From a0df229a06e727195a3cb599395be24ee6dfa567 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 23:11:41 +0000 Subject: [PATCH] ci(deps): bump the all group across 1 directory with 19 updates Bumps the all group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `7.0.9` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.3` | `6.0.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.3.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [al-cheb/configure-pagefile-action](https://github.com/al-cheb/configure-pagefile-action) | `1.4` | `1.5` | | [securego/gosec](https://github.com/securego/gosec) | `2.22.5` | `2.22.10` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.13` | `2.1.16` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.6.0` | `3.7.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `5.9.0` | | [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) | `2.11.2` | `2.11.3` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.3.0` | `6.4.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.33.1` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6.4.0` | `7.2.1` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` | Updates `actions/checkout` from 4.2.2 to 6.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) Updates `peter-evans/create-pull-request` from 7.0.8 to 7.0.9 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/271a8d0340265f705b14b6d32b9829c1cb33d45e...84ae59a2cdc2258d6fa0732dd66352dddae2a412) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4) Updates `actions/download-artifact` from 4.1.3 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4.1.3...v6.0.0) Updates `actions/cache` from 4.2.3 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0057852bfaa89a56745cba8c7296529d2fc39830) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `al-cheb/configure-pagefile-action` from 1.4 to 1.5 - [Release notes](https://github.com/al-cheb/configure-pagefile-action/releases) - [Commits](https://github.com/al-cheb/configure-pagefile-action/compare/a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708...9b6da52fb72a3c6147c1aad2df22d8d905681adc) Updates `securego/gosec` from 2.22.5 to 2.22.10 - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](https://github.com/securego/gosec/compare/d2d3ae66bd8d340b78b5142b6fe610691783c2fe...6be2b51fd78feca86af91f5186b7964d76cb1256) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) Updates `checkmarx/kics-github-action` from 2.1.13 to 2.1.16 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](https://github.com/checkmarx/kics-github-action/compare/71454548efb714daa457caae25c01d64cc0be9d2...6b6fc1162a0f06704e4cca6e5f8e008ab20fabe5) Updates `docker/setup-qemu-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/29109295f81e9208d7d86ff1c6c12d2833863392...c7c53464625b32c7a7e944ae62b3e17d2b600130) Updates `docker/login-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/74a5d142397b4f367a81961eba4e8cd7edddf772...5e57cd118135c172c3672efd75eb46360885c0ef) Updates `docker/metadata-action` from 5.7.0 to 5.9.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/902fa8ec7d6ecbf8d84d538b9b233a880e428804...318604b99e75e41977312d83839a89be02ca4893) Updates `svenstaro/upload-release-action` from 2.11.2 to 2.11.3 - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/svenstaro/upload-release-action/compare/81c65b7cd4de9b2570615ce3aad67a41de5b1a13...6b7fa9f267e90b50a19fef07b3596790bb941741) Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/9c156ee8a17a598857849441385a2041ef570552...e435ccd777264be153ace6237001ef4d979d3a7a) Updates `aquasecurity/trivy-action` from 0.32.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/dc5a429b52fcf669ce959baa2c2dd26090d2a6c4...b6643a29fecd7f34b3597bc6acb0a98b03d33ff8) Updates `anchore/scan-action` from 6.4.0 to 7.2.1 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/scan-action/compare/16910ac423301c6d30554b83a7f71ac6ff4a51f3...40a61b52209e9d50e87917c5b901783d546b12d0) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/ff45666b9427631e3450c54a1bcbee4d9ff4d7c0...28959ce8df70de7be546dd1250a005dd32156697) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: al-cheb/configure-pagefile-action dependency-version: '1.5' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: securego/gosec dependency-version: 2.22.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: checkmarx/kics-github-action dependency-version: 2.1.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: docker/setup-qemu-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/metadata-action dependency-version: 5.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: svenstaro/upload-release-action dependency-version: 2.11.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: goreleaser/goreleaser-action dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: anchore/scan-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/alert-update-flags.yaml | 2 +- .../alert-update-terraform-modules.yaml | 4 +-- .github/workflows/check-apache-license.yaml | 2 +- .github/workflows/check-go-coverage.yaml | 4 +-- .github/workflows/go-ci-coverage.yaml | 14 ++++---- .github/workflows/go-ci-integration.yml | 8 ++--- .github/workflows/go-ci-metrics.yaml | 10 +++--- .github/workflows/go-ci.yml | 22 ++++++------ .github/workflows/go-e2e-debian.yaml | 10 +++--- .github/workflows/go-e2e.yaml | 10 +++--- .../workflows/go-generate-antlr-parser.yaml | 4 +-- .github/workflows/go-test-race.yml | 10 +++--- .github/workflows/kics-gh-action.yaml | 6 ++-- .github/workflows/mkdocs.yml | 4 +-- .github/workflows/prepare-release.yaml | 4 +-- .github/workflows/release-commits.yaml | 6 ++-- .github/workflows/release-dkr-image.yml | 8 ++--- .../release-docker-github-actions.yaml | 14 ++++---- .github/workflows/release-extract-info.yaml | 6 ++-- .github/workflows/release-kics-cxone.yaml | 2 +- .github/workflows/release-nightly.yml | 18 +++++----- .github/workflows/sec-checks.yaml | 34 +++++++++---------- .github/workflows/sonarcloud-scan-branch.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- .github/workflows/statistics.yaml | 6 ++-- .github/workflows/update-docs-queries.yaml | 6 ++-- .github/workflows/update-docs-release.yaml | 4 +-- .github/workflows/update-infra-version.yaml | 6 ++-- .github/workflows/update-install-script.yaml | 6 ++-- .../workflows/update_software_versions.yml | 6 ++-- .../workflows/validate-ansible-samples.yml | 2 +- .github/workflows/validate-arm-samples.yaml | 4 +-- .github/workflows/validate-cfn-samples.yml | 4 +-- .github/workflows/validate-dkr-samples.yml | 2 +- .github/workflows/validate-issues.yaml | 8 ++--- .github/workflows/validate-k8s-samples.yml | 2 +- .../workflows/validate-openapi-samples.yaml | 6 ++-- .github/workflows/validate-prs.yaml | 8 ++--- .../workflows/validate-queries-metadata.yml | 2 +- .github/workflows/validate-tf-samples.yml | 2 +- 40 files changed, 140 insertions(+), 140 deletions(-) diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml index e9476141624..90d4e6182d5 100644 --- a/.github/workflows/alert-update-flags.yaml +++ b/.github/workflows/alert-update-flags.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 2 - name: Execute diff and send email diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml index bcef86d4099..ad3b2c1a2d6 100644 --- a/.github/workflows/alert-update-terraform-modules.yaml +++ b/.github/workflows/alert-update-terraform-modules.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Execute diff and send email @@ -25,7 +25,7 @@ jobs: -c assets/libraries/common.json \ -u https://registry.terraform.io/v1/modules - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "feat(queries): update terraform registry data on commons.json" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml index 2fb3474e74a..8c552417aca 100644 --- a/.github/workflows/check-apache-license.yaml +++ b/.github/workflows/check-apache-license.yaml @@ -12,7 +12,7 @@ jobs: USERNAME: ${{ github.event.pull_request.user.login }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml index 97c10395615..9d2affdbca7 100644 --- a/.github/workflows/check-go-coverage.yaml +++ b/.github/workflows/check-go-coverage.yaml @@ -13,11 +13,11 @@ jobs: color: ${{ steps.testcov.outputs.color }} steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml index 50e7ff3f7fc..a932e04b655 100644 --- a/.github/workflows/go-ci-coverage.yaml +++ b/.github/workflows/go-ci-coverage.yaml @@ -14,11 +14,11 @@ jobs: color: ${{ steps.testcov.outputs.color }} steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script @@ -33,11 +33,11 @@ jobs: curl -L \ https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg cat coverage.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: ${{ runner.os }}-badge-latest path: coverage.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: ${{ runner.os }}-coverage-latest path: coverage.html @@ -47,7 +47,7 @@ jobs: needs: coverage steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: gh-pages - name: Configure git commit author @@ -55,12 +55,12 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Coverage Report - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v6.0.0 with: name: ${{ runner.os }}-coverage-latest path: latest-coverage - name: Download Badge svg - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v6.0.0 with: name: ${{ runner.os }}-badge-latest path: latest-coverage diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml index 293626b9f6d..e3c133270ca 100644 --- a/.github/workflows/go-ci-integration.yml +++ b/.github/workflows/go-ci-integration.yml @@ -15,14 +15,14 @@ jobs: cancel_others: false paths_ignore: '["docs/**", "**/**.md", "examples"]' - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -59,7 +59,7 @@ jobs: -p "/path" \ -o "/path/" - name: Archive test logs - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: always() with: name: integration-logs-${{ github.event.pull_request.head.sha }} @@ -68,7 +68,7 @@ jobs: run: | cat ${PWD}/assets/queries/results.json - name: Archive test results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: integration-results-${{ github.event.pull_request.head.sha }} path: assets/queries/results.json diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml index ea3c60be89d..d3715a20533 100644 --- a/.github/workflows/go-ci-metrics.yaml +++ b/.github/workflows/go-ci-metrics.yaml @@ -12,8 +12,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test metrics script @@ -26,7 +26,7 @@ jobs: curl -L \ https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg cat queries.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: ${{ runner.os }}-queries-badge-latest path: queries.svg @@ -36,7 +36,7 @@ jobs: needs: metrics steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: gh-pages - name: Configure git commit author @@ -44,7 +44,7 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Queries Badge SVG - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v6.0.0 with: name: ${{ runner.os }}-queries-badge-latest path: latest-metrics diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index f0442c323fe..6e088afee7e 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -9,9 +9,9 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod cache: false @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Generate mocks and marshall/unmarshall code @@ -44,11 +44,11 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Get cache paths @@ -56,7 +56,7 @@ jobs: shell: bash run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT - name: Cache dependencies - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ steps.go-cache-paths.outputs.GO_BUILD }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -69,7 +69,7 @@ jobs: go mod vendor - name: Set Windows Page size if: matrix.os == 'windows-2022' - uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4 + uses: al-cheb/configure-pagefile-action@9b6da52fb72a3c6147c1aad2df22d8d905681adc # v1.5 with: minimum-size: 32GB maximum-size: 32GB @@ -86,7 +86,7 @@ jobs: go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log - name: Archive test logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log path: unit-test.log @@ -97,9 +97,9 @@ jobs: GO111MODULE: on steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run Gosec Security Scanner - uses: securego/gosec@d2d3ae66bd8d340b78b5142b6fe610691783c2fe # v2.22.5 + uses: securego/gosec@6be2b51fd78feca86af91f5186b7964d76cb1256 # v2.22.10 with: args: "-no-fail -fmt sarif -out results.sarif ./..." - name: Show results diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml index 04664d0d874..d9f22e1060e 100644 --- a/.github/workflows/go-e2e-debian.yaml +++ b/.github/workflows/go-e2e-debian.yaml @@ -19,11 +19,11 @@ jobs: with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -31,7 +31,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" - name: Install mock server @@ -44,7 +44,7 @@ jobs: id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -100,7 +100,7 @@ jobs: DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/') - name: Archive test report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: e2e-tests-report-dockerfile-$DOCKER_NAME path: e2e-report.html diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml index 0842636459e..f1611c5a681 100644 --- a/.github/workflows/go-e2e.yaml +++ b/.github/workflows/go-e2e.yaml @@ -20,11 +20,11 @@ jobs: with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -32,7 +32,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" - name: Install mock server @@ -45,7 +45,7 @@ jobs: id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -100,7 +100,7 @@ jobs: echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV - name: Archive test report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: e2e-tests-report-${{ env.DOCKER_NAME }} path: e2e-report.html diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml index 6e543d9ebd3..60e9e15cc9e 100644 --- a/.github/workflows/go-generate-antlr-parser.yaml +++ b/.github/workflows/go-generate-antlr-parser.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Build ANTLR image @@ -26,7 +26,7 @@ jobs: run: | docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter:/work -it antlr4-generator:dev - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "chore(parser): updating AWS jsonfilter ANTLR generated parser" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/go-test-race.yml b/.github/workflows/go-test-race.yml index d50a87652cf..02f74d59689 100644 --- a/.github/workflows/go-test-race.yml +++ b/.github/workflows/go-test-race.yml @@ -10,15 +10,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Get cache paths @@ -27,7 +27,7 @@ jobs: echo "::set-output name=go-build::$(go env GOCACHE)" echo "::set-output name=go-mod::$(go env GOMODCACHE)" - name: Cache dependencies - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -45,7 +45,7 @@ jobs: exit $result_code - name: Archive test logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log path: unit-test.log diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml index f9c17483e72..0bab89e6634 100644 --- a/.github/workflows/kics-gh-action.yaml +++ b/.github/workflows/kics-gh-action.yaml @@ -9,9 +9,9 @@ jobs: kics-scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run KICS Scan - uses: checkmarx/kics-github-action@71454548efb714daa457caae25c01d64cc0be9d2 # v2.1.13 + uses: checkmarx/kics-github-action@6b6fc1162a0f06704e4cca6e5f8e008ab20fabe5 # v2.1.16 with: token: ${{ secrets.GITHUB_TOKEN }} path: "./Dockerfile" @@ -21,7 +21,7 @@ jobs: output_formats: json,html type: dockerfile exclude_queries: 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae # Ignore Last User Is 'root' - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: results path: ./results diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 38cd8e8e116..25d0955de49 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -11,7 +11,7 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 @@ -28,7 +28,7 @@ jobs: value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: 3.x - name: Install dependencies diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index e1af7bab05c..bc069b36004 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Get current date @@ -27,7 +27,7 @@ jobs: sed -E -i "s/()[0-9]{4}\.[0-9]{2}\.[0-9]{2}

/\1${{ steps.cdate.outputs.date }}

/" docs/index.md sed -E -i "s/()/\1v${{ github.event.inputs.version }}\2${{ github.event.inputs.version }}\3/g" docs/index.md - name: Create pull request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml index e485fab5c45..43e40c53875 100644 --- a/.github/workflows/release-commits.yaml +++ b/.github/workflows/release-commits.yaml @@ -11,12 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run get release commits script diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml index 892b0ed28fb..9d4b772e151 100644 --- a/.github/workflows/release-dkr-image.yml +++ b/.github/workflows/release-dkr-image.yml @@ -14,7 +14,7 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Get Release version @@ -36,14 +36,14 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -51,7 +51,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: "checkmarx/kics" labels: | diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml index 49291d67528..c9b543856b4 100644 --- a/.github/workflows/release-docker-github-actions.yaml +++ b/.github/workflows/release-docker-github-actions.yaml @@ -13,22 +13,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Check out the tag - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: ${{ github.event.inputs.version }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -36,7 +36,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: "checkmarx/kics" labels: | @@ -66,11 +66,11 @@ jobs: DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} labels: ${{ steps.meta.outputs.labels }} - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "docs(kicsbot): update images digest" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml index 88bbcc19fe1..4e9dc7dfe0b 100644 --- a/.github/workflows/release-extract-info.yaml +++ b/.github/workflows/release-extract-info.yaml @@ -9,8 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test statistics script @@ -19,7 +19,7 @@ jobs: pip3 install -r .github/scripts/extract-kics-info/requirements.txt python3 .github/scripts/extract-kics-info/extract-info.py - name: Upload binaries to release - uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2 + uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # v2.11.3 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: .github/scripts/extract-kics-info/extracted-info.zip diff --git a/.github/workflows/release-kics-cxone.yaml b/.github/workflows/release-kics-cxone.yaml index 9312ac69497..33c56a9fd5a 100644 --- a/.github/workflows/release-kics-cxone.yaml +++ b/.github/workflows/release-kics-cxone.yaml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Git credentials run: | diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 6137c8902d7..f2ac60ee629 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -13,7 +13,7 @@ jobs: sha8: ${{ steps.shorthash.outputs.sha8 }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Check if there are new commits since last nightly @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 @@ -49,11 +49,11 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: 1.24.x - name: Run GoReleaser - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: version: v0.160.0 args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml" @@ -128,7 +128,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 if: always() with: @@ -147,14 +147,14 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -162,7 +162,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: "checkmarx/kics" labels: | @@ -233,7 +233,7 @@ jobs: DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} labels: ${{ steps.meta.outputs.labels }} - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "docs(kicsbot): update images digest" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml index 64996fa9371..f1d9f0c17ca 100644 --- a/.github/workflows/sec-checks.yaml +++ b/.github/workflows/sec-checks.yaml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 #v 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v 0.33.1 with: scan-type: 'fs' ignore-unfixed: true @@ -27,7 +27,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: trivy-fs-scan-results path: ./results.txt @@ -40,7 +40,7 @@ jobs: kics-docker: [ "Dockerfile" ] steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Build @@ -59,7 +59,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 #v 0.32.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v 0.33.1 with: image-ref: kics:sec-trivy-tests-${{ github.sha }} ignore-unfixed: true @@ -75,7 +75,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: trivy-docker-image-scan-results path: ./results.txt @@ -84,10 +84,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run Grype vulnerability scanner in repo mode id: grype-fs-scan - uses: anchore/scan-action@16910ac423301c6d30554b83a7f71ac6ff4a51f3 # v6.4.0 + uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1 with: path: "." only-fixed: true @@ -103,7 +103,7 @@ jobs: kics-docker: [ "Dockerfile" ] steps: - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Docker Buildx @@ -125,7 +125,7 @@ jobs: cache-to: type=local,dest=/tmp/.buildx-cache - name: Scan image id: grype-image-scan - uses: anchore/scan-action@16910ac423301c6d30554b83a7f71ac6ff4a51f3 # v6.4.0 + uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1 with: image: kics:sec-tests-${{ github.sha }} only-fixed: true @@ -137,8 +137,8 @@ jobs: name: govulncheck fs scan steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@v6 with: go-version: 'stable' - name: Install govulncheck @@ -152,7 +152,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: govulncheck-fs-scan-results path: ./results.txt @@ -161,8 +161,8 @@ jobs: name: govulncheck binary scan steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@v6 with: go-version: 'stable' - name: Build kics @@ -178,7 +178,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: govulncheck-binary-scan-results path: ./results.txt @@ -189,7 +189,7 @@ jobs: cat binary_dependencies.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: binary-dependencies path: ./binary_dependencies.txt \ No newline at end of file diff --git a/.github/workflows/sonarcloud-scan-branch.yml b/.github/workflows/sonarcloud-scan-branch.yml index 6306c2679d8..04b2e7e1fab 100644 --- a/.github/workflows/sonarcloud-scan-branch.yml +++ b/.github/workflows/sonarcloud-scan-branch.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: ${{ github.event.inputs.branch }} - name: SonarCloud Scan diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 4561a64ad12..75f98ca730e 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'Checkmarx/kics' steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: SonarCloud Scan diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml index 6cd139801f9..4a08d8ef681 100644 --- a/.github/workflows/statistics.yaml +++ b/.github/workflows/statistics.yaml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script @@ -28,7 +28,7 @@ jobs: sudo apt-get install cloc GO_LOC=$(cloc . | grep Go | grep -Eo '[0-9]+$') echo "::set-output name=goloc::${GO_LOC}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test statistics script diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml index 2f28ccb1f68..c637266b70f 100644 --- a/.github/workflows/update-docs-queries.yaml +++ b/.github/workflows/update-docs-queries.yaml @@ -18,10 +18,10 @@ jobs: uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 with: access_token: ${{ github.token }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Update docs @@ -39,7 +39,7 @@ jobs: --t .github/scripts/docs-generator/query-page-generator/templates/query-page-template.md \ --df - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "docs(queries): update queries catalog" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml index afa075e4dfe..797ecaf4668 100644 --- a/.github/workflows/update-docs-release.yaml +++ b/.github/workflows/update-docs-release.yaml @@ -16,7 +16,7 @@ jobs: with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Get release version @@ -32,7 +32,7 @@ jobs: echo "curr tag ${{ steps.version.outputs.ctag }}" echo "prev ver ${{ steps.version.outputs.pversion }}" echo "curr ver ${{ steps.version.outputs.cversion }}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: 3.x - name: Install dependencies diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml index d5a2dd69083..0e807c50cb6 100644 --- a/.github/workflows/update-infra-version.yaml +++ b/.github/workflows/update-infra-version.yaml @@ -12,17 +12,17 @@ jobs: if: "!github.event.release.prerelease" steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Update Terraform Cloud Integration - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3 with: token: ${{ secrets.KICS_BOT_PAT }} repository: ${{ secrets.TFC_REPO_PATH }} event-type: new-release - name: Update Infra - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3 with: token: ${{ secrets.KICS_BOT_PAT }} repository: ${{ secrets.INFRA_REPO }} diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml index 30a8e40f1bb..bda1aa9d3ff 100644 --- a/.github/workflows/update-install-script.yaml +++ b/.github/workflows/update-install-script.yaml @@ -13,7 +13,7 @@ jobs: with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Get Godownloader @@ -30,7 +30,7 @@ jobs: && chmod +x godownloader \ && rm -vf $(basename "${FULL_URL}") \ && cd "${PROJDIR}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -50,7 +50,7 @@ jobs: - name: Update install.sh run: ./.bin/godownloader --repo Checkmarx/kics <(echo ${{ steps.outputs.filter.goreleaser }}) > install.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "chore(install): update install script" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/update_software_versions.yml b/.github/workflows/update_software_versions.yml index 56af42fa0c2..1d3adc8cae7 100644 --- a/.github/workflows/update_software_versions.yml +++ b/.github/workflows/update_software_versions.yml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run update_versions script @@ -25,7 +25,7 @@ jobs: *.json - name: Create pull request if: steps.verify-changed-files.outputs.files_changed == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6 with: title: "build(deps): updating software versions" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/validate-ansible-samples.yml b/.github/workflows/validate-ansible-samples.yml index 039abd9942d..e633c64eb3c 100644 --- a/.github/workflows/validate-ansible-samples.yml +++ b/.github/workflows/validate-ansible-samples.yml @@ -11,7 +11,7 @@ jobs: lint-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: yaml-lint diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml index b97cc29ad0e..c235f22fbfe 100644 --- a/.github/workflows/validate-arm-samples.yaml +++ b/.github/workflows/validate-arm-samples.yaml @@ -9,10 +9,10 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: "20" - name: Installing jsonlint diff --git a/.github/workflows/validate-cfn-samples.yml b/.github/workflows/validate-cfn-samples.yml index 0a57f76a190..f6a43fd48b0 100644 --- a/.github/workflows/validate-cfn-samples.yml +++ b/.github/workflows/validate-cfn-samples.yml @@ -11,10 +11,10 @@ jobs: validate-cfn-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.x' - name: Get commit changed files diff --git a/.github/workflows/validate-dkr-samples.yml b/.github/workflows/validate-dkr-samples.yml index fe233ce9578..231031d2b56 100644 --- a/.github/workflows/validate-dkr-samples.yml +++ b/.github/workflows/validate-dkr-samples.yml @@ -9,7 +9,7 @@ jobs: validate-dockerfile-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Get Hadolint diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml index 976f03c4f50..0fda1ba6fc5 100644 --- a/.github/workflows/validate-issues.yaml +++ b/.github/workflows/validate-issues.yaml @@ -10,7 +10,7 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false sparse-checkout: | @@ -18,7 +18,7 @@ jobs: .github/scripts/pr-issue-info/get_title_types.py .github/issue-title-types.yaml - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -69,7 +69,7 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false sparse-checkout: | @@ -138,7 +138,7 @@ jobs: fi fi - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-k8s-samples.yml b/.github/workflows/validate-k8s-samples.yml index 68901309a7c..9fce2fc976a 100644 --- a/.github/workflows/validate-k8s-samples.yml +++ b/.github/workflows/validate-k8s-samples.yml @@ -10,7 +10,7 @@ jobs: validate-k8s-manifests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Get Kubeval diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml index e6c68a0d0d8..ce2faadc11d 100644 --- a/.github/workflows/validate-openapi-samples.yaml +++ b/.github/workflows/validate-openapi-samples.yaml @@ -10,7 +10,7 @@ jobs: lint-yaml-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: yaml-lint @@ -22,10 +22,10 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: '20' - name: Installing jsonlint diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml index 6eb7c990000..ffac2e1fbb0 100644 --- a/.github/workflows/validate-prs.yaml +++ b/.github/workflows/validate-prs.yaml @@ -12,7 +12,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false sparse-checkout: | @@ -22,7 +22,7 @@ jobs: - name: Print PR Title run: echo "$TITLE" - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -73,7 +73,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false sparse-checkout: | @@ -153,7 +153,7 @@ jobs: fi fi - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-queries-metadata.yml b/.github/workflows/validate-queries-metadata.yml index 9326728de38..326bfc6b1ef 100644 --- a/.github/workflows/validate-queries-metadata.yml +++ b/.github/workflows/validate-queries-metadata.yml @@ -9,7 +9,7 @@ jobs: validate-metadata: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Run queries metadata validation script diff --git a/.github/workflows/validate-tf-samples.yml b/.github/workflows/validate-tf-samples.yml index f5d6119a575..f206cd677e4 100644 --- a/.github/workflows/validate-tf-samples.yml +++ b/.github/workflows/validate-tf-samples.yml @@ -9,7 +9,7 @@ jobs: lint-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Get tflint