diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8c5a23a4..05c002bfc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,11 +60,11 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -94,6 +94,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 3f098ec76..3e477d3db 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -16,7 +16,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all branches and tags - uses: gitleaks/gitleaks-action@83373cf2f8c4db6e24b41c1a9b086bb9619e9cd3 # v2.3.7 diff --git a/.github/workflows/php-latte.yml b/.github/workflows/php-latte.yml index 1e36aa9cf..d30432c9b 100644 --- a/.github/workflows/php-latte.yml +++ b/.github/workflows/php-latte.yml @@ -16,11 +16,11 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-latte-templates-cache-php${{ matrix.php-version }} diff --git a/.github/workflows/php-tester-include-skipped.yml b/.github/workflows/php-tester-include-skipped.yml index b1cd1417e..c6d72e642 100644 --- a/.github/workflows/php-tester-include-skipped.yml +++ b/.github/workflows/php-tester-include-skipped.yml @@ -16,7 +16,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: pcov diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 1561c0cb4..68172f6cb 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -34,14 +34,14 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate composer.json and composer.lock run: composer --working-dir=app validate check-file-patterns: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app check-file-patterns check-makefile: @@ -51,7 +51,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -65,7 +65,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -75,7 +75,7 @@ jobs: check-sri-macros-concat: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app check-sri-macros-concat lint-php: @@ -85,7 +85,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -99,7 +99,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -113,7 +113,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -123,7 +123,7 @@ jobs: lint-xml: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app lint-xml-auto-install phpcs: @@ -133,11 +133,11 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHP_CodeSniffer cache file pattern id: phpcs-cache run: echo "file=$(php -r "echo sys_get_temp_dir() . '/phpcs.*';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpcs-cache.outputs.file }} key: phpcs-cache-php${{ matrix.php-version }} @@ -154,11 +154,11 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-cache-php${{ matrix.php-version }} @@ -175,11 +175,11 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-vendor-cache-php${{ matrix.php-version }} @@ -196,7 +196,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: pcov @@ -224,7 +224,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -238,7 +238,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a2dbc07c8..f370efea2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/tls.yml b/.github/workflows/tls.yml index 6e164d289..1302d7a88 100644 --- a/.github/workflows/tls.yml +++ b/.github/workflows/tls.yml @@ -56,7 +56,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none diff --git a/.github/workflows/vulns.yml b/.github/workflows/vulns.yml index f3967981c..ee092633e 100644 --- a/.github/workflows/vulns.yml +++ b/.github/workflows/vulns.yml @@ -13,7 +13,7 @@ jobs: composer-vulnz: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: symfonycorp/security-checker-action@258311ef7ac571f1310780ef3d79fc5abef642b5 # v5 with: lock: app/composer.lock @@ -21,11 +21,11 @@ jobs: composer-audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app composer-audit npm-audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app npm-audit