diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 67e2526..cd25a13 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,7 +49,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 + uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 + uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -76,6 +76,6 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 + uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 1c32307..4a9cc8d 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -10,7 +10,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 - name: Install dependencies run: uv sync --group docs - name: Check mkdocs build diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 5c10e52..dd00227 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -66,7 +66,7 @@ jobs: echo "title=${pr_title}" >> "${GITHUB_OUTPUT}" - run: rustup update --no-self-update - name: Install cargo-binstall - uses: cargo-bins/cargo-binstall@ec80feb9e330418e014932e5982599255eff6dbb # v1.17.4 + uses: cargo-bins/cargo-binstall@bc432b49369a3f25c8c8b19578a82060c18a5dd6 # v1.17.6 - name: Install committed run: cargo binstall -y committed env: diff --git a/.github/workflows/py-coverage.yml b/.github/workflows/py-coverage.yml index 409463a..55e829c 100644 --- a/.github/workflows/py-coverage.yml +++ b/.github/workflows/py-coverage.yml @@ -13,7 +13,7 @@ jobs: persist-credentials: false - name: Download all artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: pattern: coverage-data-* merge-multiple: true @@ -30,7 +30,7 @@ jobs: coverage html - name: Upload comprehensive coverage HTML report - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: coverage-report path: htmlcov/ diff --git a/.github/workflows/py-publish.yml b/.github/workflows/py-publish.yml index d034bb3..be7f364 100644 --- a/.github/workflows/py-publish.yml +++ b/.github/workflows/py-publish.yml @@ -33,7 +33,7 @@ jobs: run: twine check dist/* - name: Create attestations - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 with: subject-path: 'dist/*' diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml index facd3d1..99575f7 100644 --- a/.github/workflows/snyk-container.yml +++ b/.github/workflows/snyk-container.yml @@ -23,6 +23,6 @@ jobs: args: --severity-threshold=high --file=Dockerfile.all - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: sarif_file: snyk.sarif diff --git a/.github/workflows/sphinx.yml b/.github/workflows/sphinx.yml index 8ab0374..13cd6a5 100644 --- a/.github/workflows/sphinx.yml +++ b/.github/workflows/sphinx.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 - name: Install dependencies run: uv sync --group docs - name: Build docs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 158d966..c9e1f70 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d #v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f #v10.2.0 with: stale-issue-message: >- This issue has been automatically marked as stale because