diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 03d778852f..3a986873f1 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -174,7 +174,7 @@ jobs: uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # pin@v4.0.0 - name: Set up cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # pin@v4.1.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # pin@v4.1.1 - name: Check if Dockerhub login is required id: docker_login run: | diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 95ce4d3824..26186948d0 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -415,7 +415,7 @@ jobs: path: .coverage retention-days: 14 - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -597,7 +597,7 @@ jobs: - name: Run Tests run: invoke dev.test --check --migrations --report --coverage --translations - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -734,7 +734,7 @@ jobs: - name: Report coverage run: cd src/frontend && npx nyc report --report-dir ./coverage --temp-dir .nyc_output --reporter=lcov --exclude-after-remap false - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # pin@v6.0.0 with: token: ${{ secrets.CODECOV_TOKEN }} slug: inventree/InvenTree @@ -789,13 +789,13 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 with: persist-credentials: false - - uses: hynek/setup-cached-uv@757bedc3f972eb7227a1aa657651f15a8527c817 # pin@v2 + - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # pin@v2 - name: Run zizmor run: uvx zizmor --format sarif . > results.sarif env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # pin@v3 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # pin@v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 11926cacbc..4a0bc3ab6a 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif diff --git a/.github/workflows/translations.yaml b/.github/workflows/translations.yaml index e6e0d15506..ac25e3c5bb 100644 --- a/.github/workflows/translations.yaml +++ b/.github/workflows/translations.yaml @@ -56,7 +56,7 @@ jobs: echo "Resetting to HEAD~" git reset HEAD~ || true - name: crowdin action - uses: crowdin/github-action@ce33ce793a5cbc401d9cd748716e03fc90c001f1 # pin@v2 + uses: crowdin/github-action@7ca9c452bfe9197d3bb7fa83a4d7e2b0c9ae835d # pin@v2 with: upload_sources: true upload_translations: false