diff --git a/.github/workflows/bundle-analysis.yml b/.github/workflows/bundle-analysis.yml index 136da4a..21fbe4a 100644 --- a/.github/workflows/bundle-analysis.yml +++ b/.github/workflows/bundle-analysis.yml @@ -32,19 +32,19 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Check for file changes" - uses: "dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50" # v2.11.1 + uses: "dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271" # v2.12.0 id: "changes" with: token: "${{ github.token }}" @@ -57,12 +57,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -71,7 +71,7 @@ jobs: - uses: "pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d" # v3.0.0 - name: "Set node version to 18" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@4bb8c450539a93c2c5789587ecde80fc8c939605" # v1.4.3 with: node-version: "18" cache: "pnpm" @@ -82,7 +82,7 @@ jobs: SKIP_CHECK: "true" - name: "Restore Next.js Build" - uses: "actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2" # v4.0.0 + uses: "actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9" # v4.0.2 id: "restore-build-cache" env: cache-name: "cache-next-build" @@ -106,13 +106,13 @@ jobs: run: "cd examples/nextra && npx -p nextjs-bundle-analysis@0.5.0 report" - name: "Upload Bundle" - uses: "actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392" # v4.0.0 + uses: "actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808" # v4.3.3 with: name: "bundle" path: "examples/nextra/.next/analyze/__bundle_analysis.json" - name: "Download Base Branch Bundle Stats" - uses: "dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d" # v3.0.0 + uses: "dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe" # v3.1.4 if: "success() && github.event.number" with: workflow: "nextjs-bundle-analysis.yml" @@ -153,7 +153,7 @@ jobs: echo 'EOF' >> $GITHUB_OUTPUT - name: "Comment" - uses: "marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd" # v2.8.0 + uses: "marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31" # v2.9.0 if: "success() && github.event.number" with: header: "next-bundle-analysis" @@ -175,7 +175,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" diff --git a/.github/workflows/cache-clear.yml b/.github/workflows/cache-clear.yml index 85fd883..a720fc1 100644 --- a/.github/workflows/cache-clear.yml +++ b/.github/workflows/cache-clear.yml @@ -10,12 +10,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Check out code" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 - name: "Cleanup" run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 76d1e0d..8dfcd71 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,16 +43,16 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Checkout repository" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 # Initializes the CodeQL tools for scanning. - name: "Initialize CodeQL" - uses: "github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4" # v3.22.12 + uses: "github/codeql-action/init@04daf014b50eaf774287bf3f0f1869d4b4c4b913" # v2.21.7 with: languages: "${{ matrix.language }}" # If you wish to specify custom queries, you can do so here or in a config file. diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index a6ae804..76c4c78 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -16,7 +16,7 @@ jobs: issues: "write" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 08cf88d..a505ec1 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -20,16 +20,16 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Dependency Review" - uses: "actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976" # v4.0.0 + uses: "actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a" # v4.3.3 diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index d4d8966..64cb07e 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -16,11 +16,11 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - - uses: "actions/first-interaction@1d8459ca65b335265f1285568221e229d45a995e" # v1.1.1 + - uses: "actions/first-interaction@34f15e814fe48ac9312ccf29db4e74fa767cbab7" # v1.3.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" issue-message: "Awesome! Thank you for taking the time to create your first issue! Please review the [guidelines](https://narrowspark.com/docs/current/contributing)" diff --git a/.github/workflows/introspect.yml b/.github/workflows/introspect.yml index 26cf6f0..0e43850 100644 --- a/.github/workflows/introspect.yml +++ b/.github/workflows/introspect.yml @@ -21,12 +21,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ac5c425..16ce337 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -28,19 +28,19 @@ jobs: yaml_lintable: "${{ steps.changes.outputs.yaml_lintable }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Check for file changes" - uses: "dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50" # v2.11.1 + uses: "dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271" # v2.12.0 id: "changes" with: token: "${{ github.token }}" @@ -53,12 +53,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: fetch-depth: 2 env: @@ -71,7 +71,7 @@ jobs: run_install: false - name: "Use Node.js 20.6.1" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2 with: node-version: "20.6.1" cache: "pnpm" @@ -92,12 +92,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: fetch-depth: 2 env: @@ -119,12 +119,12 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: fetch-depth: 2 env: @@ -137,7 +137,7 @@ jobs: run_install: false - name: "Use Node.js 20.6.1" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2 with: node-version: "20.6.1" cache: "pnpm" @@ -170,7 +170,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 135e826..5063939 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,17 +33,17 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Checkout code" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: persist-credentials: false - name: "Run analysis" - uses: "ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031" # v2.2.0 + uses: "ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534" # v2.3.3 with: results_file: "results.sarif" results_format: "sarif" @@ -65,7 +65,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: "actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392" # v4.0.0 + uses: "actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808" # v4.3.3 with: name: "SARIF file" path: "results.sarif" @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: "github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4" # v3.22.12 + uses: "github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251" # v3.25.10 with: sarif_file: "results.sarif" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index 34fd71d..92993a6 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -21,13 +21,13 @@ jobs: name: "Semantic Pull Request" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Validate PR title" id: "lint_pr_title" - uses: "amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54" # v5.2.0 + uses: "amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e" # v5.5.2 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: @@ -43,7 +43,7 @@ jobs: infra revert - - uses: "marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd" # v2.8.0 + - uses: "marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31" # v2.9.0 # When the previous steps fails, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: "always() && (steps.lint_pr_title.outputs.error_message != null)" @@ -62,7 +62,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: "${{ steps.lint_pr_title.outputs.error_message == null }}" - uses: "marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd" # v2.8.0 + uses: "marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31" # v2.9.0 with: header: "pr-title-lint-error" message: | diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index a7d427d..e887d2d 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -27,12 +27,12 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Wait for tests to succeed" - uses: "lewagon/wait-on-check-action@e106e5c43e8ca1edea6383a39a01c5ca495fd812" # v1.3.1 + uses: "lewagon/wait-on-check-action@ccfb013c15c8afb7bf2b7c028fb74dc5a068cccc" # v1.3.4 timeout-minutes: 20 with: ref: "${{ github.event.pull_request.head.sha || github.sha }}" @@ -42,7 +42,7 @@ jobs: allowed-conclusions: "success,skipped" # all other checks must pass, being skipped or cancelled is not sufficient - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: fetch-depth: 0 persist-credentials: false @@ -56,7 +56,7 @@ jobs: run_install: false - name: "Use Node.js 20.6.1" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2 with: node-version: "20.6.1" cache: "pnpm" @@ -106,12 +106,12 @@ jobs: contents: "write" # to be able to publish steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 with: fetch-depth: 2 env: @@ -122,7 +122,7 @@ jobs: - uses: "pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d" # v3.0.0 - name: "Use Node.js 20.6.1" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2 with: node-version: "20.6.1" @@ -130,7 +130,7 @@ jobs: run: "pnpm install --no-frozen-lockfile" - name: "Commit modified files" - uses: "stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d" # v5.0.0 + uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1 with: commit_message: "chore: updated pnpm-lock.yaml" commit_author: "prisis " diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index ad9824b..ec4da02 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -18,7 +18,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" @@ -43,7 +43,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" @@ -66,7 +66,7 @@ jobs: runs-on: "ubuntu-latest" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" @@ -91,7 +91,7 @@ jobs: steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 381a7b1..bb03fd3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,19 +26,19 @@ jobs: packages: "${{ steps.changes.outputs.packages }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" EMAIL: "github-actions[bot]@users.noreply.github.com" - name: "Check for file changes" - uses: "dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50" # v2.11.1 + uses: "dorny/paths-filter@7267a8516b6f92bdb098633497bad573efdbf271" # v2.12.0 id: "changes" with: token: "${{ github.token }}" @@ -56,12 +56,12 @@ jobs: runs-on: "${{ matrix.os }}" steps: - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" - name: "Git checkout" - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11" # v4.1.1 + uses: "actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332" # v4.1.7 env: GIT_COMMITTER_NAME: "GitHub Actions Shell" GIT_AUTHOR_NAME: "GitHub Actions Shell" @@ -72,7 +72,7 @@ jobs: run_install: false - name: "Set node version to ${{ matrix.node_version }}" - uses: "actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65" # v4.0.0 + uses: "actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8" # v4.0.2 with: node-version: "${{ matrix.node_version }}" cache: "pnpm" @@ -106,7 +106,7 @@ jobs: # If any jobs we depend on fail, we will fail since this is a required check # NOTE: A timeout is considered a failure - name: "Harden Runner" - uses: "step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09" # v2.5.1 + uses: "step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6" # v2.8.1 with: egress-policy: "audit" diff --git a/.nvmrc b/.nvmrc index 3c03207..561a1e9 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -18 +18.20.3 diff --git a/package.json b/package.json index d759996..dbcdfad 100644 --- a/package.json +++ b/package.json @@ -219,7 +219,7 @@ "optional": true } }, - "packageManager": "pnpm@8.8.0", + "packageManager": "pnpm@8.15.8", "engines": { "node": ">=18.0.0" },