From d470cc40ac974e4b075f281014b361999149028e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 20:46:48 +0000 Subject: [PATCH 1/3] Bump actions/checkout from 4.2.1 to 4.2.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/gitleaks.yml | 2 +- .github/workflows/php-latte.yml | 2 +- .../workflows/php-tester-include-skipped.yml | 2 +- .github/workflows/php.yml | 30 +++++++++---------- .github/workflows/scorecard.yml | 2 +- .github/workflows/tls.yml | 2 +- .github/workflows/vulns.yml | 6 ++-- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8c5a23a4..8b0cf1759 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,7 +60,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 3f098ec76..3e477d3db 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -16,7 +16,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for all branches and tags - uses: gitleaks/gitleaks-action@83373cf2f8c4db6e24b41c1a9b086bb9619e9cd3 # v2.3.7 diff --git a/.github/workflows/php-latte.yml b/.github/workflows/php-latte.yml index 1e36aa9cf..b1ccfd2b8 100644 --- a/.github/workflows/php-latte.yml +++ b/.github/workflows/php-latte.yml @@ -16,7 +16,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT diff --git a/.github/workflows/php-tester-include-skipped.yml b/.github/workflows/php-tester-include-skipped.yml index b1cd1417e..c6d72e642 100644 --- a/.github/workflows/php-tester-include-skipped.yml +++ b/.github/workflows/php-tester-include-skipped.yml @@ -16,7 +16,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: pcov diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 1561c0cb4..9165541be 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -34,14 +34,14 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate composer.json and composer.lock run: composer --working-dir=app validate check-file-patterns: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app check-file-patterns check-makefile: @@ -51,7 +51,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -65,7 +65,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -75,7 +75,7 @@ jobs: check-sri-macros-concat: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app check-sri-macros-concat lint-php: @@ -85,7 +85,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -99,7 +99,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -113,7 +113,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -123,7 +123,7 @@ jobs: lint-xml: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app lint-xml-auto-install phpcs: @@ -133,7 +133,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHP_CodeSniffer cache file pattern id: phpcs-cache run: echo "file=$(php -r "echo sys_get_temp_dir() . '/phpcs.*';")" >> $GITHUB_OUTPUT @@ -154,7 +154,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT @@ -175,7 +175,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT @@ -196,7 +196,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: pcov @@ -224,7 +224,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none @@ -238,7 +238,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a2dbc07c8..bb43ebbe0 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/tls.yml b/.github/workflows/tls.yml index 6e164d289..1302d7a88 100644 --- a/.github/workflows/tls.yml +++ b/.github/workflows/tls.yml @@ -56,7 +56,7 @@ jobs: php-version: - "8.3" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2 with: coverage: none diff --git a/.github/workflows/vulns.yml b/.github/workflows/vulns.yml index f3967981c..ee092633e 100644 --- a/.github/workflows/vulns.yml +++ b/.github/workflows/vulns.yml @@ -13,7 +13,7 @@ jobs: composer-vulnz: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: symfonycorp/security-checker-action@258311ef7ac571f1310780ef3d79fc5abef642b5 # v5 with: lock: app/composer.lock @@ -21,11 +21,11 @@ jobs: composer-audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app composer-audit npm-audit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: make --directory=app npm-audit From 93c4853afdb99685e3af412aa2228e688efec780 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 20:46:54 +0000 Subject: [PATCH 2/3] Bump github/codeql-action from 3.26.13 to 3.27.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...662472033e021d55d94146f66f6058822b0b39fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8b0cf1759..05c002bfc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,7 +64,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -94,6 +94,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bb43ebbe0..f370efea2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif From d037b445905afaa7bb9c361eac14e9346c9d3cc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 20:46:58 +0000 Subject: [PATCH 3/3] Bump actions/cache from 4.1.1 to 4.1.2 Bumps [actions/cache](https://github.com/actions/cache) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/3624ceb22c1c5a301c8db4169662070a689d9ea8...6849a6489940f00c2f30c0fb92c6274307ccb58a) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/php-latte.yml | 2 +- .github/workflows/php.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/php-latte.yml b/.github/workflows/php-latte.yml index b1ccfd2b8..d30432c9b 100644 --- a/.github/workflows/php-latte.yml +++ b/.github/workflows/php-latte.yml @@ -20,7 +20,7 @@ jobs: - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-latte-templates-cache-php${{ matrix.php-version }} diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index 9165541be..68172f6cb 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -137,7 +137,7 @@ jobs: - name: Get PHP_CodeSniffer cache file pattern id: phpcs-cache run: echo "file=$(php -r "echo sys_get_temp_dir() . '/phpcs.*';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpcs-cache.outputs.file }} key: phpcs-cache-php${{ matrix.php-version }} @@ -158,7 +158,7 @@ jobs: - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-cache-php${{ matrix.php-version }} @@ -179,7 +179,7 @@ jobs: - name: Get PHPStan result cache directory id: phpstan-cache run: echo "dir=$(php -r "echo sys_get_temp_dir() . '/phpstan';")" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.phpstan-cache.outputs.dir }} key: phpstan-vendor-cache-php${{ matrix.php-version }}