diff --git a/.github/workflows/CopilotPRReviewRunner.yaml b/.github/workflows/CopilotPRReviewRunner.yaml index ce5db91496..e830a0a4dc 100644 --- a/.github/workflows/CopilotPRReviewRunner.yaml +++ b/.github/workflows/CopilotPRReviewRunner.yaml @@ -95,7 +95,7 @@ jobs: persist-credentials: true - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v6.4.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24 diff --git a/.github/workflows/PowerShell.yaml b/.github/workflows/PowerShell.yaml index fe53b97145..984cedaab0 100644 --- a/.github/workflows/PowerShell.yaml +++ b/.github/workflows/PowerShell.yaml @@ -22,7 +22,7 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit diff --git a/.github/workflows/RerunUnstableFailures.yaml b/.github/workflows/RerunUnstableFailures.yaml index c235f19b8a..43e96d2f71 100644 --- a/.github/workflows/RerunUnstableFailures.yaml +++ b/.github/workflows/RerunUnstableFailures.yaml @@ -28,7 +28,7 @@ jobs: - name: Create GitHub App Token id: app-token - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} diff --git a/.github/workflows/SubmitStabilityJobs.yaml b/.github/workflows/SubmitStabilityJobs.yaml index c76bf1be0d..9d689be439 100644 --- a/.github/workflows/SubmitStabilityJobs.yaml +++ b/.github/workflows/SubmitStabilityJobs.yaml @@ -32,7 +32,7 @@ jobs: branch: ${{ fromJson(needs.GetBranches.outputs.officialBranches) }} fail-fast: false steps: - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ vars.APP_ID }} diff --git a/.github/workflows/UpdateALGoProjects.yaml b/.github/workflows/UpdateALGoProjects.yaml index f84e897379..7ede9ea9bf 100644 --- a/.github/workflows/UpdateALGoProjects.yaml +++ b/.github/workflows/UpdateALGoProjects.yaml @@ -20,7 +20,7 @@ jobs: updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }} steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit @@ -48,7 +48,7 @@ jobs: with: ref: ${{ matrix.branch }} - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ vars.APP_ID }} diff --git a/.github/workflows/UpdateBCArtifactVersion.yaml b/.github/workflows/UpdateBCArtifactVersion.yaml index b48d57cf53..e6dbfbcc20 100644 --- a/.github/workflows/UpdateBCArtifactVersion.yaml +++ b/.github/workflows/UpdateBCArtifactVersion.yaml @@ -20,7 +20,7 @@ jobs: updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }} steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit @@ -48,7 +48,7 @@ jobs: with: ref: ${{ matrix.branch }} - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ vars.APP_ID }} diff --git a/.github/workflows/UpdatePackageVersions.yaml b/.github/workflows/UpdatePackageVersions.yaml index de47ddbcd9..f8b7dbd503 100644 --- a/.github/workflows/UpdatePackageVersions.yaml +++ b/.github/workflows/UpdatePackageVersions.yaml @@ -20,7 +20,7 @@ jobs: updateBranches: ${{ steps.getOfficialBranches.outputs.branchesJson }} steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit @@ -48,7 +48,7 @@ jobs: with: ref: ${{ matrix.branch }} - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: app-token with: app-id: ${{ vars.APP_ID }} diff --git a/.github/workflows/WorkitemValidation.yaml b/.github/workflows/WorkitemValidation.yaml index 9cb7c13ba3..2e8a057ed9 100644 --- a/.github/workflows/WorkitemValidation.yaml +++ b/.github/workflows/WorkitemValidation.yaml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit @@ -40,7 +40,7 @@ jobs: needs: GitHubIssueValidation steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 25a7449dbd..4d616749e8 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 + uses: step-security/harden-runner@9ca718d3bf646d6534007c269a635b3e54cadf99 # v2.19.2 with: egress-policy: audit