diff --git a/.github/workflows/build-authenticator.yml b/.github/workflows/build-authenticator.yml index f363586d9a..96dc1ec6e2 100644 --- a/.github/workflows/build-authenticator.yml +++ b/.github/workflows/build-authenticator.yml @@ -39,10 +39,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -52,7 +52,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -61,13 +61,13 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true @@ -98,7 +98,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true @@ -162,10 +162,10 @@ jobs: json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }} - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -175,7 +175,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -184,7 +184,7 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -224,7 +224,7 @@ jobs: - name: Upload release Play Store .aab artifact if: ${{ matrix.variant == 'aab' }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.bitwarden.authenticator.aab path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab @@ -232,7 +232,7 @@ jobs: - name: Upload release .apk artifact if: ${{ matrix.variant == 'apk' }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.bitwarden.authenticator.apk path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk @@ -252,7 +252,7 @@ jobs: - name: Upload .apk SHA file for release if: ${{ matrix.variant == 'apk' }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: authenticator-android-apk-sha256.txt path: ./authenticator-android-apk-sha256.txt @@ -260,7 +260,7 @@ jobs: - name: Upload .aab SHA file for release if: ${{ matrix.variant == 'aab' }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: authenticator-android-aab-sha256.txt path: ./authenticator-android-aab-sha256.txt diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e410b8d283..5291ca1421 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,10 +40,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -53,7 +53,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -62,13 +62,13 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true @@ -85,7 +85,7 @@ jobs: run: bundle exec fastlane assembleDebugApks - name: Upload test reports on failure - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: failure() with: name: test-reports @@ -106,7 +106,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true @@ -157,10 +157,10 @@ jobs: --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -170,7 +170,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -179,7 +179,7 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -253,7 +253,7 @@ jobs: - name: Upload release Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.aab path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab @@ -261,7 +261,7 @@ jobs: - name: Upload beta Play Store .aab artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta.aab path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab @@ -269,7 +269,7 @@ jobs: - name: Upload release .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.apk path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk @@ -277,7 +277,7 @@ jobs: - name: Upload beta .apk artifact if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta.apk path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk @@ -286,7 +286,7 @@ jobs: # When building variants other than 'prod' - name: Upload debug .apk artifact if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.${{ matrix.variant }}.apk path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk @@ -324,7 +324,7 @@ jobs: - name: Upload .apk SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.apk-sha256.txt path: ./com.x8bit.bitwarden.apk-sha256.txt @@ -332,7 +332,7 @@ jobs: - name: Upload .apk SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta.apk-sha256.txt path: ./com.x8bit.bitwarden.beta.apk-sha256.txt @@ -340,7 +340,7 @@ jobs: - name: Upload .aab SHA file for release if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.aab-sha256.txt path: ./com.x8bit.bitwarden.aab-sha256.txt @@ -348,7 +348,7 @@ jobs: - name: Upload .aab SHA file for beta if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta.aab-sha256.txt path: ./com.x8bit.bitwarden.beta.aab-sha256.txt @@ -356,7 +356,7 @@ jobs: - name: Upload .apk SHA file for debug if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }} - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt @@ -405,7 +405,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true @@ -442,10 +442,10 @@ jobs: --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -455,7 +455,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -464,7 +464,7 @@ jobs: ${{ runner.os }}-build- - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env.JAVA_VERSION }} @@ -515,7 +515,7 @@ jobs: keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}" - name: Upload F-Droid .apk artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden-fdroid.apk path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk @@ -527,14 +527,14 @@ jobs: > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt - name: Upload F-Droid SHA file - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden-fdroid.apk-sha256.txt path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt if-no-files-found: error - name: Upload F-Droid Beta .apk artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta-fdroid.apk path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk @@ -546,7 +546,7 @@ jobs: > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt - name: Upload F-Droid Beta SHA file - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt diff --git a/.github/workflows/crowdin-pull-authenticator.yml b/.github/workflows/crowdin-pull-authenticator.yml index 525e229b64..78d56fe7be 100644 --- a/.github/workflows/crowdin-pull-authenticator.yml +++ b/.github/workflows/crowdin-pull-authenticator.yml @@ -36,7 +36,7 @@ jobs: private-key: ${{ secrets.BW_GHAPP_KEY }} - name: Download translations - uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }} diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index 010ce9e3fc..03839ef0bd 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -36,7 +36,7 @@ jobs: private-key: ${{ secrets.BW_GHAPP_KEY }} - name: Download translations - uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/crowdin-push-authenticator.yml b/.github/workflows/crowdin-push-authenticator.yml index 01879da88d..a999065ead 100644 --- a/.github/workflows/crowdin-push-authenticator.yml +++ b/.github/workflows/crowdin-push-authenticator.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Upload sources - uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }} diff --git a/.github/workflows/crowdin-push.yml b/.github/workflows/crowdin-push.yml index ebcf8f4d51..2ad5118eca 100644 --- a/.github/workflows/crowdin-push.yml +++ b/.github/workflows/crowdin-push.yml @@ -29,7 +29,7 @@ jobs: secrets: "crowdin-api-token" - name: Upload sources - uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index 4ab7d4c9a7..3ae6c43027 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -95,7 +95,7 @@ jobs: - name: Create Release id: create_release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 + uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2 with: tag_name: "v${{ inputs.version-name }}" name: "${{ inputs.version-name }} (${{ inputs.version-number }})" diff --git a/.github/workflows/scan-ci.yml b/.github/workflows/scan-ci.yml index 4e0acea5de..0091ece10f 100644 --- a/.github/workflows/scan-ci.yml +++ b/.github/workflows/scan-ci.yml @@ -21,7 +21,7 @@ jobs: fetch-depth: 0 - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41 + uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19 with: project_name: ${{ github.repository }} cx_tenant: ${{ secrets.CHECKMARX_TENANT }} @@ -34,7 +34,7 @@ jobs: --output-path . - name: Upload Checkmarx results to GitHub - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: cx_result.sarif diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 60b5a81c6c..60b6fca51a 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -26,7 +26,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41 + uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19 env: INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}" with: @@ -41,7 +41,7 @@ jobs: --output-path . ${{ env.INCREMENTAL }} - name: Upload Checkmarx results to GitHub - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: cx_result.sarif sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ece60e98a8..024da8aa1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,10 +30,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle wrapper - uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 + uses: gradle/actions/wrapper-validation@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - name: Cache Gradle files - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.gradle/caches @@ -43,7 +43,7 @@ jobs: ${{ runner.os }}-gradle-v2- - name: Cache build output - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ${{ github.workspace }}/build-cache @@ -52,12 +52,12 @@ jobs: ${{ runner.os }}-build- - name: Configure Ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 with: bundler-cache: true - name: Configure JDK - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: "temurin" java-version: ${{ env._JAVA_VERSION }} @@ -75,7 +75,7 @@ jobs: bundle exec fastlane check - name: Upload test reports - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: always() with: name: test-reports @@ -91,7 +91,7 @@ jobs: - name: Upload to codecov.io id: upload-to-codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 + uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 if: github.event_name == 'push' || github.event_name == 'pull_request' continue-on-error: true with: