Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-090: Automated trusted workflow pinning (2024-10-01) #5141

Merged
merged 1 commit into from
Oct 11, 2024

Conversation

hashicorp-tsccr[bot]
Copy link
Contributor

@hashicorp-tsccr hashicorp-tsccr bot commented Oct 1, 2024

Bumping GitHub Actions version to latest TSCCR release.

  • changes in .github/workflows/build.yml
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • changes in .github/workflows/enos-run.yml
    • bump actions/setup-node from v4.0.3 to v4.0.4 (release notes)
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
    • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)
    • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)
  • changes in .github/workflows/fuzz.yml
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • changes in .github/workflows/security-scan.yml
    • bump actions/setup-python from v5.1.1 to v5.2.0 (release notes)
    • bump github/codeql-action/upload-sarif from codeql-bundle-v2.18.2 to codeql-bundle-v2.19.0 (release notes)
  • changes in .github/workflows/test-cli-ui_oss.yml
    • bump actions/setup-node from v4.0.3 to v4.0.4 (release notes)
    • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/11119535784

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

https://hashicorp.atlassian.net/browse/ICU-15203

@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner October 1, 2024 06:02
@hashicorp-tsccr hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Oct 1, 2024
@moduli moduli added the pr/no-milestone Ignores the Milestone Check label Oct 9, 2024
@moduli moduli merged commit 152d2e8 into main Oct 11, 2024
66 of 68 checks passed
@moduli moduli deleted the tsccr-auto-pinning/trusted/2024-10-01 branch October 11, 2024 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr/no-milestone Ignores the Milestone Check SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant