++++------- .github/workflows/release-drafter.yml | 2 +- .github/workflows/release-please.yml | 2 +- .github/workflows/render.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/secret-scan.yml | 4 ++-- .github/workflows/semantic-pr.yml | 2 +- .github/workflows/smoke.yml | 6 +++--- .github/workflows/stale.yml | 2 +- .github/workflows/sync.yml | 4 ++-- .github/workflows/validate.yml | 4 ++-- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/add-from-issue.yml b/.github/workflows/add-from-issue.yml index d8a128b..7d86ff6 100644 --- a/.github/workflows/add-from-issue.yml +++ b/.github/workflows/add-from-issue.yml @@ -17,9 +17,9 @@ jobs: pull-requests: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 52c6136..75f5a8a 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -23,9 +23,9 @@ jobs: path: ['.', 'mcp', 'cli'] steps: # pin: v4.2.2 -- actions/checkout - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v4.4.0 -- actions/setup-node - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index d67e03c..aa0d86a 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -43,7 +43,7 @@ jobs: - name: Fetch Dependabot metadata id: meta # pin: v2.2.0 -- dependabot/fetch-metadata - uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index d17b61e..2f38501 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -16,7 +16,7 @@ jobs: checks: read steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 diff --git a/.github/workflows/cflite-batch.yml b/.github/workflows/cflite-batch.yml index 3706978..f787a1d 100644 --- a/.github/workflows/cflite-batch.yml +++ b/.github/workflows/cflite-batch.yml @@ -29,7 +29,7 @@ jobs: matrix: sanitizer: [address, undefined] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build fuzzers id: build uses: google/clusterfuzzlite/actions/build_fuzzers@884713a6c30a92e5e8544c39945cd7cb630abcd1 diff --git a/.github/workflows/cflite-pr.yml b/.github/workflows/cflite-pr.yml index ac0640c..2eb5578 100644 --- a/.github/workflows/cflite-pr.yml +++ b/.github/workflows/cflite-pr.yml @@ -32,7 +32,7 @@ jobs: sanitizer: [address, undefined] steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: main -- google/clusterfuzzlite/actions/build_fuzzers - name: Build fuzzers diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d680b7b..210bcdf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: # pin: v6.0.0 -- actions/checkout - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v4.35.4 -- github/codeql-action - name: Initialize CodeQL diff --git a/.github/workflows/docs-on-release.yml b/.github/workflows/docs-on-release.yml index 84204b2..2d81b61 100644 --- a/.github/workflows/docs-on-release.yml +++ b/.github/workflows/docs-on-release.yml @@ -21,12 +21,12 @@ jobs: actions: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 1 # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 7982a1e..9f54217 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -20,7 +20,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # pin: v5.0.0 + - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # pin: v6.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/labeler.yml diff --git a/.github/workflows/lychee.yml b/.github/workflows/lychee.yml index 9771c0f..4f163f8 100644 --- a/.github/workflows/lychee.yml +++ b/.github/workflows/lychee.yml @@ -31,10 +31,10 @@ jobs: issues: write steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # pin: v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v5.0.0 - name: Restore lychee cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # pin: v4.3.0 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # pin: v5.0.5 with: path: .lycheecache key: lychee-${{ github.run_id }} @@ -58,7 +58,7 @@ jobs: - name: Open or update tracking issue on scheduled failures if: steps.lychee.outputs.exit_code != 0 && github.event_name == 'schedule' - uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # pin: v5.0.1 + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # pin: v6.0.0 with: title: "Link check: broken links detected" content-filepath: ./lychee/out.md diff --git a/.github/workflows/node-matrix.yml b/.github/workflows/node-matrix.yml index b736768..3a76fe4 100644 --- a/.github/workflows/node-matrix.yml +++ b/.github/workflows/node-matrix.yml @@ -25,10 +25,10 @@ jobs: node-version: [18.x, 20.x, 22.x] steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version: ${{ matrix.node-version }} cache: "npm" diff --git a/.github/workflows/outdated-watch.yml b/.github/workflows/outdated-watch.yml index 0ed232e..1d4fdcc 100644 --- a/.github/workflows/outdated-watch.yml +++ b/.github/workflows/outdated-watch.yml @@ -31,15 +31,15 @@ jobs: issues: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' # pin: v6.0.0 -- actions/setup-python - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: '3.12' diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 55e9cc6..87511f3 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -32,10 +32,10 @@ jobs: contents: read steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml index bf21315..cbff25b 100644 --- a/.github/workflows/publish-cli.yml +++ b/.github/workflows/publish-cli.yml @@ -19,10 +19,10 @@ jobs: working-directory: cli steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org/' @@ -44,7 +44,7 @@ jobs: # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'cli/*.tgz' diff --git a/.github/workflows/publish-mcp.yml b/.github/workflows/publish-mcp.yml index ea68abe..8e88724 100644 --- a/.github/workflows/publish-mcp.yml +++ b/.github/workflows/publish-mcp.yml @@ -19,9 +19,9 @@ jobs: working-directory: mcp steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org/' @@ -37,7 +37,7 @@ jobs: run: npm pack # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'mcp/*.tgz' - name: Publish diff --git a/.github/workflows/publish-pysdk.yml b/.github/workflows/publish-pysdk.yml index 5d1a8f9..6cff0a2 100644 --- a/.github/workflows/publish-pysdk.yml +++ b/.github/workflows/publish-pysdk.yml @@ -46,19 +46,19 @@ jobs: steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: ref: ${{ github.event.inputs.ref || github.ref }} # pin: v6.0.0 -- actions/setup-python - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: '3.12' # pin: v6.0.0 -- actions/setup-node - name: Set up Node (for version check) - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' @@ -79,13 +79,13 @@ jobs: # pin: v3.2.0 -- actions/attest-build-provenance - name: Attest build provenance - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 with: subject-path: 'python-sdk/dist/*' # pin: v4.6.2 -- actions/upload-artifact - name: Upload artifacts to workflow - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: name: python-sdk-dist path: python-sdk/dist/* @@ -94,7 +94,7 @@ jobs: # pin: v2.2.1 -- softprops/action-gh-release - name: Attach wheel + sdist to GitHub release if: github.event_name == 'release' - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: files: python-sdk/dist/* @@ -106,7 +106,7 @@ jobs: id: pypi_oidc if: github.event_name == 'release' continue-on-error: true - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b with: packages-dir: python-sdk/dist skip-existing: true diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 225e4d7..499b655 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -26,7 +26,7 @@ jobs: contents: write pull-requests: write steps: - - uses: release-drafter/release-drafter@67e173cadb2fbd3de94f4a861e0c48c913b462ae # pin: v6.4.0 + - uses: release-drafter/release-drafter@6a93d829887aa2e0748befe2e808c66c0ec6e4c7 # pin: v6.4.0 with: config-name: release.yml env: diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 1b1d4d1..f3abc61 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -21,7 +21,7 @@ jobs: pull-requests: write steps: # pin: v4.1.5 -- googleapis/release-please-action - - uses: googleapis/release-please-action@5792afc6b46e9bb55deda9eda973a18c226bc3fc + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 with: config-file: release-please-config.json manifest-file: .release-please-manifest.json diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml index f6f8142..7a1b69e 100644 --- a/.github/workflows/render.yml +++ b/.github/workflows/render.yml @@ -16,9 +16,9 @@ jobs: contents: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7d47fb7..64e3b8a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin: v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.2 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: publish_results: true - name: Upload SARIF results - uses: github/codeql-action/upload-sarif@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # pin: v3.27.0 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # pin: v3.27.0 with: sarif_file: results.sarif category: ossf-scorecard diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index 452d0ef..eb4d61c 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -27,7 +27,7 @@ jobs: timeout-minutes: 5 steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: # Full history so the scan can compare base..head (PRs) or walk # the new commits (push). TruffleHog needs both endpoints. @@ -35,7 +35,7 @@ jobs: # pin: v3.95.2 -- trufflesecurity/trufflehog - name: Run TruffleHog - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 + uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab with: # `base` is unset on push events; the action computes the # commit range itself in that case. On PR events the action diff --git a/.github/workflows/semantic-pr.yml b/.github/workflows/semantic-pr.yml index 34421ca..d9ced9d 100644 --- a/.github/workflows/semantic-pr.yml +++ b/.github/workflows/semantic-pr.yml @@ -27,7 +27,7 @@ jobs: contents: read pull-requests: read steps: - - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # pin: v5.5.3 + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # pin: v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 33ad702..16875fc 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' @@ -36,7 +36,7 @@ jobs: # pin: v7.0.0 -- actions/upload-artifact - name: Upload Playwright HTML report if: failure() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: name: playwright-report path: tests/playwright/report diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2cb44f8..6de7dfa 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # pin: v9.1.0 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # pin: v10.2.0 with: days-before-issue-stale: 60 days-before-issue-close: 15 diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index 2ab55ce..a9a2f56 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -48,9 +48,9 @@ jobs: actions: write steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 343f4bb..122310a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: # pin: v6.0.0 -- actions/checkout - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 2 # pin: v6.0.0 -- actions/setup-node - - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e with: node-version-file: '.nvmrc' cache: 'npm'