From 1b92f8181b853ee827af06a9a348ee43129a5597 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 21:23:00 +0000 Subject: [PATCH] update: bump the gh-actions-packages group across 1 directory with 9 updates Bumps the gh-actions-packages group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.15` | `3.26.13` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.2.0` | | [snok/install-poetry](https://github.com/snok/install-poetry) | `1.3.4` | `1.4.1` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2837.0` | `12.2884.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.0` | `0.17.5` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.5.0` | `3.7.1` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.5.0` | `6.9.0` | | [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) | `1.1.52` | `1.1.53` | Updates `actions/checkout` from 4.1.7 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) Updates `github/codeql-action` from 3.25.15 to 3.26.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...f779452ac5af1c261dce0346a8f964149f49322b) Updates `actions/setup-python` from 5.1.1 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) Updates `snok/install-poetry` from 1.3.4 to 1.4.1 - [Release notes](https://github.com/snok/install-poetry/releases) - [Commits](https://github.com/snok/install-poetry/compare/93ada01c735cc8a383ce0ce2ae205a21c415379b...76e04a911780d5b312d89783f7b1cd627778900a) Updates `bridgecrewio/checkov-action` from 12.2837.0 to 12.2884.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](https://github.com/bridgecrewio/checkov-action/compare/f34d0f0acd8974b1655797c684ecd907aa3ef929...a36096a3a272a684d48058e101498cddb9a1599d) Updates `anchore/sbom-action` from 0.17.0 to 0.17.5 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5...1ca97d9028b51809cf6d3c934c3e160716e1b605) Updates `docker/setup-buildx-action` from 3.5.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/aa33708b10e362ff993539393ff100fa93ed6a27...c47758b77c9736f4b2ef4073d4d51994fabfe349) Updates `docker/build-push-action` from 6.5.0 to 6.9.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/5176d81f87c23d6fc96624dfdbcd9f3830bbe445...4f58ea79222b3b9dc2c8bbdd6debcef730109a75) Updates `MishaKav/pytest-coverage-comment` from 1.1.52 to 1.1.53 - [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases) - [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md) - [Commits](https://github.com/mishakav/pytest-coverage-comment/compare/fa1c641d7e3fa1d98ed95d5f658ccd638b774628...81882822c5b22af01f91bd3eacb1cefb6ad73dc2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: snok/install-poetry dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: MishaKav/pytest-coverage-comment dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] --- .github/workflows/.reusable-build.yml | 4 +- .github/workflows/.reusable-compliance.yml | 8 ++-- .github/workflows/.reusable-docs.yml | 6 +-- .../workflows/.reusable-integration-test.yml | 8 ++-- .github/workflows/.reusable-sast.yml | 48 +++++++++---------- .github/workflows/.reusable-sca.yml | 6 +-- .github/workflows/.reusable-unit-test.yml | 20 ++++---- .github/workflows/semgrep.yml | 2 +- 8 files changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/.reusable-build.yml b/.github/workflows/.reusable-build.yml index 3e80a22..fae764d 100644 --- a/.github/workflows/.reusable-build.yml +++ b/.github/workflows/.reusable-build.yml @@ -63,7 +63,7 @@ jobs: build_labels: ${{ steps.get_context.outputs.build_labels }} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Get context id: get_context uses: ./.github/actions/context @@ -79,7 +79,7 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Build semgr8s id: build uses: ./.github/actions/build diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml index f40c401..98f699d 100644 --- a/.github/workflows/.reusable-compliance.yml +++ b/.github/workflows/.reusable-compliance.yml @@ -22,7 +22,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false - name: Analyze @@ -33,7 +33,7 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: false #TODO: reactivate when working again - name: Upload - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif @@ -49,7 +49,7 @@ jobs: pull-requests: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Review uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 with: @@ -63,7 +63,7 @@ jobs: permissions: {} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ github.event.pull_request.head.sha }} # Otherwise will checkout merge commit, which isn't conform fetch-depth: ${{ github.event.pull_request.commits }} # Fetch all commits of the MR, but only those diff --git a/.github/workflows/.reusable-docs.yml b/.github/workflows/.reusable-docs.yml index 91fb123..7409ddd 100644 --- a/.github/workflows/.reusable-docs.yml +++ b/.github/workflows/.reusable-docs.yml @@ -20,7 +20,7 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Set release env @@ -30,11 +30,11 @@ jobs: git config user.name "versioning_user" git config user.email "semgr8s@securesystems.de" - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false diff --git a/.github/workflows/.reusable-integration-test.yml b/.github/workflows/.reusable-integration-test.yml index ec149be..e8aa730 100644 --- a/.github/workflows/.reusable-integration-test.yml +++ b/.github/workflows/.reusable-integration-test.yml @@ -46,7 +46,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Login with registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -102,7 +102,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Login with registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -157,7 +157,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Login with registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -212,7 +212,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Login with registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml index 1edcb0e..29296bf 100644 --- a/.github/workflows/.reusable-sast.yml +++ b/.github/workflows/.reusable-sast.yml @@ -25,13 +25,13 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false @@ -48,7 +48,7 @@ jobs: run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: 'bandit-results.sarif' @@ -60,13 +60,13 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false @@ -89,7 +89,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Render Helm charts run: | rm -rf tests # remove 'tests' folder from scan @@ -99,14 +99,14 @@ jobs: shell: bash - name: Scan if: inputs.output == 'table' - uses: bridgecrewio/checkov-action@f34d0f0acd8974b1655797c684ecd907aa3ef929 # v12.2837.0 + uses: bridgecrewio/checkov-action@a36096a3a272a684d48058e101498cddb9a1599d # v12.2884.0 with: skip_check: CKV_DOCKER_2 output_format: cli soft_fail: false - name: Scan if: inputs.output == 'sarif' - uses: bridgecrewio/checkov-action@f34d0f0acd8974b1655797c684ecd907aa3ef929 # v12.2837.0 + uses: bridgecrewio/checkov-action@a36096a3a272a684d48058e101498cddb9a1599d # v12.2884.0 with: skip_check: CKV_DOCKER_2 output_file_path: console,checkov-results.sarif @@ -114,7 +114,7 @@ jobs: soft_fail: true - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: checkov-results.sarif @@ -129,13 +129,13 @@ jobs: pull-requests: read steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: 'python' - name: Analyze - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 hadolint: runs-on: ubuntu-latest @@ -147,7 +147,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Scan uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 if: inputs.output == 'table' @@ -164,7 +164,7 @@ jobs: no-fail: true output-file: hadolint-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 if: inputs.output == 'sarif' with: sarif_file: 'hadolint-results.sarif' @@ -179,7 +179,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Scan uses: stackrox/kube-linter-action@5792edc6a03735d592b13c08201711327a935735 # v1.0.5 if: inputs.output == 'table' @@ -197,7 +197,7 @@ jobs: format: sarif output-file: kubelinter-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 if: inputs.output == 'sarif' with: sarif_file: 'kubelinter-results.sarif' @@ -209,13 +209,13 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false @@ -241,7 +241,7 @@ jobs: SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Scan if: inputs.output == 'table' run: semgrep ci --config=auto --suppress-errors --text @@ -249,7 +249,7 @@ jobs: if: inputs.output == 'sarif' run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0 - name: Upload - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 if: inputs.output == 'sarif' with: sarif_file: semgrep-results.sarif @@ -265,7 +265,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run Trivy uses: ./.github/actions/trivy-config with: diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml index 7f6001e..5ab9306 100644 --- a/.github/workflows/.reusable-sca.yml +++ b/.github/workflows/.reusable-sca.yml @@ -41,7 +41,7 @@ jobs: image: docker:stable steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run uses: ./.github/actions/trivy-image with: @@ -64,7 +64,7 @@ jobs: image: docker:stable steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run uses: ./.github/actions/grype with: @@ -93,7 +93,7 @@ jobs: username: ${{ inputs.repo_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run - uses: anchore/sbom-action@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0 + uses: anchore/sbom-action@1ca97d9028b51809cf6d3c934c3e160716e1b605 # v0.17.5 with: image: ${{ inputs.image }} format: cyclonedx-json diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml index 8c8f00e..0a97d2e 100644 --- a/.github/workflows/.reusable-unit-test.yml +++ b/.github/workflows/.reusable-unit-test.yml @@ -19,11 +19,11 @@ jobs: if: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up Docker buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Build test image - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: push: false load: true @@ -38,7 +38,7 @@ jobs: run: docker run --rm -t -v ${PWD}/tests/:/app/tests/ semgr8s:tester pytest --cov-report=term-missing:skip-covered --junitxml=tests/pytest.xml --cov=semgr8s tests/ | tee tests/pytest-coverage.txt - name: Coverage comment id: comment - uses: MishaKav/pytest-coverage-comment@fa1c641d7e3fa1d98ed95d5f658ccd638b774628 # v1.1.52 + uses: MishaKav/pytest-coverage-comment@81882822c5b22af01f91bd3eacb1cefb6ad73dc2 # v1.1.53 if: | github.event_name == 'pull_request' && inputs.skip != 'non-required' @@ -59,13 +59,13 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false @@ -88,13 +88,13 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version-file: '.python-version' - name: Install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1.3.4 + uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 with: version: 1.8.3 virtualenvs-create: false diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 393442a..f1ae6ca 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -18,5 +18,5 @@ jobs: container: image: semgrep/semgrep steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - run: semgrep ci