diff --git a/.github/workflows/allo-allo.yml b/.github/workflows/allo-allo.yml index dde4f85..432c3b9 100644 --- a/.github/workflows/allo-allo.yml +++ b/.github/workflows/allo-allo.yml @@ -51,7 +51,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -67,7 +67,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden the runner (Audit all outbound calls)" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/cleanup-branch-cache.yaml b/.github/workflows/cleanup-branch-cache.yaml index 3ed820a..77001ae 100644 --- a/.github/workflows/cleanup-branch-cache.yaml +++ b/.github/workflows/cleanup-branch-cache.yaml @@ -26,7 +26,7 @@ jobs: contents: "read" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/cleanup-branch-cache.yml b/.github/workflows/cleanup-branch-cache.yml index 3ed820a..77001ae 100644 --- a/.github/workflows/cleanup-branch-cache.yml +++ b/.github/workflows/cleanup-branch-cache.yml @@ -26,7 +26,7 @@ jobs: contents: "read" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 45c3071..445b8a4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -65,7 +65,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 20eb386..8ed5a1b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -39,7 +39,7 @@ jobs: pull-requests: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4cd6300..9c6db3d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -84,7 +84,7 @@ jobs: filters_present: "${{ steps.filters-check.outputs.present }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -129,7 +129,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -149,7 +149,7 @@ jobs: - name: "Setup resources and environment" id: "setup" - uses: "anolilab/workflows/step/node@561a54257113a4bd1346bf10a022063faca27680" # main + uses: "anolilab/workflows/step/node@aa162a984a4909f412bc4dbae712def066a0a681" # main with: node-version: "${{ inputs.node_version || '22' }}" install-node-gyp: "true" @@ -183,7 +183,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -203,7 +203,7 @@ jobs: - name: "Setup resources and environment" id: "setup" - uses: "anolilab/workflows/step/node@561a54257113a4bd1346bf10a022063faca27680" # main + uses: "anolilab/workflows/step/node@aa162a984a4909f412bc4dbae712def066a0a681" # main with: node-version: "${{ inputs.node_version || '22' }}" install-node-gyp: "true" @@ -228,7 +228,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -259,7 +259,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -301,7 +301,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -341,7 +341,7 @@ jobs: timeout-minutes: 30 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -406,7 +406,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/lock-closed.yml b/.github/workflows/lock-closed.yml index 4493818..3a6ab56 100644 --- a/.github/workflows/lock-closed.yml +++ b/.github/workflows/lock-closed.yml @@ -61,7 +61,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/pnpm-lock-file-maintenance.yml b/.github/workflows/pnpm-lock-file-maintenance.yml index e055f2f..ec1e816 100644 --- a/.github/workflows/pnpm-lock-file-maintenance.yml +++ b/.github/workflows/pnpm-lock-file-maintenance.yml @@ -40,7 +40,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -57,7 +57,7 @@ jobs: - name: "Setup resources and environment" id: "setup" - uses: "anolilab/workflows/step/setup@561a54257113a4bd1346bf10a022063faca27680" # main + uses: "anolilab/workflows/step/setup@aa162a984a4909f412bc4dbae712def066a0a681" # main with: node-version: "${{ inputs.node-version }}" cache-prefix: "lock-file-update" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9b4d5db..6867415 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -37,7 +37,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index a0d1c06..c0ac746 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -23,7 +23,7 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index b2f1038..d52e880 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/set-default-labels.yml b/.github/workflows/set-default-labels.yml index 4672573..20af696 100644 --- a/.github/workflows/set-default-labels.yml +++ b/.github/workflows/set-default-labels.yml @@ -35,7 +35,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/slop-detection.yml b/.github/workflows/slop-detection.yml index 30056d4..5f8d003 100644 --- a/.github/workflows/slop-detection.yml +++ b/.github/workflows/slop-detection.yml @@ -109,7 +109,7 @@ jobs: pull-requests: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -142,7 +142,7 @@ jobs: pull-requests: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index 2e54b3c..cd561f7 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -24,7 +24,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -50,7 +50,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -74,7 +74,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -98,7 +98,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ebbaa3d..aaee334 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: runs-on: "${{ matrix.os }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -135,7 +135,7 @@ jobs: # `strategy.job-index == 0` is the lowest combination (lowest node x lowest os). - name: "Upload coverage to Codecov" if: "inputs.coverage == true && strategy.job-index == 0" - uses: "anolilab/workflows/step/codecov@561a54257113a4bd1346bf10a022063faca27680" # main + uses: "anolilab/workflows/step/codecov@aa162a984a4909f412bc4dbae712def066a0a681" # main with: codecov-token: "${{ secrets.codecov_token }}" @@ -147,7 +147,7 @@ jobs: timeout-minutes: 5 steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index d1fa264..a395a87 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -37,7 +37,7 @@ jobs: security-events: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411" # v2.19.4 + uses: "step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920" # v2.20.0 with: egress-policy: "audit" @@ -47,7 +47,7 @@ jobs: persist-credentials: false - name: "Install zizmor" - uses: "taiki-e/install-action@4684b8405694ae9dd42c9f39ba901a70ae83f4a3" # v2.82.9 + uses: "taiki-e/install-action@50414676f9f5d50a65992c6dd2ed02641263226c" # v2.82.10 with: tool: "zizmor" diff --git a/step/rust/action.yml b/step/rust/action.yml index ee4a297..3bb854a 100644 --- a/step/rust/action.yml +++ b/step/rust/action.yml @@ -116,7 +116,7 @@ runs: cache-directories: "${{ inputs.cache-directories }}" - name: "Install tools" - uses: "taiki-e/install-action@4684b8405694ae9dd42c9f39ba901a70ae83f4a3" # v2.82.9 + uses: "taiki-e/install-action@50414676f9f5d50a65992c6dd2ed02641263226c" # v2.82.10 if: "inputs.tools != ''" with: tool: "${{ inputs.tools }}"