diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c8cc881..bd9eca9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,22 +28,22 @@ jobs: steps: - name: Harden runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: languages: python queries: +security-extended - name: Autobuild - uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: category: "/language:python" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 5404335..47c72c3 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 + - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: enable-cache: true - name: Install docs dependencies diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 77b9293..3396a86 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -25,7 +25,7 @@ jobs: target: [fuzz_sanitize] steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.4.2 + - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v5.4.2 with: enable-cache: true - name: Install dependencies diff --git a/.github/workflows/grippy-review.yml b/.github/workflows/grippy-review.yml index 5d7de25..8cd218f 100644 --- a/.github/workflows/grippy-review.yml +++ b/.github/workflows/grippy-review.yml @@ -31,7 +31,7 @@ jobs: }} runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index a8e9c30..6c91279 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -25,7 +25,7 @@ jobs: - name: Run Semgrep run: semgrep scan --config p/python --config p/owasp-top-ten --sarif -o semgrep.sarif . - name: Upload SARIF - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 if: always() with: sarif_file: semgrep.sarif diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ea365df..6d19412 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit @@ -37,7 +37,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Set up uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.4.2 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v5.4.2 with: enable-cache: true @@ -49,7 +49,7 @@ jobs: uv run pytest tests/ -v --cov=src/navi_bootstrap --cov-report=xml:coverage.xml --cov-report=term-missing --cov-fail-under=80 - name: Upload coverage to Codecov if: matrix.python-version == '3.12' - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: files: coverage.xml fail_ci_if_error: false @@ -78,7 +78,7 @@ jobs: contents: read steps: - name: Harden runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit @@ -90,7 +90,7 @@ jobs: python-version: "3.12" - name: Set up uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.4.2 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v5.4.2 with: enable-cache: true @@ -112,7 +112,7 @@ jobs: contents: read steps: - name: Harden runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit @@ -124,7 +124,7 @@ jobs: python-version: "3.12" - name: Set up uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.4.2 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v5.4.2 with: enable-cache: true @@ -143,7 +143,7 @@ jobs: contents: read steps: - name: Harden runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit @@ -155,7 +155,7 @@ jobs: python-version: "3.12" - name: Set up uv - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.4.2 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v5.4.2 with: enable-cache: true