diff --git a/.github/workflows/actions-codeql.yml b/.github/workflows/actions-codeql.yml index 7eb7025..58d20f3 100644 --- a/.github/workflows/actions-codeql.yml +++ b/.github/workflows/actions-codeql.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review-v2.yml b/.github/workflows/dependency-review-v2.yml index 83d9b8f..1192351 100644 --- a/.github/workflows/dependency-review-v2.yml +++ b/.github/workflows/dependency-review-v2.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 330e20e..9367abc 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -63,7 +63,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit diff --git a/.github/workflows/java-maven-openjdk-codeql.yml b/.github/workflows/java-maven-openjdk-codeql.yml index 3b15b82..3b68c6e 100644 --- a/.github/workflows/java-maven-openjdk-codeql.yml +++ b/.github/workflows/java-maven-openjdk-codeql.yml @@ -45,7 +45,7 @@ jobs: # Allow calling Git on a working copy owned by another user than the current one. # see: https://github.blog/2022-04-12-git-security-vulnerability-announced/ - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit @@ -64,7 +64,7 @@ jobs: languages: java - name: Cache maven dependencies - uses: actions/cache@v4.2.0 + uses: actions/cache@v4.2.1 with: path: ~/.m2 key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/java-maven-openjdk-dependency-submission.yml b/.github/workflows/java-maven-openjdk-dependency-submission.yml index 740c515..760286c 100644 --- a/.github/workflows/java-maven-openjdk-dependency-submission.yml +++ b/.github/workflows/java-maven-openjdk-dependency-submission.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: egress-policy: audit @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@v4.2.2 - name: Cache maven dependencies - uses: actions/cache@v4.2.0 + uses: actions/cache@v4.2.1 with: path: ~/.m2 key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 12c224b..5f7a4b0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0 with: disable-sudo: true egress-policy: audit @@ -53,7 +53,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -75,7 +75,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@v4.6.0 + uses: actions/upload-artifact@v4.6.1 with: name: SARIF file path: results.sarif