From 38ba1b8c65f6d7da6ba3be664edf085f1fbb1cc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 11:17:23 +0000 Subject: [PATCH] chore(deps): bump the actions-deps group across 1 directory with 22 updates Bumps the actions-deps group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.3` | `2.14.0` | | [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `8.0.0` | | [actions/checkout](https://github.com/actions/checkout) | `3.6.0` | `6.0.1` | | [coursier/cache-action](https://github.com/coursier/cache-action) | `6.3.3` | `7.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `3.9.1` | `6.1.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2.2.0` | `3.7.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2.10.0` | `3.12.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `6.0.0` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` | | [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) | `2.8.0` | `3.5.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `3.14.1` | `5.1.0` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.21.0` | `2.22.0` | | [oxsecurity/megalinter](https://github.com/oxsecurity/megalinter) | `8.8.0` | `9.2.0` | | [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) | `6.2.0` | `6.3.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6.1.0` | `8.0.0` | | [hoverkraft-tech/compose-action](https://github.com/hoverkraft-tech/compose-action) | `2.0.0` | `2.4.2` | | [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5` | `6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `7.0.0` | | [scalacenter/sbt-dependency-submission](https://github.com/scalacenter/sbt-dependency-submission) | `2.3.1` | `3.2.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.31.6` | `4.31.9` | | [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `5.2.0` | `7.1.0` | Updates `step-security/harden-runner` from 2.13.3 to 2.14.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/df199fb7be9f65074067a9eb93f12bb4c5547cf2...20cf305ff2072d973412fa9b1e3a4f227bda3c76) Updates `actions/github-script` from 7.1.0 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/f28e40c7f34bde8b3046d885e986cb6290c5673b...ed597411d8f924073f98dfc5c65a23a2325f34cd) Updates `actions/checkout` from 3.6.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.6.0...8e8c483db84b4bee98b60c0593521ed34d9990e8) Updates `coursier/cache-action` from 6.3.3 to 7.0.0 - [Release notes](https://github.com/coursier/cache-action/releases) - [Commits](https://github.com/coursier/cache-action/compare/v6.3.3...bebeeb0e6f48ebad66d3783946588ecf43114433) Updates `actions/setup-node` from 3.9.1 to 6.1.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.9.1...395ad3262231945c25e8478fd5baf05154b1d79f) Updates `docker/setup-qemu-action` from 2.2.0 to 3.7.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/2b82ce82d56a2a04d2637cd93a637ae1b359c0a7...c7c53464625b32c7a7e944ae62b3e17d2b600130) Updates `docker/setup-buildx-action` from 2.10.0 to 3.12.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/885d1462b80bc1c1c7f0b00334ad271f09369c55...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f) Updates `actions/upload-artifact` from 4.6.1 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...b7c566a772e6b6bfb58ed0dc250532a479d7789f) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/ff45666b9427631e3450c54a1bcbee4d9ff4d7c0...28959ce8df70de7be546dd1250a005dd32156697) Updates `gradle/gradle-build-action` from 2.8.0 to 3.5.0 - [Release notes](https://github.com/gradle/gradle-build-action/releases) - [Commits](https://github.com/gradle/gradle-build-action/compare/v2.8.0...ac2d340dc04d9e1113182899e983b5400c17cda1) Updates `actions/setup-java` from 3.14.1 to 5.1.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/17f84c3641ba7b8f6deff6309fc4c864478f5d62...f2beeb24e141e01a676f977032f5a29d81c9e27e) Updates `EnricoMi/publish-unit-test-result-action` from 2.21.0 to 2.22.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](https://github.com/enricomi/publish-unit-test-result-action/compare/34d7c956a59aed1bfebf31df77b8de55db9bbaaf...27d65e188ec43221b20d26de30f4892fad91df2f) Updates `oxsecurity/megalinter` from 8.8.0 to 9.2.0 - [Release notes](https://github.com/oxsecurity/megalinter/releases) - [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md) - [Commits](https://github.com/oxsecurity/megalinter/compare/e08c2b05e3dbc40af4c23f41172ef1e068a7d651...55a59b24a441e0e1943080d4a512d827710d4a9d) Updates `crazy-max/ghaction-import-gpg` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v6.2.0...e89d40939c28e39f97cf32126055eeae86ba74ec) Updates `peter-evans/create-pull-request` from 6.1.0 to 8.0.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/c5a7806660adbe173f04e3e038b0ccdcd758773c...98357b18bf14b5342f975ff684046ec3b2a07725) Updates `hoverkraft-tech/compose-action` from 2.0.0 to 2.4.2 - [Release notes](https://github.com/hoverkraft-tech/compose-action/releases) - [Commits](https://github.com/hoverkraft-tech/compose-action/compare/802a148945af6399a338c7906c267331b39a71af...248470ecc5ed40d8ed3d4480d8260d77179ef579) Updates `amannn/action-semantic-pull-request` from 5 to 6 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e32d7e603df1aa1ba07e981f2a23455dee596825...48f256284bd46cdaab1048c3721360e808335d50) Updates `actions/download-artifact` from 4.3.0 to 7.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...37930b1c2abaa49bbe596cd826c3c89aef350131) Updates `scalacenter/sbt-dependency-submission` from 2.3.1 to 3.2.1 - [Release notes](https://github.com/scalacenter/sbt-dependency-submission/releases) - [Commits](https://github.com/scalacenter/sbt-dependency-submission/compare/f3c0455a87097de07b66c3dc1b8619b5976c1c89...f43202114d7522a4b233e052f82c2eea8d658134) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `github/codeql-action` from 3.31.6 to 4.31.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/497990dfed22177a82ba1bbab381bc8f6d27058f...5d4e8d1aca955e8d8589aabd499c5cae939e33c7) Updates `stefanzweifel/git-auto-commit-action` from 5.2.0 to 7.1.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/b863ae1933cb653a53c021fe36dbb774e1fb9403...04702edda442b2e678b25b537cec683a1493fcb9) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: coursier/cache-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-node dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: docker/setup-qemu-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: gradle/gradle-build-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-java dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: oxsecurity/megalinter dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: hoverkraft-tech/compose-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: amannn/action-semantic-pull-request dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/download-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: scalacenter/sbt-dependency-submission dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/auto-merge.yml | 8 ++++---- .github/workflows/build.yml | 18 +++++++++--------- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/integration-tests.yml | 14 +++++++------- .github/workflows/lint.yml | 12 ++++++------ .github/workflows/oasdiff.yml | 2 +- .github/workflows/performance-tests.yml | 8 ++++---- .github/workflows/pr-lint.yml | 4 ++-- .github/workflows/release-clients.yml | 10 +++++----- .github/workflows/release.yml | 12 ++++++------ .../workflows/sbt-dependency-submission.yml | 10 +++++----- .github/workflows/scala-steward.yml | 4 ++-- .github/workflows/scorecard.yml | 10 +++++----- .github/workflows/unit-tests.yml | 8 ++++---- .github/workflows/update-oas.yml | 8 ++++---- 15 files changed, 66 insertions(+), 66 deletions(-) diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index c42c64ced9..edc80cdf82 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -18,12 +18,12 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Update PRs - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.IDENTUS_CI }} script: | @@ -64,12 +64,12 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Update PRs - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.IDENTUS_CI }} script: | diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c9b59acebc..eeb4b3a889 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,11 +36,11 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -50,11 +50,11 @@ jobs: with: java-version: openjdk@1.17 - - uses: coursier/cache-action@4e2615869d13561d626ed48655e1a39e5b192b3c # v6.4.9 + - uses: coursier/cache-action@bebeeb0e6f48ebad66d3783946588ecf43114433 # v7.0.0 id: coursier-cache - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: "lts/*" @@ -65,10 +65,10 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Extract revision version id: revision @@ -123,7 +123,7 @@ jobs: - name: Publish Cloud-Agent Open API Specification id: upload-oas - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: cloud-agent-openapi-spec-${{ steps.build-oas.outputs.OAS_CHECKSUM}} path: ./cloud-agent-openapi-spec-${{ steps.revision.outputs.REVISION_VERSION}}.yaml @@ -139,12 +139,12 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Trigger component integration - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.IDENTUS_CI }} repository: hyperledger-identus/integration diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d9284f67a9..83c9c121aa 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,11 +17,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 32bd1a6a7a..aa7f10880a 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -30,12 +30,12 @@ jobs: REPORTS_DIR: "tests/integration-tests/target/site/serenity" steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Java and Scala uses: olafurpg/setup-scala@32ffa16635ff8f19cc21ea253a987f0fdf29844c # v14 @@ -70,7 +70,7 @@ jobs: echo "prism_node_version=$(grep PRISM_NODE_VERSION infrastructure/local/.env | cut -d'=' -f2 | tr -d ' ')" >> "${GITHUB_OUTPUT}" echo "neoprism_version=$(grep NEOPRISM_VERSION infrastructure/local/.env | cut -d'=' -f2 | tr -d ' ')" >> "${GITHUB_OUTPUT}" - - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1 + - uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0 with: distribution: "zulu" java-version: "21" @@ -135,7 +135,7 @@ jobs: - name: Publish e2e test Results id: publish-unit-tests - uses: EnricoMi/publish-unit-test-result-action@34d7c956a59aed1bfebf31df77b8de55db9bbaaf # v2.21.0 + uses: EnricoMi/publish-unit-test-result-action@27d65e188ec43221b20d26de30f4892fad91df2f # v2.22.0 with: junit_files: "${{ env.REPORTS_DIR }}/SERENITY-JUNIT-*.xml" comment_title: "Integration Test Results" @@ -143,7 +143,7 @@ jobs: - name: Upload serenity report if: github.ref_name == 'main' || failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: integration-tests-result path: ${{ env.REPORTS_DIR }} @@ -151,7 +151,7 @@ jobs: - name: Upload logs if: github.ref_name == 'main' || failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: docker-logs path: ${{ env.LOGS_DIR }} @@ -171,7 +171,7 @@ jobs: SLACK_USERNAME: circleci SLACK_WEBHOOK: ${{ secrets.E2E_TESTS_SLACK_WEBHOOK }} - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 20 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 27ce2fc01f..06bf44e527 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,12 +30,12 @@ jobs: steps: # Git Checkout - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout Code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -43,11 +43,11 @@ jobs: - name: MegaLinter id: ml - uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0 + uses: oxsecurity/megalinter@42bb470545e359597e7f12156947c436e4e3fb9a # v9.3.0 - name: Archive production artifacts if: success() || failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: Mega-Linter reports path: | @@ -55,7 +55,7 @@ jobs: mega-linter.log overwrite: true - - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 + - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 if: failure() && steps.ml.outputs.has_updated_sources == 1 id: import_gpg with: @@ -70,7 +70,7 @@ jobs: - name: Create Pull Request with applied fixes id: cpr if: failure() && steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix') - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ github.head_ref }} diff --git a/.github/workflows/oasdiff.yml b/.github/workflows/oasdiff.yml index 00bdf1a752..952344ce8e 100644 --- a/.github/workflows/oasdiff.yml +++ b/.github/workflows/oasdiff.yml @@ -36,7 +36,7 @@ jobs: pull-requests: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/performance-tests.yml b/.github/workflows/performance-tests.yml index 469ef6f714..5704fd0afb 100644 --- a/.github/workflows/performance-tests.yml +++ b/.github/workflows/performance-tests.yml @@ -31,12 +31,12 @@ jobs: if: ${{ !contains(github.event.pull_request.title, '[skip ci]') }} steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Java and Scala uses: olafurpg/setup-scala@32ffa16635ff8f19cc21ea253a987f0fdf29844c # v14 @@ -82,7 +82,7 @@ jobs: NODE_REFRESH_AND_SUBMIT_PERIOD: 1s NODE_MOVE_SCHEDULED_TO_PENDING_PERIOD: 1s NODE_WALLET_MAX_TPS: 1000 - uses: hoverkraft-tech/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0 + uses: hoverkraft-tech/compose-action@248470ecc5ed40d8ed3d4480d8260d77179ef579 # v2.4.2 with: compose-file: "./infrastructure/shared/docker-compose-combined.yml" compose-flags: "--env-file ./infrastructure/local/.env" @@ -90,7 +90,7 @@ jobs: down-flags: "--volumes" - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: 16.x registry-url: "https://npm.pkg.github.com" diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 02951735d3..df4c3f58b2 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -16,10 +16,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # v5 + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-clients.yml b/.github/workflows/release-clients.yml index b284b82c15..e453605fa0 100644 --- a/.github/workflows/release-clients.yml +++ b/.github/workflows/release-clients.yml @@ -47,15 +47,15 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: "lts/*" registry-url: "https://registry.npmjs.org" @@ -66,7 +66,7 @@ jobs: run: npm install -g npm@^11.5.1 - name: Setup Gradle - uses: gradle/gradle-build-action@ef76a971e2fa3f867b617efd72f2fbd72cf6f8bc # v2.8.0 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 - name: Delete existing Open API specification if: ${{ !inputs.releaseTag }} @@ -76,7 +76,7 @@ jobs: - name: Download OpenAPI specification if: ${{ !inputs.releaseTag }} - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: cloud-agent-openapi-spec-${{ inputs.check_sum }} path: ./cloud-agent/service/api/http diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47e764c2da..af2b4dbdb3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,11 +25,11 @@ jobs: packages: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.IDENTUS_CI }} ref: ${{ github.event.inputs.release-branch }} @@ -41,7 +41,7 @@ jobs: java-version: openjdk@1.17 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: "lts/*" @@ -62,10 +62,10 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Release env: @@ -84,7 +84,7 @@ jobs: run: echo "RELEASE_VERSION=$(cat .release-version)" >> "$GITHUB_OUTPUT" - name: Trigger component integration - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.IDENTUS_CI }} repository: hyperledger-identus/integration diff --git a/.github/workflows/sbt-dependency-submission.yml b/.github/workflows/sbt-dependency-submission.yml index 2274d0ccd7..cf99bbeb8f 100644 --- a/.github/workflows/sbt-dependency-submission.yml +++ b/.github/workflows/sbt-dependency-submission.yml @@ -20,26 +20,26 @@ jobs: contents: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Java and Scala uses: olafurpg/setup-scala@32ffa16635ff8f19cc21ea253a987f0fdf29844c # v14 with: java-version: adopt@1.11 - name: Setup Node - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: "18" # or whatever # - name: Setup Scala.JS # uses: japgolly/setup-scalajs@v1 - name: Cache sbt - uses: coursier/cache-action@288585e12960315492c10d496fafb65b57d9a89b # v6.3.3 + uses: coursier/cache-action@bebeeb0e6f48ebad66d3783946588ecf43114433 # v7.0.0 # - name: npm install # run: npm install - - uses: scalacenter/sbt-dependency-submission@f3c0455a87097de07b66c3dc1b8619b5976c1c89 # v2.3.1 + - uses: scalacenter/sbt-dependency-submission@f43202114d7522a4b233e052f82c2eea8d658134 # v3.2.1 with: working-directory: ./ modules-ignore: diff --git a/.github/workflows/scala-steward.yml b/.github/workflows/scala-steward.yml index 7c4722890d..9a9de8ac92 100644 --- a/.github/workflows/scala-steward.yml +++ b/.github/workflows/scala-steward.yml @@ -19,12 +19,12 @@ jobs: pull-requests: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout the repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index beff411bd7..5f89eb46eb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -34,17 +34,17 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -69,7 +69,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif @@ -78,6 +78,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: results.sarif diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index efd6167278..a64576b83e 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -36,18 +36,18 @@ jobs: TESTCONTAINERS_RYUK_DISABLED: true steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Git checkout (merge) - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 if: github.event_name != 'pull_request' with: fetch-depth: 0 - name: Git checkout (PR) - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 if: github.event_name == 'pull_request' with: fetch-depth: 0 @@ -77,7 +77,7 @@ jobs: - name: Publish test results if: always() - uses: EnricoMi/publish-unit-test-result-action@34d7c956a59aed1bfebf31df77b8de55db9bbaaf # v2.21.0 + uses: EnricoMi/publish-unit-test-result-action@27d65e188ec43221b20d26de30f4892fad91df2f # v2.22.0 with: junit_files: "./target/test-reports/**/TEST-*.xml" comment_title: "Unit Test Results" diff --git a/.github/workflows/update-oas.yml b/.github/workflows/update-oas.yml index eb1b0af966..63f04d7724 100644 --- a/.github/workflows/update-oas.yml +++ b/.github/workflows/update-oas.yml @@ -31,11 +31,11 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -54,7 +54,7 @@ jobs: with: java-version: openjdk@1.17 - - uses: coursier/cache-action@4e2615869d13561d626ed48655e1a39e5b192b3c # v6.4.9 + - uses: coursier/cache-action@bebeeb0e6f48ebad66d3783946588ecf43114433 # v7.0.0 id: coursier-cache - name: Build Cloud-Agent Open API Specification @@ -64,7 +64,7 @@ jobs: sbt "cloudAgentServer/test:runMain org.hyperledger.identus.api.util.Tapir2StaticOAS $GITHUB_WORKSPACE/cloud-agent/service/api/cloud-agent-openapi-spec.yaml $VERSION" - name: Commit and push if changed - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0 + uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0 with: commit_message: "chore(oas) update Open API Specification" file_pattern: "cloud-agent/service/api/cloud-agent-openapi-spec.yaml"