From 3154a3a4b3f9c34ba8595bc7f79f35d3bf4a1412 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 14 May 2024 13:07:19 -0700
Subject: [PATCH] Update github-actions deps (#10145)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.4` -> `v4.1.5` |
| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)
| action | minor | `4.3.1` -> `4.4.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.5` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v5.0.0` -> `v5.1.0` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | patch | `v2.3.1` -> `v2.3.3` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
actions/checkout (actions/checkout)
###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)
[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)
#### What's Changed
- Update NPM dependencies by
[@cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703)
- Bump github/codeql-action from 2 to 3 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694)
- Bump actions/setup-node from 1 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696)
- Bump actions/upload-artifact from 2 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695)
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@users.noreply.github.com` by
[@cory-miller](https://togithub.com/cory-miller) in
[https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707)
**Full Changelog**:
https://github.com/actions/checkout/compare/v4.1.4...v4.1.5
codecov/codecov-action (codecov/codecov-action)
###
[`v4.4.0`](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)
[Compare
Source](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)
github/codeql-action (github/codeql-action)
###
[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)
###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)
[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)
goreleaser/goreleaser-action
(goreleaser/goreleaser-action)
###
[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)
[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)
#### Important
This version changes the default behavior of `latest` to `~> v1`.
The next major of this action (v6), will change this to `~> v2`, and
will be launched together with GoReleaser v2.
#### What's Changed
- docs: bump actions to latest major by
[@crazy-max](https://togithub.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435)
- chore(deps): bump docker/bake-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437)
- chore(deps): bump actions/setup-go from 4 to 5 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443)
- chore(deps): bump actions/upload-artifact from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444)
- Delete .kodiak.toml by
[@vedantmgoyal9](https://togithub.com/vedantmgoyal9) in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)
- chore(deps): bump codecov/codecov-action from 3 to 4 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448)
- chore(deps): bump ip from 2.0.0 to 2.0.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450)
- Upgrade setup-go action version in README by
[@kishaningithub](https://togithub.com/kishaningithub) in
[https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455)
- chore(deps): bump tar from 6.1.14 to 6.2.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456)
- chore: use corepack to install yarn by
[@crazy-max](https://togithub.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458)
- feat: lock this major version of the action to use '~> v1' as 'latest'
by [@caarlos0](https://togithub.com/caarlos0) in
[https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461)
- chore(deps): bump semver from 7.6.0 to 7.6.2 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462)
- chore(deps): bump
[@actions/http-client](https://togithub.com/actions/http-client)
from 2.2.0 to 2.2.1 by
[@dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451)
#### New Contributors
- [@vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their
first contribution in
[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)
**Full Changelog**:
https://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0
ossf/scorecard-action (ossf/scorecard-action)
###
[`v2.3.3`](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)
[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)
###
[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)
[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)
---
### Configuration
📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
.github/workflows/api-compatibility.yml | 4 ++--
.github/workflows/build-and-test-windows.yaml | 4 ++--
.github/workflows/build-and-test.yml | 16 ++++++++--------
.github/workflows/builder-integration-test.yaml | 2 +-
.github/workflows/builder-release.yaml | 4 ++--
.github/workflows/changelog.yml | 2 +-
.github/workflows/check-links.yaml | 4 ++--
.github/workflows/codeql-analysis.yml | 8 ++++----
.github/workflows/contrib-tests.yml | 2 +-
.../generate-semantic-conventions-pr.yaml | 6 +++---
.github/workflows/perf.yml | 2 +-
.github/workflows/prepare-release.yml | 2 +-
.github/workflows/scorecard.yml | 6 +++---
.github/workflows/shellcheck.yml | 2 +-
.github/workflows/tidy-dependencies.yml | 2 +-
15 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/.github/workflows/api-compatibility.yml b/.github/workflows/api-compatibility.yml
index 5dc6e985a6a..8071b6bad0a 100644
--- a/.github/workflows/api-compatibility.yml
+++ b/.github/workflows/api-compatibility.yml
@@ -22,13 +22,13 @@ jobs:
steps:
- name: Checkout-Main
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
ref: ${{ github.base_ref }}
path: ${{ github.base_ref }}
- name: Checkout-HEAD
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
path: ${{ github.head_ref }}
diff --git a/.github/workflows/build-and-test-windows.yaml b/.github/workflows/build-and-test-windows.yaml
index 82d0776e787..4ade4002839 100644
--- a/.github/workflows/build-and-test-windows.yaml
+++ b/.github/workflows/build-and-test-windows.yaml
@@ -18,7 +18,7 @@ jobs:
runs-on: windows-latest
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -40,7 +40,7 @@ jobs:
runs-on: windows-latest
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 4e8cdcbf6e5..ab10a82e35a 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -38,7 +38,7 @@ jobs:
needs: [setup-environment]
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -62,7 +62,7 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -87,7 +87,7 @@ jobs:
needs: [setup-environment]
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -150,7 +150,7 @@ jobs:
- name: Run vmmeter
uses: self-actuated/vmmeter-action@v1
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -194,7 +194,7 @@ jobs:
needs: [setup-environment]
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
@@ -216,7 +216,7 @@ jobs:
- name: Run Unit Tests With Coverage
run: make gotest-with-cover
- name: Upload coverage report
- uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # 4.3.1
+ uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # 4.4.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -256,7 +256,7 @@ jobs:
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
diff --git a/.github/workflows/builder-integration-test.yaml b/.github/workflows/builder-integration-test.yaml
index cfc63cff3b3..7f0fecef400 100644
--- a/.github/workflows/builder-integration-test.yaml
+++ b/.github/workflows/builder-integration-test.yaml
@@ -29,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
diff --git a/.github/workflows/builder-release.yaml b/.github/workflows/builder-release.yaml
index 17f02824d17..31afbe0b808 100644
--- a/.github/workflows/builder-release.yaml
+++ b/.github/workflows/builder-release.yaml
@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
- name: Setup Go
@@ -18,7 +18,7 @@ jobs:
with:
go-version: ~1.21.5
- name: Run GoReleaser
- uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+ uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
with:
distribution: goreleaser-pro
version: latest
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
index 25e6017666b..99e8887ff54 100644
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@@ -26,7 +26,7 @@ jobs:
PR_HEAD: ${{ github.event.pull_request.head.sha }}
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
- name: Setup Go
diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml
index 93a407948ad..3a903228663 100644
--- a/.github/workflows/check-links.yaml
+++ b/.github/workflows/check-links.yaml
@@ -21,7 +21,7 @@ jobs:
md: ${{ steps.changes.outputs.md }}
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
- name: Get changed files
@@ -34,7 +34,7 @@ jobs:
if: ${{needs.changedfiles.outputs.md}}
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 329af637e4f..fad7705b405 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,7 +21,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
@@ -30,12 +30,12 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
with:
languages: go
- name: Autobuild
- uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
diff --git a/.github/workflows/contrib-tests.yml b/.github/workflows/contrib-tests.yml
index e8caa8fe008..fd20d3aeddb 100644
--- a/.github/workflows/contrib-tests.yml
+++ b/.github/workflows/contrib-tests.yml
@@ -38,7 +38,7 @@ jobs:
- other
steps:
- name: Checkout Repo
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
diff --git a/.github/workflows/generate-semantic-conventions-pr.yaml b/.github/workflows/generate-semantic-conventions-pr.yaml
index 8bc7c691698..69fa1f4154b 100644
--- a/.github/workflows/generate-semantic-conventions-pr.yaml
+++ b/.github/workflows/generate-semantic-conventions-pr.yaml
@@ -14,7 +14,7 @@ jobs:
already-added: ${{ steps.check-versions.outputs.already-added }}
already-opened: ${{ steps.check-versions.outputs.already-opened }}
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- id: check-versions
name: Check versions
@@ -56,9 +56,9 @@ jobs:
needs:
- check-versions
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Checkout semantic-convention
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
repository: open-telemetry/semantic-convention
path: tmp-semantic-conventions
diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml
index 2f48d0a250c..0a6f8065d89 100644
--- a/.github/workflows/perf.yml
+++ b/.github/workflows/perf.yml
@@ -11,7 +11,7 @@ jobs:
runperf:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index fef28ed2ef7..0dbd4454be8 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -54,7 +54,7 @@ jobs:
- validate-versions
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
# Make sure that there are no open issues with release:blocker label in Core. The release has to be delayed until they are resolved.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 3cfdee49ed5..e2d46811604 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -29,12 +29,12 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+ uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
@@ -64,6 +64,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
with:
sarif_file: results.sarif
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index aa59846bea5..d98269e4175 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -13,6 +13,6 @@ jobs:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
diff --git a/.github/workflows/tidy-dependencies.yml b/.github/workflows/tidy-dependencies.yml
index cd1d495eb7c..ba13e9a58ef 100644
--- a/.github/workflows/tidy-dependencies.yml
+++ b/.github/workflows/tidy-dependencies.yml
@@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'dependency-major-update') && (github.actor == 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'renovatebot')) }}
steps:
- - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
ref: ${{ github.head_ref }}
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1