chore(workflows): update github actions (#1393)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [github/codeql-action](https://togithub.com/github/codeql-action) | action | digest | `883d858` -> `f0f3afe` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/github/codeql-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | | [github/privileged-requester](https://togithub.com/github/privileged-requester) | action | patch | `v2.3.0` -> `v2.3.2` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/github/privileged-requester/badge)](https://securityscorecards.dev/viewer/?uri=github.com/github/privileged-requester) | --- ### Release Notes <details> <summary>github/privileged-requester (github/privileged-requester)</summary> ### [`v2.3.2`](https://togithub.com/github/privileged-requester/releases/tag/v2.3.2) [Compare Source](https://togithub.com/github/privileged-requester/compare/v2.3.1...v2.3.2) #### What's Changed - Commit verification bug by [@GrantBirki](https://togithub.com/GrantBirki) in [https://github.com/github/privileged-requester/pull/174](https://togithub.com/github/privileged-requester/pull/174) **Full Changelog**: github/privileged-requester@v2.3.1...v2.3.2 ### [`v2.3.1`](https://togithub.com/github/privileged-requester/releases/tag/v2.3.1) [Compare Source](https://togithub.com/github/privileged-requester/compare/v2.3.0...v2.3.1) #### What's Changed - Bump nock from 13.5.4 to 13.5.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/github/privileged-requester/pull/173](https://togithub.com/github/privileged-requester/pull/173) - Bump prettier from 3.2.5 to 3.3.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/github/privileged-requester/pull/165](https://togithub.com/github/privileged-requester/pull/165) **Full Changelog**: github/privileged-requester@v2.3.0...v2.3.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/weareinreach/InReach).   ## Summary by CodeRabbit - **Improvements** - Updated the GitHub Actions workflows to use newer versions of action integrations, which may include bug fixes and performance enhancements. - Ensured continued functionality of automated review processes and code analysis workflows. - **Bug Fixes** - Addressed potential issues in action executions by updating to the latest versions of the respective actions.  Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
weareinreach · Aug 23, 2024 · aec5a0e · aec5a0e
1 parent 30ebf2b
commit aec5a0e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/.github/workflows/approve.yml b/.github/workflows/approve.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     name: '🤖 PR Auto Approve'
     steps:
-      - uses: github/privileged-requester@29be02034609a90b30859edafa8b1e1d19738c79 # v2.3.0
+      - uses: github/privileged-requester@ebdc640ba40d7488197e7d4dae814fbfae092e65 # v2.3.2
         if: ${{ github.event.requested_reviewer.login == 'InReach-svc'}}
         with:
           github_token: ${{ secrets.GH_ACT_PAT }}

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -25,6 +25,6 @@ jobs:
       - name: ⤵️ Check out code from GitHub
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: 🏗 Initialize CodeQL
-        uses: github/codeql-action/init@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3
+        uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3
       - name: 🚀 Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3
+        uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
@@ -37,6 +37,6 @@ jobs:
         with:
           args: '. --sarif --output results.sarif || true'
       - name: Upload njsscan report
-        uses: github/codeql-action/upload-sarif@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3
+        uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3
         with:
           sarif_file: results.sarif