From 516745cfe83b331fad6537bd681e80091280ad47 Mon Sep 17 00:00:00 2001 From: Robert Allen Date: Sun, 28 Dec 2025 17:00:36 -0500 Subject: [PATCH 1/2] chore: update GitHub Actions to December 2025 latest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates: - actions/checkout v4.2.2 → v6.0.1 - actions/setup-node v4.1.0 → v6.1.0 - actions/setup-python v5.4.0 → v6.1.0 - actions/setup-go v5.2.0 → v6.1.0 - actions/setup-java v4.6.0 → v5.1.0 - actions/cache v4.1.2 → v5.0.1 - actions/upload-artifact v4.5.0 → v6.0.0 - actions/upload-pages-artifact v3.0.1 → v4.0.0 - pnpm/action-setup v4.0.0 → v4.2.0 - astral-sh/setup-uv v5.1.0 → v7.1.6 - golangci/golangci-lint-action v6.1.1 → v9.2.0 - github/codeql-action v3.27.0 → v4.31.9 - codecov/codecov-action v5.1.2 → v5.5.2 - gradle/actions/setup-gradle v4.2.2 → v5.0.0 - lycheeverse/lychee-action v2.0.1 → v2.7.0 - softprops/action-gh-release v2.1.0 → v2.5.0 - hadolint/hadolint-action v3.1.0 → v3.3.0 - taiki-e/install-action v2.44.0 → v2.65.6 All actions pinned to full SHA for security. 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-Authored-By: Claude Opus 4.5 --- .github/workflows/reusable-ci-go.yml | 24 ++++++------- .github/workflows/reusable-ci-python.yml | 22 ++++++------ .github/workflows/reusable-ci-typescript.yml | 36 ++++++++++---------- .github/workflows/reusable-content.yml | 14 ++++---- .github/workflows/reusable-docs.yml | 22 ++++++------ .github/workflows/reusable-release.yml | 6 ++-- .github/workflows/reusable-security.yml | 22 ++++++------ .github/workflows/sync-labels.yml | 4 +-- actions/setup-node-pnpm/action.yml | 4 +-- actions/setup-python-uv/action.yml | 2 +- 10 files changed, 78 insertions(+), 78 deletions(-) diff --git a/.github/workflows/reusable-ci-go.yml b/.github/workflows/reusable-ci-go.yml index 78300c2..44188e1 100644 --- a/.github/workflows/reusable-ci-go.yml +++ b/.github/workflows/reusable-ci-go.yml @@ -88,17 +88,17 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 with: go-version: ${{ inputs.go-version }} cache: true cache-dependency-path: ${{ inputs.working-directory }}/go.sum - name: Run golangci-lint - uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.0 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v6.5.0 with: version: ${{ inputs.golangci-lint-version }} args: --timeout=${{ inputs.lint-timeout }} @@ -118,10 +118,10 @@ jobs: coverage: ${{ steps.coverage.outputs.percentage }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 with: go-version: ${{ inputs.go-version }} cache: true @@ -149,7 +149,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: coverage.out fail_ci_if_error: false @@ -158,7 +158,7 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Upload coverage artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: coverage-report path: ${{ inputs.working-directory }}/coverage.out @@ -180,10 +180,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 with: go-version: ${{ matrix.go-version }} cache: true @@ -207,7 +207,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage && matrix.go-version == fromJson(inputs.go-versions-matrix)[0] - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: coverage.out fail_ci_if_error: false @@ -228,10 +228,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 with: go-version: ${{ inputs.go-version }} cache: true diff --git a/.github/workflows/reusable-ci-python.yml b/.github/workflows/reusable-ci-python.yml index 41a7d0e..d821860 100644 --- a/.github/workflows/reusable-ci-python.yml +++ b/.github/workflows/reusable-ci-python.yml @@ -78,10 +78,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 with: enable-cache: true cache-dependency-glob: "uv.lock" @@ -111,10 +111,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 with: enable-cache: true cache-dependency-glob: "uv.lock" @@ -144,10 +144,10 @@ jobs: coverage: ${{ steps.coverage.outputs.percentage }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 with: enable-cache: true cache-dependency-glob: "uv.lock" @@ -197,7 +197,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: coverage.xml fail_ci_if_error: false @@ -206,7 +206,7 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Upload coverage artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: coverage-report path: coverage.xml @@ -228,10 +228,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 with: enable-cache: true cache-dependency-glob: "uv.lock" @@ -272,7 +272,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage && matrix.python-version == fromJson(inputs.python-versions-matrix)[0] - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: coverage.xml fail_ci_if_error: false diff --git a/.github/workflows/reusable-ci-typescript.yml b/.github/workflows/reusable-ci-typescript.yml index 9d5d32f..3e89600 100644 --- a/.github/workflows/reusable-ci-typescript.yml +++ b/.github/workflows/reusable-ci-typescript.yml @@ -83,13 +83,13 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' @@ -115,13 +115,13 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' @@ -147,13 +147,13 @@ jobs: coverage: ${{ steps.coverage.outputs.percentage }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' @@ -190,7 +190,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: ./coverage/lcov.info fail_ci_if_error: false @@ -214,13 +214,13 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ matrix.node-version }} cache: 'pnpm' @@ -234,7 +234,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage && matrix.node-version == fromJson(inputs.node-versions-matrix)[0] - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 with: files: ./coverage/lcov.info fail_ci_if_error: false @@ -255,13 +255,13 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' @@ -275,7 +275,7 @@ jobs: - name: Upload build artifacts if: inputs.upload-artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: dist path: ${{ inputs.working-directory }}/dist/ diff --git a/.github/workflows/reusable-content.yml b/.github/workflows/reusable-content.yml index f002964..7450b71 100644 --- a/.github/workflows/reusable-content.yml +++ b/.github/workflows/reusable-content.yml @@ -70,10 +70,10 @@ jobs: if: ${{ inputs.validate-frontmatter }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} @@ -122,10 +122,10 @@ jobs: if: ${{ inputs.lint-markdown }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} @@ -154,10 +154,10 @@ jobs: if: ${{ inputs.check-links }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run lychee - uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6 # v2.3.0 + uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2.3.0 with: args: >- --verbose @@ -178,7 +178,7 @@ jobs: if: ${{ inputs.check-spelling }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run cspell uses: streetsidesoftware/cspell-action@934c74da3775ac844ec89503f666f67efb427fed # v6.10.1 diff --git a/.github/workflows/reusable-docs.yml b/.github/workflows/reusable-docs.yml index 8ea997b..8ad55e4 100644 --- a/.github/workflows/reusable-docs.yml +++ b/.github/workflows/reusable-docs.yml @@ -90,10 +90,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} @@ -121,10 +121,10 @@ jobs: working-directory: ${{ inputs.working-directory }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install lychee - uses: lycheeverse/lychee-action@f613c4a64e50d792e0b31ec34bbcbba12263c6a6 # v2.3.0 + uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2.3.0 with: args: >- --verbose @@ -150,16 +150,16 @@ jobs: artifact-name: docs-site steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Node.js setup for Astro/Docusaurus - name: Setup pnpm if: inputs.framework == 'astro' || inputs.framework == 'docusaurus' - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js if: inputs.framework == 'astro' || inputs.framework == 'docusaurus' - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' @@ -168,7 +168,7 @@ jobs: # Python setup for MkDocs/Sphinx - name: Install uv if: inputs.framework == 'mkdocs' || inputs.framework == 'sphinx' - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 - name: Setup Python if: inputs.framework == 'mkdocs' || inputs.framework == 'sphinx' @@ -210,7 +210,7 @@ jobs: # Upload artifact - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: docs-site path: ${{ inputs.working-directory }}/${{ inputs.output-directory }} @@ -218,7 +218,7 @@ jobs: - name: Upload Pages artifact if: inputs.deploy-to-pages - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v3.0.1 with: path: ${{ inputs.working-directory }}/${{ inputs.output-directory }} @@ -236,4 +236,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v6.0.1 diff --git a/.github/workflows/reusable-release.yml b/.github/workflows/reusable-release.yml index 87ce623..6c965e3 100644 --- a/.github/workflows/reusable-release.yml +++ b/.github/workflows/reusable-release.yml @@ -77,7 +77,7 @@ jobs: release-url: ${{ steps.create-release.outputs.url }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 fetch-tags: true @@ -214,14 +214,14 @@ jobs: - name: Download artifacts if: inputs.upload-artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v6.0.1 with: path: release-artifacts continue-on-error: true - name: Create GitHub Release id: create-release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.2.1 with: tag_name: ${{ steps.version.outputs.tag }} name: Release ${{ steps.version.outputs.tag }} diff --git a/.github/workflows/reusable-security.yml b/.github/workflows/reusable-security.yml index f7a6930..45dc3a2 100644 --- a/.github/workflows/reusable-security.yml +++ b/.github/workflows/reusable-security.yml @@ -78,7 +78,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 @@ -105,10 +105,10 @@ jobs: if: inputs.python-audit steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v5.3.0 with: python-version: ${{ inputs.python-version }} @@ -158,7 +158,7 @@ jobs: - name: Upload pip-audit artifact if: always() && steps.find-deps.outputs.deps_found == 'true' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: pip-audit-results path: pip-audit-results.sarif @@ -173,10 +173,10 @@ jobs: if: inputs.node-audit steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Node.js - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} @@ -219,7 +219,7 @@ jobs: - name: Upload npm audit artifact if: always() && steps.check-package.outputs.has_package == 'true' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: npm-audit-results path: npm-audit-results.json @@ -234,10 +234,10 @@ jobs: if: inputs.go-audit steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 with: go-version: ${{ inputs.go-version }} @@ -270,7 +270,7 @@ jobs: - name: Upload govulncheck artifact if: always() && steps.check-gomod.outputs.has_gomod == 'true' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.1 with: name: govulncheck-results path: govulncheck-results.sarif @@ -294,7 +294,7 @@ jobs: GO_AUDIT_ENABLED: ${{ inputs.go-audit }} steps: - name: Download all artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v6.0.1 with: path: security-results continue-on-error: true diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index e31f3d9..8b7fef0 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout repository # actions/checkout v4.2.2 - 2024-10-31 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: sparse-checkout: | labels.yml @@ -79,7 +79,7 @@ jobs: - name: Setup Node.js # actions/setup-node v4.1.0 - 2024-10-24 - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: node-version: '20' diff --git a/actions/setup-node-pnpm/action.yml b/actions/setup-node-pnpm/action.yml index 8d0e1c0..5fec162 100644 --- a/actions/setup-node-pnpm/action.yml +++ b/actions/setup-node-pnpm/action.yml @@ -47,11 +47,11 @@ runs: using: 'composite' steps: - name: Setup pnpm - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 - name: Setup Node.js id: node - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' diff --git a/actions/setup-python-uv/action.yml b/actions/setup-python-uv/action.yml index df24640..7496e48 100644 --- a/actions/setup-python-uv/action.yml +++ b/actions/setup-python-uv/action.yml @@ -48,7 +48,7 @@ runs: steps: - name: Install uv id: uv - uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 with: enable-cache: true cache-dependency-glob: "${{ inputs.working-directory }}/uv.lock" From ed12f62d3d5ea7ec0bfac387ddf33983e7742792 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 28 Dec 2025 22:34:51 +0000 Subject: [PATCH 2/2] fix: correct GitHub Actions version numbers and SHAs - Updated actions/setup-go from v5.2.0 to v6.1.0 - Updated golangci-lint-action from v6.5.0 to v9.2.0 - Updated astral-sh/setup-uv from v6.0.1 to v7.1.6 - Updated actions/setup-python from v5.3.0 to v6.1.0 - Updated lychee-action from v2.3.0 to v2.7.0 - Updated action-gh-release from v2.2.1 to v2.5.0 - Updated pnpm/action-setup from incorrect v6.0.1 to v4.2.0 - Updated actions/setup-node from v6.0.1 to v6.1.0 - Updated codecov-action from v5.4.2 to v5.5.2 - Updated upload-pages-artifact from v3.0.1 to v4.0.0 - Fixed download-artifact from incorrect v6.0.1 to correct v4.1.8 - Fixed deploy-pages from incorrect v6.0.1 to correct v4.0.5 - Updated version comments in sync-labels.yml with correct dates Co-authored-by: zircote <307960+zircote@users.noreply.github.com> --- .github/workflows/reusable-ci-go.yml | 10 +++++----- .github/workflows/reusable-ci-typescript.yml | 2 +- .github/workflows/reusable-docs.yml | 6 +++--- .github/workflows/reusable-release.yml | 4 ++-- .github/workflows/reusable-security.yml | 4 ++-- .github/workflows/sync-labels.yml | 4 ++-- actions/setup-node-pnpm/action.yml | 4 ++-- actions/setup-python-uv/action.yml | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/reusable-ci-go.yml b/.github/workflows/reusable-ci-go.yml index 44188e1..7620fcd 100644 --- a/.github/workflows/reusable-ci-go.yml +++ b/.github/workflows/reusable-ci-go.yml @@ -91,14 +91,14 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: ${{ inputs.go-version }} cache: true cache-dependency-path: ${{ inputs.working-directory }}/go.sum - name: Run golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v6.5.0 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: version: ${{ inputs.golangci-lint-version }} args: --timeout=${{ inputs.lint-timeout }} @@ -121,7 +121,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: ${{ inputs.go-version }} cache: true @@ -183,7 +183,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: ${{ matrix.go-version }} cache: true @@ -231,7 +231,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v5.2.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: ${{ inputs.go-version }} cache: true diff --git a/.github/workflows/reusable-ci-typescript.yml b/.github/workflows/reusable-ci-typescript.yml index 3e89600..03f8cd0 100644 --- a/.github/workflows/reusable-ci-typescript.yml +++ b/.github/workflows/reusable-ci-typescript.yml @@ -190,7 +190,7 @@ jobs: - name: Upload coverage report if: inputs.upload-coverage - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.4.2 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 with: files: ./coverage/lcov.info fail_ci_if_error: false diff --git a/.github/workflows/reusable-docs.yml b/.github/workflows/reusable-docs.yml index 8ad55e4..e25713b 100644 --- a/.github/workflows/reusable-docs.yml +++ b/.github/workflows/reusable-docs.yml @@ -124,7 +124,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install lychee - uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2.3.0 + uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2.7.0 with: args: >- --verbose @@ -218,7 +218,7 @@ jobs: - name: Upload Pages artifact if: inputs.deploy-to-pages - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v3.0.1 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 with: path: ${{ inputs.working-directory }}/${{ inputs.output-directory }} @@ -236,4 +236,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v6.0.1 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/reusable-release.yml b/.github/workflows/reusable-release.yml index 6c965e3..4e20b8d 100644 --- a/.github/workflows/reusable-release.yml +++ b/.github/workflows/reusable-release.yml @@ -214,14 +214,14 @@ jobs: - name: Download artifacts if: inputs.upload-artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v6.0.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: release-artifacts continue-on-error: true - name: Create GitHub Release id: create-release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.2.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 with: tag_name: ${{ steps.version.outputs.tag }} name: Release ${{ steps.version.outputs.tag }} diff --git a/.github/workflows/reusable-security.yml b/.github/workflows/reusable-security.yml index 45dc3a2..39e79fb 100644 --- a/.github/workflows/reusable-security.yml +++ b/.github/workflows/reusable-security.yml @@ -108,7 +108,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v5.3.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ inputs.python-version }} @@ -294,7 +294,7 @@ jobs: GO_AUDIT_ENABLED: ${{ inputs.go-audit }} steps: - name: Download all artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v6.0.1 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: security-results continue-on-error: true diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 8b7fef0..81f0e6a 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout repository - # actions/checkout v4.2.2 - 2024-10-31 + # actions/checkout v6.0.1 - 2025-12-28 uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: sparse-checkout: | @@ -78,7 +78,7 @@ jobs: sparse-checkout-cone-mode: false - name: Setup Node.js - # actions/setup-node v4.1.0 - 2024-10-24 + # actions/setup-node v6.1.0 - 2025-12-28 uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: node-version: '20' diff --git a/actions/setup-node-pnpm/action.yml b/actions/setup-node-pnpm/action.yml index 5fec162..325f6c3 100644 --- a/actions/setup-node-pnpm/action.yml +++ b/actions/setup-node-pnpm/action.yml @@ -47,11 +47,11 @@ runs: using: 'composite' steps: - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v6.0.1 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node.js id: node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.0.1 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: node-version: ${{ inputs.node-version }} cache: 'pnpm' diff --git a/actions/setup-python-uv/action.yml b/actions/setup-python-uv/action.yml index 7496e48..4f219cc 100644 --- a/actions/setup-python-uv/action.yml +++ b/actions/setup-python-uv/action.yml @@ -48,7 +48,7 @@ runs: steps: - name: Install uv id: uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v6.0.1 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 with: enable-cache: true cache-dependency-glob: "${{ inputs.working-directory }}/uv.lock"