From 09304461f1eeddf2325bd58baf850c20e6e3319b Mon Sep 17 00:00:00 2001 From: Anoop Gopalakrishnan Date: Thu, 28 Mar 2024 11:08:55 -0700 Subject: [PATCH] Fix: Update the actions versions - To mitigate nodejs16 security issues Signed-off-by: Anoop Gopalakrishnan --- .github/workflows/codeql.yml | 2 +- .github/workflows/go-lint.yml | 4 ++-- .github/workflows/pr-checker.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/trivy-scan.yml | 2 +- .github/workflows/unit-tests.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ff672d8..8172db7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version-file: go.mod diff --git a/.github/workflows/go-lint.yml b/.github/workflows/go-lint.yml index 79179fb..554f185 100644 --- a/.github/workflows/go-lint.yml +++ b/.github/workflows/go-lint.yml @@ -14,8 +14,8 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: go-version-file: go.mod cache: false diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 52ef600..9166a42 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -12,7 +12,7 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@v1.4.1 + - uses: thehanimo/pr-title-checker@v1.4.2 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} pass_on_octokit_error: false diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9db48a4..31fc35d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@v4 with: persist-credentials: false diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index 6528c5e..96329f6 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -27,7 +27,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 1bb7b51..d1a9891 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: '1.21'