diff --git a/.github/workflows/multibuild.yaml b/.github/workflows/multibuild.yaml index bef9848f7..346dd8d3e 100644 --- a/.github/workflows/multibuild.yaml +++ b/.github/workflows/multibuild.yaml @@ -272,7 +272,7 @@ jobs: sparse-checkout: packages/dart/sshnoports/pubspec.lock sparse-checkout-cone-mode: false - name: Install Syft - uses: anchore/sbom-action/download-syft@1ca97d9028b51809cf6d3c934c3e160716e1b605 # v0.17.5 + uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6 - name: Download all the tarballs uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: diff --git a/.github/workflows/python-sshnpd-build-publish.yml b/.github/workflows/python-sshnpd-build-publish.yml index 6da8724bb..e5639315b 100644 --- a/.github/workflows/python-sshnpd-build-publish.yml +++ b/.github/workflows/python-sshnpd-build-publish.yml @@ -74,7 +74,7 @@ jobs: name: sshnpd-python-package path: dist/ - name: Publish distribution to TestPyPI - uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3 + uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0 with: skip-existing: true attestations: true @@ -99,7 +99,7 @@ jobs: name: sshnpd-python-package path: dist/ - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3 + uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0 with: attestations: true @@ -126,7 +126,7 @@ jobs: name: sshnpd-python-package path: dist/ - name: Install Syft - uses: anchore/sbom-action/download-syft@1ca97d9028b51809cf6d3c934c3e160716e1b605 # v0.17.5 + uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6 - name: Generate SBOMs run: | syft scan file:./packages/python/sshnpd/requirements.txt \