From 2d17c08caa2b3ec469d48ad9126a1214a741035b Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 16 May 2024 04:42:45 +0200 Subject: [PATCH] chore(deps): update github-actions (major) (#3648) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-java](https://togithub.com/actions/setup-java) | action | major | `v3.13.0` -> `v4.2.1` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3.8.1` -> `v4.0.2` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | major | `v3` -> `v4` | | [bazelbuild/setup-bazelisk](https://togithub.com/bazelbuild/setup-bazelisk) | action | major | `v2.0.0` -> `v3.0.0` | | [geekyeggo/delete-artifact](https://togithub.com/geekyeggo/delete-artifact) | action | major | `v2.0.0` -> `v5.0.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | major | `v2.22.4` -> `v3.25.5` | | [google-github-actions/auth](https://togithub.com/google-github-actions/auth) | action | major | `v1.1.1` -> `v2.1.3` | | [gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action) | action | major | `v2.9.0` -> `v3.3.2` | --- ### Release Notes
actions/setup-java (actions/setup-java) ### [`v4.2.1`](https://togithub.com/actions/setup-java/releases/tag/v4.2.1) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.2.0...v4.2.1) ##### What's Changed - Patch for java version file to accept it from any path by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/610](https://togithub.com/actions/setup-java/pull/610) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.2.1 ### [`v4.2.0`](https://togithub.com/actions/setup-java/releases/tag/v4.2.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.1.0...v4.2.0) ##### What's Changed - Updated actions/httpclient version to 2.2.1 and other dependencies by [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) in [https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607) - Added .tool-versions file support along with .java-version file by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/606](https://togithub.com/actions/setup-java/pull/606) ##### New Contributors - [@​HarithaVattikuti](https://togithub.com/HarithaVattikuti) made their first contribution in [https://github.com/actions/setup-java/pull/607](https://togithub.com/actions/setup-java/pull/607) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.2.0 ### [`v4.1.0`](https://togithub.com/actions/setup-java/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v4.0.0...v4.1.0) #### What's Changed - Added Windows Arm64 Support for Windows Arm64 Runners by [@​mahabaleshwars](https://togithub.com/mahabaleshwars) in [https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595) - feat: bump actions/checkout and actions/setup-java to v4 by [@​kbdharun](https://togithub.com/kbdharun) in [https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533) - Handle authorization when the token is undefined by [@​peter-murray](https://togithub.com/peter-murray) in [https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556) - Documentation update of Java 21 by [@​Okeanos](https://togithub.com/Okeanos) in [https://github.com/actions/setup-java/pull/566](https://togithub.com/actions/setup-java/pull/566) - Documentation update about maven-gpg-plugin version note by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/570](https://togithub.com/actions/setup-java/pull/570) - Oracle JDK 21 support by [@​jdubois](https://togithub.com/jdubois) in [https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538) - Fix typo in configuration example by [@​Bananeweizen](https://togithub.com/Bananeweizen) in [https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572) #### New Contributors - [@​kbdharun](https://togithub.com/kbdharun) made their first contribution in [https://github.com/actions/setup-java/pull/533](https://togithub.com/actions/setup-java/pull/533) - [@​peter-murray](https://togithub.com/peter-murray) made their first contribution in [https://github.com/actions/setup-java/pull/556](https://togithub.com/actions/setup-java/pull/556) - [@​jdubois](https://togithub.com/jdubois) made their first contribution in [https://github.com/actions/setup-java/pull/538](https://togithub.com/actions/setup-java/pull/538) - [@​Bananeweizen](https://togithub.com/Bananeweizen) made their first contribution in [https://github.com/actions/setup-java/pull/572](https://togithub.com/actions/setup-java/pull/572) - [@​mahabaleshwars](https://togithub.com/mahabaleshwars) made their first contribution in [https://github.com/actions/setup-java/pull/595](https://togithub.com/actions/setup-java/pull/595) **Full Changelog**: https://github.com/actions/setup-java/compare/v4...v4.1.0 ### [`v4.0.0`](https://togithub.com/actions/setup-java/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v3.13.0...v4.0.0) #### What's Changed In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16. #### Breaking changes - Update Node.js runtime to version 20 by [@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) in [https://github.com/actions/setup-java/pull/558](https://togithub.com/actions/setup-java/pull/558) #### Non-breaking changes - Adding support for microsoft openjdk 21.0.0 by [@​ralfstuckert](https://togithub.com/ralfstuckert) in [https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546) - Update [@​actions/cache](https://togithub.com/actions/cache) dependency and documentation by [@​IvanZosimov](https://togithub.com/IvanZosimov) in [https://github.com/actions/setup-java/pull/549](https://togithub.com/actions/setup-java/pull/549) - Implementation of the cache-dependency-path option to control caching dependency by [@​itchyny](https://togithub.com/itchyny) in [https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499) #### New Contributors - [@​ralfstuckert](https://togithub.com/ralfstuckert) made their first contribution in [https://github.com/actions/setup-java/pull/546](https://togithub.com/actions/setup-java/pull/546) - [@​itchyny](https://togithub.com/itchyny) made their first contribution in [https://github.com/actions/setup-java/pull/499](https://togithub.com/actions/setup-java/pull/499) **Full Changelog**: https://github.com/actions/setup-java/compare/v3...v4.0.0
actions/setup-node (actions/setup-node) ### [`v4.0.2`](https://togithub.com/actions/setup-node/releases/tag/v4.0.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v4.0.1...v4.0.2) ##### What's Changed - Add support for `volta.extends` by [@​ThisIsManta](https://togithub.com/ThisIsManta) in [https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921) - Add support for arm64 Windows by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/927](https://togithub.com/actions/setup-node/pull/927) ##### New Contributors - [@​ThisIsManta](https://togithub.com/ThisIsManta) made their first contribution in [https://github.com/actions/setup-node/pull/921](https://togithub.com/actions/setup-node/pull/921) **Full Changelog**: https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2 ### [`v4.0.1`](https://togithub.com/actions/setup-node/releases/tag/v4.0.1) [Compare Source](https://togithub.com/actions/setup-node/compare/v4.0.0...v4.0.1) ##### What's Changed - Ignore engines in Yarn 1 e2e-cache tests by [@​trivikr](https://togithub.com/trivikr) in [https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882) - Update setup-node references in the README.md file to setup-node@v4 by [@​jwetzell](https://togithub.com/jwetzell) in [https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884) - Update reusable workflows to use Node.js v20 by [@​MaksimZhukov](https://togithub.com/MaksimZhukov) in [https://github.com/actions/setup-node/pull/889](https://togithub.com/actions/setup-node/pull/889) - Add fix for cache to resolve slow post action step by [@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) in [https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917) - Fix README.md by [@​takayamaki](https://togithub.com/takayamaki) in [https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898) - Add `package.json` to `node-version-file` list of examples. by [@​TWiStErRob](https://togithub.com/TWiStErRob) in [https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879) - Fix node-version-file interprets entire package.json as a version by [@​NullVoxPopuli](https://togithub.com/NullVoxPopuli) in [https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865) ##### New Contributors - [@​trivikr](https://togithub.com/trivikr) made their first contribution in [https://github.com/actions/setup-node/pull/882](https://togithub.com/actions/setup-node/pull/882) - [@​jwetzell](https://togithub.com/jwetzell) made their first contribution in [https://github.com/actions/setup-node/pull/884](https://togithub.com/actions/setup-node/pull/884) - [@​aparnajyothi-y](https://togithub.com/aparnajyothi-y) made their first contribution in [https://github.com/actions/setup-node/pull/917](https://togithub.com/actions/setup-node/pull/917) - [@​takayamaki](https://togithub.com/takayamaki) made their first contribution in [https://github.com/actions/setup-node/pull/898](https://togithub.com/actions/setup-node/pull/898) - [@​TWiStErRob](https://togithub.com/TWiStErRob) made their first contribution in [https://github.com/actions/setup-node/pull/879](https://togithub.com/actions/setup-node/pull/879) - [@​NullVoxPopuli](https://togithub.com/NullVoxPopuli) made their first contribution in [https://github.com/actions/setup-node/pull/865](https://togithub.com/actions/setup-node/pull/865) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.0.1 ### [`v4.0.0`](https://togithub.com/actions/setup-node/releases/tag/v4.0.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.2...v4.0.0) ##### What's Changed In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in [https://github.com/actions/setup-node/pull/866](https://togithub.com/actions/setup-node/pull/866) Besides, release contains such changes as: - Upgrade actions/checkout to v4 by [@​gmembre-zenika](https://togithub.com/gmembre-zenika) in [https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868) - Update actions/checkout for documentation and yaml by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/876](https://togithub.com/actions/setup-node/pull/876) ##### New Contributors - [@​gmembre-zenika](https://togithub.com/gmembre-zenika) made their first contribution in [https://github.com/actions/setup-node/pull/868](https://togithub.com/actions/setup-node/pull/868) **Full Changelog**: https://github.com/actions/setup-node/compare/v3...v4.0.0 ### [`v3.8.2`](https://togithub.com/actions/setup-node/releases/tag/v3.8.2) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.1...v3.8.2) ##### What's Changed - Update semver by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/861](https://togithub.com/actions/setup-node/pull/861) - Update temp directory creation by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/859](https://togithub.com/actions/setup-node/pull/859) - Bump [@​babel/traverse](https://togithub.com/babel/traverse) from 7.15.4 to 7.23.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/actions/setup-node/pull/870](https://togithub.com/actions/setup-node/pull/870) - Add notice about binaries not being updated yet by [@​nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [https://github.com/actions/setup-node/pull/872](https://togithub.com/actions/setup-node/pull/872) - Update toolkit cache and core by [@​dmitry-shibanov](https://togithub.com/dmitry-shibanov) and [@​seongwon-privatenote](https://togithub.com/seongwon-privatenote) in [https://github.com/actions/setup-node/pull/875](https://togithub.com/actions/setup-node/pull/875) **Full Changelog**: https://github.com/actions/setup-node/compare/v3...v3.8.2
bazelbuild/setup-bazelisk (bazelbuild/setup-bazelisk) ### [`v3.0.0`](https://togithub.com/bazelbuild/setup-bazelisk/releases/tag/v3.0.0) [Compare Source](https://togithub.com/bazelbuild/setup-bazelisk/compare/v2.0.0...v3.0.0) #### What's Changed - Update README.md for v2 by [@​mishas](https://togithub.com/mishas) in [https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20) - Bump prettier from 2.6.1 to 2.6.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/21](https://togithub.com/bazelbuild/setup-bazelisk/pull/21) - Bump [@​actions/github](https://togithub.com/actions/github) from 5.0.0 to 5.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/22](https://togithub.com/bazelbuild/setup-bazelisk/pull/22) - Bump [@​actions/tool-cache](https://togithub.com/actions/tool-cache) from 1.6.1 to 1.7.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/23](https://togithub.com/bazelbuild/setup-bazelisk/pull/23) - Bump semver from 7.3.5 to 7.3.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/25](https://togithub.com/bazelbuild/setup-bazelisk/pull/25) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 2.0.0 to 2.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/24](https://togithub.com/bazelbuild/setup-bazelisk/pull/24) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.3 to 0.33.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/26](https://togithub.com/bazelbuild/setup-bazelisk/pull/26) - Bump semver from 7.3.6 to 7.3.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/27](https://togithub.com/bazelbuild/setup-bazelisk/pull/27) - Bump typescript from 4.6.3 to 4.6.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/30](https://togithub.com/bazelbuild/setup-bazelisk/pull/30) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.6.0 to 1.7.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/29](https://togithub.com/bazelbuild/setup-bazelisk/pull/29) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.7.0 to 1.8.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/31](https://togithub.com/bazelbuild/setup-bazelisk/pull/31) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 2.0.2 to 2.0.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/32](https://togithub.com/bazelbuild/setup-bazelisk/pull/32) - Bump [@​actions/tool-cache](https://togithub.com/actions/tool-cache) from 1.7.2 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/34](https://togithub.com/bazelbuild/setup-bazelisk/pull/34) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.8.0 to 1.8.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/33](https://togithub.com/bazelbuild/setup-bazelisk/pull/33) - Bump [@​actions/github](https://togithub.com/actions/github) from 5.0.1 to 5.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/35](https://togithub.com/bazelbuild/setup-bazelisk/pull/35) - Bump [@​actions/http-client](https://togithub.com/actions/http-client) from 1.0.11 to 2.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/36](https://togithub.com/bazelbuild/setup-bazelisk/pull/36) - Bump typescript from 4.6.4 to 4.7.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/37](https://togithub.com/bazelbuild/setup-bazelisk/pull/37) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.33.4 to 0.34.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/38](https://togithub.com/bazelbuild/setup-bazelisk/pull/38) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 2.0.4 to 2.0.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/39](https://togithub.com/bazelbuild/setup-bazelisk/pull/39) - Bump typescript from 4.7.2 to 4.7.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/40](https://togithub.com/bazelbuild/setup-bazelisk/pull/40) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 2.0.5 to 2.0.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/41](https://togithub.com/bazelbuild/setup-bazelisk/pull/41) - Bump typescript from 4.7.3 to 4.7.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/42](https://togithub.com/bazelbuild/setup-bazelisk/pull/42) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.8.2 to 1.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/43](https://togithub.com/bazelbuild/setup-bazelisk/pull/43) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.3.9 to 7.3.10 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/44](https://togithub.com/bazelbuild/setup-bazelisk/pull/44) - Bump prettier from 2.6.2 to 2.7.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/45](https://togithub.com/bazelbuild/setup-bazelisk/pull/45) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 2.0.6 to 3.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/46](https://togithub.com/bazelbuild/setup-bazelisk/pull/46) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.0 to 3.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/47](https://togithub.com/bazelbuild/setup-bazelisk/pull/47) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.1 to 3.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/48](https://togithub.com/bazelbuild/setup-bazelisk/pull/48) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.3.10 to 7.3.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/50](https://togithub.com/bazelbuild/setup-bazelisk/pull/50) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.9.0 to 1.9.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/49](https://togithub.com/bazelbuild/setup-bazelisk/pull/49) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.3 to 3.0.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/51](https://togithub.com/bazelbuild/setup-bazelisk/pull/51) - Bump typescript from 4.7.4 to 4.8.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/52](https://togithub.com/bazelbuild/setup-bazelisk/pull/52) - Bump typescript from 4.8.2 to 4.8.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/53](https://togithub.com/bazelbuild/setup-bazelisk/pull/53) - Bump [@​actions/github](https://togithub.com/actions/github) from 5.0.3 to 5.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/54](https://togithub.com/bazelbuild/setup-bazelisk/pull/54) - Bump [@​actions/github](https://togithub.com/actions/github) from 5.1.0 to 5.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/55](https://togithub.com/bazelbuild/setup-bazelisk/pull/55) - Bump typescript from 4.8.3 to 4.8.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/56](https://togithub.com/bazelbuild/setup-bazelisk/pull/56) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.9.1 to 1.10.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/57](https://togithub.com/bazelbuild/setup-bazelisk/pull/57) - Bump semver from 7.3.7 to 7.3.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/58](https://togithub.com/bazelbuild/setup-bazelisk/pull/58) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.4 to 3.0.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/59](https://togithub.com/bazelbuild/setup-bazelisk/pull/59) - Add support for ARM64. by [@​junyer](https://togithub.com/junyer) in [https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.5 to 3.0.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/62](https://togithub.com/bazelbuild/setup-bazelisk/pull/62) - Get `npm run build` working again. by [@​junyer](https://togithub.com/junyer) in [https://github.com/bazelbuild/setup-bazelisk/pull/63](https://togithub.com/bazelbuild/setup-bazelisk/pull/63) - Bump typescript from 4.8.4 to 4.9.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/64](https://togithub.com/bazelbuild/setup-bazelisk/pull/64) - Bump prettier from 2.7.1 to 2.8.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/65](https://togithub.com/bazelbuild/setup-bazelisk/pull/65) - Bump prettier from 2.8.0 to 2.8.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/67](https://togithub.com/bazelbuild/setup-bazelisk/pull/67) - Bump typescript from 4.9.3 to 4.9.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/69](https://togithub.com/bazelbuild/setup-bazelisk/pull/69) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.34.0 to 0.36.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/68](https://togithub.com/bazelbuild/setup-bazelisk/pull/68) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.0.6 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/72](https://togithub.com/bazelbuild/setup-bazelisk/pull/72) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/73](https://togithub.com/bazelbuild/setup-bazelisk/pull/73) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.1.1 to 3.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/74](https://togithub.com/bazelbuild/setup-bazelisk/pull/74) - Bump prettier from 2.8.1 to 2.8.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/75](https://togithub.com/bazelbuild/setup-bazelisk/pull/75) - Bump prettier from 2.8.2 to 2.8.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/76](https://togithub.com/bazelbuild/setup-bazelisk/pull/76) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.0 to 0.36.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/77](https://togithub.com/bazelbuild/setup-bazelisk/pull/77) - Bump typescript from 4.9.4 to 4.9.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/78](https://togithub.com/bazelbuild/setup-bazelisk/pull/78) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.1.2 to 3.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/79](https://togithub.com/bazelbuild/setup-bazelisk/pull/79) - Bump prettier from 2.8.3 to 2.8.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/80](https://togithub.com/bazelbuild/setup-bazelisk/pull/80) - Bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.0.1 to 2.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/82](https://togithub.com/bazelbuild/setup-bazelisk/pull/82) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.1.3 to 3.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/83](https://togithub.com/bazelbuild/setup-bazelisk/pull/83) - Bump typescript from 4.9.5 to 5.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/84](https://togithub.com/bazelbuild/setup-bazelisk/pull/84) - Bump prettier from 2.8.4 to 2.8.7 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/85](https://togithub.com/bazelbuild/setup-bazelisk/pull/85) - Bump typescript from 5.0.2 to 5.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/86](https://togithub.com/bazelbuild/setup-bazelisk/pull/86) - Bump typescript from 5.0.3 to 5.0.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/87](https://togithub.com/bazelbuild/setup-bazelisk/pull/87) - Bump semver from 7.3.8 to 7.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/88](https://togithub.com/bazelbuild/setup-bazelisk/pull/88) - Bump prettier from 2.8.7 to 2.8.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/89](https://togithub.com/bazelbuild/setup-bazelisk/pull/89) - Bump semver from 7.4.0 to 7.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/90](https://togithub.com/bazelbuild/setup-bazelisk/pull/90) - Bump typescript from 5.0.4 to 5.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/93](https://togithub.com/bazelbuild/setup-bazelisk/pull/93) - Bump semver and [@​types/semver](https://togithub.com/types/semver) by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/92](https://togithub.com/bazelbuild/setup-bazelisk/pull/92) - Bump semver from 7.5.1 to 7.5.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/94](https://togithub.com/bazelbuild/setup-bazelisk/pull/94) - Bump semver from 7.5.2 to 7.5.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/95](https://togithub.com/bazelbuild/setup-bazelisk/pull/95) - Bump typescript from 5.1.3 to 5.1.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/96](https://togithub.com/bazelbuild/setup-bazelisk/pull/96) - Bump semver from 7.5.3 to 7.5.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/98](https://togithub.com/bazelbuild/setup-bazelisk/pull/98) - Bump prettier from 2.8.8 to 3.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/97](https://togithub.com/bazelbuild/setup-bazelisk/pull/97) - Bump cachedir from 2.3.0 to 2.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/99](https://togithub.com/bazelbuild/setup-bazelisk/pull/99) - Bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.1.0 to 2.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/100](https://togithub.com/bazelbuild/setup-bazelisk/pull/100) - Bump prettier from 3.0.0 to 3.0.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/101](https://togithub.com/bazelbuild/setup-bazelisk/pull/101) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.2.1 to 3.2.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/102](https://togithub.com/bazelbuild/setup-bazelisk/pull/102) - Bump tough-cookie and [@​azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/103](https://togithub.com/bazelbuild/setup-bazelisk/pull/103) - Bump xml2js and [@​azure/core-http](https://togithub.com/azure/core-http) by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/105](https://togithub.com/bazelbuild/setup-bazelisk/pull/105) - Bump prettier from 3.0.1 to 3.0.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/106](https://togithub.com/bazelbuild/setup-bazelisk/pull/106) - Bump typescript from 5.1.6 to 5.2.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/107](https://togithub.com/bazelbuild/setup-bazelisk/pull/107) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.0 to 7.5.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/108](https://togithub.com/bazelbuild/setup-bazelisk/pull/108) - Bump prettier from 3.0.2 to 3.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/109](https://togithub.com/bazelbuild/setup-bazelisk/pull/109) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/110](https://togithub.com/bazelbuild/setup-bazelisk/pull/110) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.36.1 to 0.38.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/111](https://togithub.com/bazelbuild/setup-bazelisk/pull/111) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.1 to 7.5.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/113](https://togithub.com/bazelbuild/setup-bazelisk/pull/113) - Bump [@​actions/core](https://togithub.com/actions/core) from 1.10.0 to 1.10.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/112](https://togithub.com/bazelbuild/setup-bazelisk/pull/112) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.2 to 7.5.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/114](https://togithub.com/bazelbuild/setup-bazelisk/pull/114) - Bump [@​actions/http-client](https://togithub.com/actions/http-client) from 2.1.1 to 2.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/115](https://togithub.com/bazelbuild/setup-bazelisk/pull/115) - Bump [@​actions/github](https://togithub.com/actions/github) from 5.1.1 to 6.0.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/116](https://togithub.com/bazelbuild/setup-bazelisk/pull/116) - Bump undici from 5.25.4 to 5.26.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/117](https://togithub.com/bazelbuild/setup-bazelisk/pull/117) - Bump [@​vercel/ncc](https://togithub.com/vercel/ncc) from 0.38.0 to 0.38.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/118](https://togithub.com/bazelbuild/setup-bazelisk/pull/118) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.3 to 7.5.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/119](https://togithub.com/bazelbuild/setup-bazelisk/pull/119) - Bump prettier from 3.0.3 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/123](https://togithub.com/bazelbuild/setup-bazelisk/pull/123) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.4 to 7.5.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/122](https://togithub.com/bazelbuild/setup-bazelisk/pull/122) - Bump typescript from 5.2.2 to 5.3.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/124](https://togithub.com/bazelbuild/setup-bazelisk/pull/124) - Bump [@​types/semver](https://togithub.com/types/semver) from 7.5.5 to 7.5.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/125](https://togithub.com/bazelbuild/setup-bazelisk/pull/125) - Bump typescript from 5.3.2 to 5.3.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/126](https://togithub.com/bazelbuild/setup-bazelisk/pull/126) - Bump prettier from 3.1.0 to 3.1.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/127](https://togithub.com/bazelbuild/setup-bazelisk/pull/127) - Bump prettier from 3.1.1 to 3.2.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/128](https://togithub.com/bazelbuild/setup-bazelisk/pull/128) - Bump [@​actions/cache](https://togithub.com/actions/cache) from 3.2.2 to 3.2.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/129](https://togithub.com/bazelbuild/setup-bazelisk/pull/129) - Bump prettier from 3.2.2 to 3.2.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/bazelbuild/setup-bazelisk/pull/130](https://togithub.com/bazelbuild/setup-bazelisk/pull/130) - Update from Node 16 to Node 20. by [@​junyer](https://togithub.com/junyer) in [https://github.com/bazelbuild/setup-bazelisk/pull/132](https://togithub.com/bazelbuild/setup-bazelisk/pull/132) #### New Contributors - [@​mishas](https://togithub.com/mishas) made their first contribution in [https://github.com/bazelbuild/setup-bazelisk/pull/20](https://togithub.com/bazelbuild/setup-bazelisk/pull/20) - [@​junyer](https://togithub.com/junyer) made their first contribution in [https://github.com/bazelbuild/setup-bazelisk/pull/61](https://togithub.com/bazelbuild/setup-bazelisk/pull/61) **Full Changelog**: https://github.com/bazelbuild/setup-bazelisk/compare/v2...v3.0.0
geekyeggo/delete-artifact (geekyeggo/delete-artifact) ### [`v5.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v5.0.0) [Compare Source](https://togithub.com/geekyeggo/delete-artifact/compare/v4.1.0...v5.0.0) - Switch to [@​actions/artifact](https://www.npmjs.com/package/@​actions/artifact), removing the need for a `token` parameter (Sebastian Weigand) [#​24](https://togithub.com/GeekyEggo/delete-artifact/pull/24) ### [`v4.1.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.1.0) [Compare Source](https://togithub.com/geekyeggo/delete-artifact/compare/v4.0.0...v4.1.0) - Add default token. - Fix over-arching `catch` output; errors now correctly result in a failed run ([@​TheMrMilchmann](https://togithub.com/TheMrMilchmann)). ### [`v4.0.0`](https://togithub.com/GeekyEggo/delete-artifact/releases/tag/v4.0.0): Support for actions/upload-artifact@v4 [Compare Source](https://togithub.com/geekyeggo/delete-artifact/compare/v2.0.0...v4.0.0) - Add support for artifacts uploaded with `actions/upload-artifact@v4`. - Add requirement of `token` with read and write access to actions. - Update requests to use GitHub REST API. - Deprecate support for `actions/upload-artifact@v1`, `actions/upload-artifact@v2`, and `actions/upload-artifact@v3` (please use `geekyeggo/delete-artifact@v2`).
github/codeql-action (github/codeql-action) ### [`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5) ### [`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4) ### [`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3) ### [`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2) ### [`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1) ### [`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.11...v3.25.0) ### [`v3.24.11`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.24.11) ### [`v3.24.10`](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.9...v3.24.10) ### [`v3.24.9`](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.8...v3.24.9) ### [`v3.24.8`](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.7...v3.24.8) ### [`v3.24.7`](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.6...v3.24.7) ### [`v3.24.6`](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.5...v3.24.6) ### [`v3.24.5`](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.4...v3.24.5) ### [`v3.24.4`](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.3...v3.24.4) ### [`v3.24.3`](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.2...v3.24.3) ### [`v3.24.2`](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.1...v3.24.2) ### [`v3.24.1`](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.24.0...v3.24.1) ### [`v3.24.0`](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.2...v3.24.0) ### [`v3.23.2`](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.1...v3.23.2) ### [`v3.23.1`](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.23.0...v3.23.1) ### [`v3.23.0`](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.12...v3.23.0) ### [`v3.22.12`](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.22.11...v3.22.12) ### [`v3.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.11...v3.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.5...v3.22.11) ### [`v2.25.5`](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.4...v2.25.5) ### [`v2.25.4`](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.3...v2.25.4) ### [`v2.25.3`](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.2...v2.25.3) ### [`v2.25.2`](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.1...v2.25.2) ### [`v2.25.1`](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.25.0...v2.25.1) ### [`v2.25.0`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.25.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.11...v2.25.0) ### [`v2.24.11`](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.10...v2.24.11) ### [`v2.24.10`](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.9...v2.24.10) ### [`v2.24.9`](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.8...v2.24.9) ### [`v2.24.8`](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.7...v2.24.8) ### [`v2.24.7`](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.6...v2.24.7) ### [`v2.24.6`](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.5...v2.24.6) ### [`v2.24.5`](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.4...v2.24.5) ### [`v2.24.4`](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.3...v2.24.4) ### [`v2.24.3`](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.2...v2.24.3) ### [`v2.24.2`](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.1...v2.24.2) ### [`v2.24.1`](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.24.0...v2.24.1) ### [`v2.24.0`](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.2...v2.24.0) ### [`v2.23.2`](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.1...v2.23.2) ### [`v2.23.1`](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.23.0...v2.23.1) ### [`v2.23.0`](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.12...v2.23.0) ### [`v2.22.12`](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.11...v2.22.12) ### [`v2.22.11`](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.10...v2.22.11) ### [`v2.22.10`](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.9...v2.22.10) ### [`v2.22.9`](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.8...v2.22.9) ### [`v2.22.8`](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.7...v2.22.8) ### [`v2.22.7`](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.6...v2.22.7) ### [`v2.22.6`](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.5...v2.22.6) ### [`v2.22.5`](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.4...v2.22.5)
google-github-actions/auth (google-github-actions/auth) ### [`v2.1.3`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.3) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v2.1.2...v2.1.3) ##### What's Changed - Security considerations: ids are strings, not integers by [@​ewjoachim](https://togithub.com/ewjoachim) in [https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400) - security: bump undici from 5.28.3 to 5.28.4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/google-github-actions/auth/pull/405](https://togithub.com/google-github-actions/auth/pull/405) - Fix typo by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/408](https://togithub.com/google-github-actions/auth/pull/408) - Switch to using universe helpers by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/410](https://togithub.com/google-github-actions/auth/pull/410) - Add request_reason for plumbing though user-supplied audit information by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/413](https://togithub.com/google-github-actions/auth/pull/413) - Release: v2.1.3 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/414](https://togithub.com/google-github-actions/auth/pull/414) ##### New Contributors - [@​ewjoachim](https://togithub.com/ewjoachim) made their first contribution in [https://github.com/google-github-actions/auth/pull/400](https://togithub.com/google-github-actions/auth/pull/400) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v2.1.2...v2.1.3 ### [`v2.1.2`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.2) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v2.1.1...v2.1.2) ##### What's Changed - Remove documentation on retries (deprecated) by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/392](https://togithub.com/google-github-actions/auth/pull/392) - Add security considerations for Attribute Conditions by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/393](https://togithub.com/google-github-actions/auth/pull/393) - security: bump undici from 5.28.2 to 5.28.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394) - Reduce warnings to info level with a warning icon by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/397](https://togithub.com/google-github-actions/auth/pull/397) - Release: v2.1.2 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/399](https://togithub.com/google-github-actions/auth/pull/399) ##### New Contributors - [@​dependabot](https://togithub.com/dependabot) made their first contribution in [https://github.com/google-github-actions/auth/pull/394](https://togithub.com/google-github-actions/auth/pull/394) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v2...v2.1.2 ### [`v2.1.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.1) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v2.1.0...v2.1.1) ##### What's Changed - Remove retry logic by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/389](https://togithub.com/google-github-actions/auth/pull/389) - Use an OAuth 2.0 access token for Domain-Wide Delegation by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/388](https://togithub.com/google-github-actions/auth/pull/388) - Release: v2.1.1 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/390](https://togithub.com/google-github-actions/auth/pull/390) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v2...v2.1.1 ### [`v2.1.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.1.0) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v2.0.1...v2.1.0) ##### What's Changed - Update deps by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/384](https://togithub.com/google-github-actions/auth/pull/384) - Release: v2.1.0 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/385](https://togithub.com/google-github-actions/auth/pull/385) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v2...v2.1.0 ### [`v2.0.1`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.1) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v2.0.0...v2.0.1) ##### What's Changed - Trigger release on pushes to release branches by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/358](https://togithub.com/google-github-actions/auth/pull/358) - Fix a small docs issue by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/359](https://togithub.com/google-github-actions/auth/pull/359) - Remove broken markdown links by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/362](https://togithub.com/google-github-actions/auth/pull/362) - Document that project_id might be required by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/367](https://togithub.com/google-github-actions/auth/pull/367) - Update README and CI to use latest version by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/365](https://togithub.com/google-github-actions/auth/pull/365) - Add service_account to WIF through SA example by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/369](https://togithub.com/google-github-actions/auth/pull/369) - Use new markdown syntax for alerts by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/371](https://togithub.com/google-github-actions/auth/pull/371) - Note .dockerignore in the exclusion for credentials by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/376](https://togithub.com/google-github-actions/auth/pull/376) - Support newline-separated inputs for delegates and access_token_scopes by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/381](https://togithub.com/google-github-actions/auth/pull/381) - Release: v2.0.1 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/382](https://togithub.com/google-github-actions/auth/pull/382) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v2...v2.0.1 ### [`v2.0.0`](https://togithub.com/google-github-actions/auth/releases/tag/v2.0.0) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v1.3.0...v2.0.0) **⚠️ This version requires Node 20 or later on the runner!** If you are using GitHub-managed runners, no action is needed. If you are using self-hosted runners, make sure the system version of Node is version 20 or higher. ##### What's Changed - Add support for Direct Workload Identity auth by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/348](https://togithub.com/google-github-actions/auth/pull/348) - Add protection for release branches by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/351](https://togithub.com/google-github-actions/auth/pull/351) - Make auth universe-aware by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/352](https://togithub.com/google-github-actions/auth/pull/352) - Fix some examples to include project_id by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/353](https://togithub.com/google-github-actions/auth/pull/353) - Release: v2.0.0 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/355](https://togithub.com/google-github-actions/auth/pull/355) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v1...v2.0.0 ### [`v1.3.0`](https://togithub.com/google-github-actions/auth/releases/tag/v1.3.0) [Compare Source](https://togithub.com/google-github-actions/auth/compare/v1.2.0...v1.3.0) #### What's Changed - Revert back to Node 16 for v1 series by [@​sethvargo](https://togithub.com/sethvargo) in [https://github.com/google-github-actions/auth/pull/356](https://togithub.com/google-github-actions/auth/pull/356) - Release: v1.3.0 by [@​google-github-actions-bot](https://togithub.com/google-github-actions-bot) in [https://github.com/google-github-actions/auth/pull/357](https://togithub.com/google-github-actions/auth/pull/357) **Full Changelog**: https://github.com/google-github-actions/auth/compare/v1...v1.3.0 ###
--- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator). Signed-off-by: Mend Renovate --- .github/actions/secure-project-checkout-node/action.yml | 2 +- .github/workflows/builder_container-based_slsa3.yml | 8 ++++---- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/delegator_generic_slsa3.yml | 4 ++-- .github/workflows/delegator_lowperms-generic_slsa3.yml | 4 ++-- .github/workflows/e2e.sign-attestations.schedule.yml | 2 +- .github/workflows/generator_container_slsa3.yml | 2 +- .github/workflows/pre-submit.actions.yml | 2 +- .github/workflows/pre-submit.lint.yml | 8 ++++---- .github/workflows/pre-submit.units.yml | 2 +- .github/workflows/scorecards.yml | 2 +- actions/gradle/publish/action.yml | 2 +- actions/maven/publish/action.yml | 2 +- internal/builders/bazel/action.yml | 4 ++-- internal/builders/gradle/action.yml | 4 ++-- internal/builders/maven/action.yml | 2 +- internal/builders/nodejs/action.yml | 2 +- 17 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/actions/secure-project-checkout-node/action.yml b/.github/actions/secure-project-checkout-node/action.yml index 5c9726e514..bc3a4d1a7e 100644 --- a/.github/actions/secure-project-checkout-node/action.yml +++ b/.github/actions/secure-project-checkout-node/action.yml @@ -41,6 +41,6 @@ runs: path: ${{ inputs.path }} - name: Set up Node environment - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ inputs.node-version }} diff --git a/.github/workflows/builder_container-based_slsa3.yml b/.github/workflows/builder_container-based_slsa3.yml index 9e2cb93bf1..5ebccd0e52 100644 --- a/.github/workflows/builder_container-based_slsa3.yml +++ b/.github/workflows/builder_container-based_slsa3.yml @@ -306,7 +306,7 @@ jobs: - id: auth name: Authenticate to Google Cloud if: inputs.gcp-workload-identity-provider != '' - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: "access_token" workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }} @@ -633,13 +633,13 @@ jobs: SLSA_OUTPUTS_NAME: ${{ needs.build.outputs.slsa-outputs-name }} RNG: ${{ needs.rng.outputs.value }} steps: - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.BUILD_DEFINITION_NAME }}-${{ env.RNG }}" useGlob: true - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.SLSA_OUTPUTS_NAME }}-${{ env.RNG }}" - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.BUILDER_BINARY }}-${{ env.RNG }}" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6dc5e5fecc..02ebe42dc5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -59,7 +59,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -72,7 +72,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 # Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -85,7 +85,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 + uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 # NOTE: Checks that the matrix job above completes successfully. # This is necessary because the matrix strategy generates new jobs with diff --git a/.github/workflows/delegator_generic_slsa3.yml b/.github/workflows/delegator_generic_slsa3.yml index ede70d957d..3935e2ca0b 100644 --- a/.github/workflows/delegator_generic_slsa3.yml +++ b/.github/workflows/delegator_generic_slsa3.yml @@ -294,9 +294,9 @@ jobs: env: RNG: ${{ needs.rng.outputs.value }} steps: - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}" - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}" diff --git a/.github/workflows/delegator_lowperms-generic_slsa3.yml b/.github/workflows/delegator_lowperms-generic_slsa3.yml index b3d0a68ad1..bfee2d7e95 100644 --- a/.github/workflows/delegator_lowperms-generic_slsa3.yml +++ b/.github/workflows/delegator_lowperms-generic_slsa3.yml @@ -297,9 +297,9 @@ jobs: env: RNG: ${{ needs.rng.outputs.value }} steps: - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.RNG }}-${{ env.SLSA_PREDICATE_FILE }}" - - uses: geekyeggo/delete-artifact@54ab544f12cdb7b71613a16a2b5a37a9ade990af # v2.0.0 + - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 with: name: "${{ env.RNG }}-${{ env.SLSA_ARTIFACTS_FILE }}" diff --git a/.github/workflows/e2e.sign-attestations.schedule.yml b/.github/workflows/e2e.sign-attestations.schedule.yml index bee0082e14..01ba42fe1e 100644 --- a/.github/workflows/e2e.sign-attestations.schedule.yml +++ b/.github/workflows/e2e.sign-attestations.schedule.yml @@ -40,7 +40,7 @@ jobs: attestations: .github/actions/sign-attestations/testdata/attestations output-folder: outputs - name: Setup node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 with: node-version: 20 - name: install sigstore-js diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index bf6ca8a8fe..4d2e325f30 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -158,7 +158,7 @@ jobs: - id: auth name: Authenticate to Google Cloud if: inputs.gcp-workload-identity-provider != '' - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: "access_token" workload_identity_provider: ${{ inputs.gcp-workload-identity-provider }} diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index d25ecdbf64..44560724c4 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -78,7 +78,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Node.js 18 - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 18 diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index 3c207f531b..f6c903e504 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 - run: make markdownlint @@ -41,7 +41,7 @@ jobs: name: markdown-toc runs-on: ubuntu-latest steps: - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -130,7 +130,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 - run: make eslint @@ -139,7 +139,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 20 - run: make renovate-config-validator diff --git a/.github/workflows/pre-submit.units.yml b/.github/workflows/pre-submit.units.yml index 5e8d6868f1..1ee05c4cd0 100644 --- a/.github/workflows/pre-submit.units.yml +++ b/.github/workflows/pre-submit.units.yml @@ -43,7 +43,7 @@ jobs: go-version-file: "go.mod" - name: Set Node.js 16 - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 16 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ab72542953..146e51440f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2.22.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif diff --git a/actions/gradle/publish/action.yml b/actions/gradle/publish/action.yml index 5fef2d7b46..e636fcfd11 100644 --- a/actions/gradle/publish/action.yml +++ b/actions/gradle/publish/action.yml @@ -52,7 +52,7 @@ runs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 env: MAVEN_USERNAME: ${{ inputs.maven-username }} MAVEN_PASSWORD: ${{ inputs.maven-password }} diff --git a/actions/maven/publish/action.yml b/actions/maven/publish/action.yml index e7e24fd0ad..34775f3fb0 100644 --- a/actions/maven/publish/action.yml +++ b/actions/maven/publish/action.yml @@ -47,7 +47,7 @@ runs: - name: Checkout the project repository uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main # needed because we run javadoc and sources. - name: Set up Java for publishing to Maven Central Repository - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 env: MAVEN_USERNAME: ${{ inputs.maven-username }} MAVEN_PASSWORD: ${{ inputs.maven-password }} diff --git a/internal/builders/bazel/action.yml b/internal/builders/bazel/action.yml index 191ec0fa8f..d5388162f5 100644 --- a/internal/builders/bazel/action.yml +++ b/internal/builders/bazel/action.yml @@ -49,11 +49,11 @@ runs: - name: Setup Bazelisk id: bazelisk - uses: bazelbuild/setup-bazelisk@95c9bf48d0c570bb3e28e57108f3450cd67c1a44 # v2.0.0 + uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3.0.0 - name: Setup Java id: java - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-distribution }}" java-version: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-version }}" diff --git a/internal/builders/gradle/action.yml b/internal/builders/gradle/action.yml index 7c2d693cee..bb4375825a 100644 --- a/internal/builders/gradle/action.yml +++ b/internal/builders/gradle/action.yml @@ -58,12 +58,12 @@ runs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: temurin java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }} - name: Setup Gradle - uses: gradle/gradle-build-action@842c587ad8aa4c68eeba24c396e15af4c2e9f30a # v2.9.0 + uses: gradle/gradle-build-action@4c39dd82cd5e1ec7c6fa0173bb41b4b6bb3b86ff # v3.3.2 - name: Run gradle builder id: run_gradle_builder shell: bash diff --git a/internal/builders/maven/action.yml b/internal/builders/maven/action.yml index 4fd7a113f6..9115f24868 100644 --- a/internal/builders/maven/action.yml +++ b/internal/builders/maven/action.yml @@ -58,7 +58,7 @@ runs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v 3.5.2 - name: Set up JDK - uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 with: distribution: temurin java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }} diff --git a/internal/builders/nodejs/action.yml b/internal/builders/nodejs/action.yml index f605d6207b..a04b78bc76 100644 --- a/internal/builders/nodejs/action.yml +++ b/internal/builders/nodejs/action.yml @@ -65,7 +65,7 @@ runs: # checkout ourselves. - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ fromJson(inputs.slsa-workflow-inputs).node-version }} node-version-file: ${{ fromJson(inputs.slsa-workflow-inputs).node-version-file }}