diff --git a/.github/workflows/cache-clear.yml b/.github/workflows/cache-clear.yml index ceb64f80..23a1cf54 100644 --- a/.github/workflows/cache-clear.yml +++ b/.github/workflows/cache-clear.yml @@ -10,12 +10,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Check out code" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 - name: "Cleanup" run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d1ab9a08..882dd68e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,16 +43,16 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Checkout repository" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9" # v2.21.9 + uses: "github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75" # v2.22.8 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: "Autobuild" - uses: "github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9" # v2.21.9 + uses: "github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75" # v2.22.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: "Perform CodeQL Analysis" - uses: "github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9" # v2.21.9 + uses: "github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75" # v2.22.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index a6ae8042..26bea940 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index aa6911ca..ce9f2592 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -20,16 +20,16 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034" # v3.1.0 + uses: "actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f" # v3.1.3 diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index d4d89667..c6614beb 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -16,11 +16,11 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - - uses: "actions/first-interaction@1d8459ca65b335265f1285568221e229d45a995e" # v1.1.1 + - uses: "actions/first-interaction@1dbfe1ba5525b8257e1f259b09745bee346d62d8" # v1.2.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" issue-message: "Awesome! Thank you for taking the time to create your first issue! Please review the [guidelines](https://narrowspark.com/docs/current/contributing)" diff --git a/.github/workflows/introspect.yml b/.github/workflows/introspect.yml index 77b9549b..1eb7cd0f 100644 --- a/.github/workflows/introspect.yml +++ b/.github/workflows/introspect.yml @@ -21,12 +21,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 82e4ecfc..05c83321 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -28,7 +28,7 @@ jobs: yaml_lintable: "${{ steps.changes.outputs.yaml_lintable }}" steps: - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -48,12 +48,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 with: fetch-depth: 2 env: @@ -67,7 +67,7 @@ jobs: run_install: false - name: "Use Node.js 18.x" - uses: "actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d" # v3.8.1 + uses: "actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7" # v3.8.2 with: node-version: "18.x" cache: "pnpm" @@ -88,12 +88,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 with: fetch-depth: 2 env: @@ -115,12 +115,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 with: fetch-depth: 2 env: @@ -134,7 +134,7 @@ jobs: run_install: false - name: "Use Node.js 18.x" - uses: "actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d" # v3.8.1 + uses: "actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7" # v3.8.2 with: node-version: "18.x" cache: "pnpm" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3c1b88d7..85def25a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,17 +33,17 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Checkout code" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 with: persist-credentials: false - name: "Run analysis" - uses: "ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031" # v2.2.0 + uses: "ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736" # v2.3.1 with: results_file: "results.sarif" results_format: "sarif" @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9" # v2.21.9 + uses: "github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75" # v2.22.8 with: sarif_file: "results.sarif" diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index 2e5a80b8..e11dc38f 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -18,7 +18,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" @@ -43,7 +43,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" @@ -66,7 +66,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" @@ -91,7 +91,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0a54f1ca..2d0a3755 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -31,12 +31,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895" # v2.6.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" # v4.1.0 + uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -48,7 +48,7 @@ jobs: run_install: false - name: "Set node version to ${{ matrix.node_version }}" - uses: "actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d" # v3.8.1 + uses: "actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7" # v3.8.2 with: node-version: "${{ matrix.node_version }}" cache: "pnpm" diff --git a/package.json b/package.json index a304e5aa..40406678 100644 --- a/package.json +++ b/package.json @@ -101,7 +101,7 @@ "vite-plugin-static-copy": "^0.17.0", "vitest": "^0.34.6" }, - "packageManager": "pnpm@8.8.0", + "packageManager": "pnpm@8.11.0", "engines": { "node": ">=18.16.* <=20.*" },