From 26bcca153bc11b0bb501d3c99a7fb8f2f0affa2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 May 2026 00:57:22 +0000 Subject: [PATCH] ci(deps): bump the actions-all group across 1 directory with 13 updates Bumps the actions-all group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3` | `4` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.8.0` | `5.2.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.1.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.6.0` | `6.0.1` | | [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) | `5.0.1` | `6.0.0` | | [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `2.0.16` | `2.0.18` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.2` | `3.0.0` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.2` | `3.95.3` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `6.0.0` | `8.1.0` | Updates `dorny/paths-filter` from 3 to 4 - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](https://github.com/dorny/paths-filter/compare/v3...v4) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/setup-java` from 4.8.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/c1e323688fd81a25caa38c78aa6df2d33d3e20d9...be666c2fcd27ec809703dec50e508c2fdc7f6654) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/c299e40c65443455700f0fdfc63efafe5b349051...030e881283bb7a6894de51c315a6bfe6a94e05cf) Updates `docker/build-push-action` from 6.19.2 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...bcafcacb16a39f128d818304e6c9c0c18556b85f) Updates `codecov/codecov-action` from 4.6.0 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...e79a6962e0d4c0c17b229090214935d2e33f8354) Updates `peter-evans/create-issue-from-file` from 5.0.1 to 6.0.0 - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](https://github.com/peter-evans/create-issue-from-file/compare/e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd...fca9117c27cdc29c6c4db3b86c48e4115a786710) Updates `EmbarkStudios/cargo-deny-action` from 2.0.16 to 2.0.18 - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](https://github.com/embarkstudios/cargo-deny-action/compare/175dc7fd4fb85ec8f46948fb98f44db001149081...6c8f9facfa5047ec02d8485b6bf52b587b7777d1) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `softprops/action-gh-release` from 2.6.2 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/3bb12739c298aeb8a4eeaf626c5b8d85266b0e65...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `trufflesecurity/trufflehog` from 3.95.2 to 3.95.3 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/17456f8c7d042d8c82c9a8ca9e937231f9f42e26...37b77001d0174ebec2fcca2bd83ff83a6d45a3ab) Updates `SonarSource/sonarqube-scan-action` from 6.0.0 to 8.1.0 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/fd88b7d7ccbaefd23d8f36f73b59db7a3d246602...7006c4492b2e0ee0f816d36501671557c97f5995) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: actions/setup-java dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: dorny/paths-filter dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-all - dependency-name: peter-evans/create-issue-from-file dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-all - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-all ... Signed-off-by: dependabot[bot] --- .github/workflows/dev-build.yml | 38 +++++++++++----------- .github/workflows/flutter-ci.yml | 12 +++---- .github/workflows/prod-uptime.yml | 2 +- .github/workflows/release.yml | 44 +++++++++++++------------- .github/workflows/rust-ci.yml | 2 +- .github/workflows/security-nightly.yml | 4 +-- .github/workflows/security.yml | 6 ++-- .github/workflows/sonarcloud.yml | 2 +- 8 files changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml index 93ad8f64..925ff593 100644 --- a/.github/workflows/dev-build.yml +++ b/.github/workflows/dev-build.yml @@ -38,7 +38,7 @@ jobs: dev-build-workflow: ${{ steps.filter.outputs.dev-build-workflow }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@v4 id: filter with: filters: | @@ -114,7 +114,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -123,7 +123,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache AppImage tools - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/echo-appimage-tools key: appimage-tools-v1 @@ -158,7 +158,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -188,7 +188,7 @@ jobs: if: needs.paths.outputs.android == 'true' || needs.paths.outputs.dev-build-workflow == 'true' steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: '17' @@ -198,7 +198,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -207,7 +207,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache Gradle - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.gradle/caches @@ -249,7 +249,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -258,7 +258,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache CocoaPods - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | apps/client/ios/Pods @@ -288,7 +288,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -297,7 +297,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache CocoaPods - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | apps/client/macos/Pods @@ -345,7 +345,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -428,7 +428,7 @@ jobs: url: https://dev.echo-messenger.us steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io @@ -436,7 +436,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ghcr.io/${{ github.repository }}/server tags: | @@ -446,7 +446,7 @@ jobs: # still build for verification but don't pollute ghcr with tags # we'd never pull from. `:dev` itself is rolling; `dev-` is # the rollback handle if `:dev` breaks. - - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . file: apps/server/Dockerfile @@ -476,7 +476,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -489,7 +489,7 @@ jobs: run: | flutter pub get flutter build web --release --pwa-strategy=none --dart-define=APP_VERSION=dev - - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io @@ -497,13 +497,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ghcr.io/${{ github.repository }}/web tags: | type=raw,value=dev type=sha,prefix=dev-,format=short - - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: apps/client file: apps/client/Dockerfile.web diff --git a/.github/workflows/flutter-ci.yml b/.github/workflows/flutter-ci.yml index d5069291..66712630 100644 --- a/.github/workflows/flutter-ci.yml +++ b/.github/workflows/flutter-ci.yml @@ -26,7 +26,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -84,7 +84,7 @@ jobs: print(f"Coverage {pct:.1f}% meets the required {threshold:.0f}% threshold.") EOF - name: Upload Flutter coverage - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: files: apps/client/coverage/lcov.info flags: flutter @@ -103,7 +103,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -132,7 +132,7 @@ jobs: timeout-minutes: 25 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: '17' @@ -142,7 +142,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -151,7 +151,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache Gradle - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.gradle/caches diff --git a/.github/workflows/prod-uptime.yml b/.github/workflows/prod-uptime.yml index ec69dba2..f1318f58 100644 --- a/.github/workflows/prod-uptime.yml +++ b/.github/workflows/prod-uptime.yml @@ -154,7 +154,7 @@ jobs: fi - name: Open or update issue - uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5.0.1 + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6.0.0 with: title: ${{ env.ISSUE_TITLE }} content-filepath: /tmp/outage-issue.md diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a9772d6..c5fc7009 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,7 +45,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@v4 id: filter with: # Release runs on push to main; compare against the previous @@ -136,7 +136,7 @@ jobs: # RUSTSEC-2023-0071: transitive rsa advisory via jsonwebtoken (no upstream patch). # RUSTSEC-2026-0097: rand 0.8.5 unsound advisory, pinned by sqlx 0.8.6 transitively. - run: cargo audit --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2026-0097 - - uses: EmbarkStudios/cargo-deny-action@175dc7fd4fb85ec8f46948fb98f44db001149081 # v2.0.16 + - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2.0.18 lint-test-rust: name: Lint + Test (Rust) @@ -197,7 +197,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -320,7 +320,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -329,7 +329,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache AppImage tools - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/echo-appimage-tools key: appimage-tools-v1 @@ -615,7 +615,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -712,7 +712,7 @@ jobs: if: false steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4.8.0 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: temurin java-version: '17' @@ -722,7 +722,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -731,7 +731,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache Gradle - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.gradle/caches @@ -793,7 +793,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -802,7 +802,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache CocoaPods - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | apps/client/ios/Pods @@ -957,7 +957,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -966,7 +966,7 @@ jobs: restore-keys: | ${{ runner.os }}-pubcache- - name: Cache CocoaPods - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | apps/client/macos/Pods @@ -1045,7 +1045,7 @@ jobs: run: | sed -i 's/^version = ".*"/version = "${{ needs.version.outputs.version }}"/' apps/server/Cargo.toml sed -i 's/^version = ".*"/version = "${{ needs.version.outputs.version }}"/' core/rust-core/Cargo.toml - - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io @@ -1053,13 +1053,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ghcr.io/${{ github.repository }}/server tags: | type=raw,value=${{ needs.version.outputs.version }} type=raw,value=latest,enable={{is_default_branch}} - - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . file: apps/server/Dockerfile @@ -1092,7 +1092,7 @@ jobs: channel: stable cache: true - name: Cache pub-cache + .dart_tool - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.pub-cache @@ -1113,7 +1113,7 @@ jobs: name: release-web path: echo-web.tar.gz retention-days: 3 - - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io @@ -1121,13 +1121,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ghcr.io/${{ github.repository }}/web tags: | type=raw,value=${{ needs.version.outputs.version }} type=raw,value=latest,enable={{is_default_branch}} - - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: apps/client file: apps/client/Dockerfile.web @@ -1163,14 +1163,14 @@ jobs: with: fetch-depth: 0 - name: Download release artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: release-* path: dist merge-multiple: true # Tag is already reserved by the `version` job (#530). - name: Create GitHub release - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: ${{ needs.version.outputs.tag }} name: Echo ${{ needs.version.outputs.tag }} diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 78540647..65f641c3 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -70,7 +70,7 @@ jobs: JWT_SECRET: ${{ format('ci-test-secret-{0}-attempt-{1}-padding', github.run_id, github.run_attempt) }} - name: Upload Rust coverage to Codecov if: github.event_name == 'push' - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: files: coverage/rust/lcov.info flags: rust diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml index 6a19d829..3700baed 100644 --- a/.github/workflows/security-nightly.yml +++ b/.github/workflows/security-nightly.yml @@ -31,7 +31,7 @@ jobs: with: shared-key: security-nightly - name: Cache cargo-audit + cargo-deny binaries - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/bin/cargo-audit @@ -82,7 +82,7 @@ jobs: EOF - name: Open issue on failure if: failure() - uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5.0.1 + uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6.0.0 with: title: "Security: nightly cargo audit/deny failure" content-filepath: /tmp/security-issue.md diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c5f210d5..61524af0 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: EmbarkStudios/cargo-deny-action@175dc7fd4fb85ec8f46948fb98f44db001149081 # v2.0.16 + - uses: EmbarkStudios/cargo-deny-action@6c8f9facfa5047ec02d8485b6bf52b587b7777d1 # v2.0.18 secrets: name: Secret Detection runs-on: ubuntu-latest @@ -43,12 +43,12 @@ jobs: # commit. Pass the explicit range so push events scan the new commits. - name: Scan for secrets (pull_request) if: github.event_name == 'pull_request' - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2 + uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab # v3.95.3 with: extra_args: --only-verified - name: Scan for secrets (push) if: github.event_name == 'push' - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2 + uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab # v3.95.3 with: base: ${{ github.event.before }} head: ${{ github.event.after }} diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index a1967db5..8395aba1 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -73,7 +73,7 @@ jobs: flutter test --coverage # -- SonarCloud scan -- - - uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 + - uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: https://sonarcloud.io