From 0567a887bfb3e3dc0f1f930d3b5bc568541da654 Mon Sep 17 00:00:00 2001 From: danish siddiqui Date: Wed, 12 Jun 2024 18:11:31 +0530 Subject: [PATCH 1/3] add semver to dependencies Signed-off-by: danish siddiqui --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/fossa.yml | 2 +- .github/workflows/validate-dependabot-config.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index aeb6cd5580b..90e39a390c1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 8b63ec693cb..09379f0f045 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -38,7 +38,7 @@ jobs: echo "$GOPATH/bin" >>"$GITHUB_PATH" - name: Run FOSSA scan and upload report - uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 + uses: fossa-contrib/fossa-action@cdc5065bcdee31a32e47d4585df72d66e8e941c2 # v3.0.0 with: # FOSSA Push-Only API Token fossa-api-key: 304657e2357ba57b416b94e6b119131b diff --git a/.github/workflows/validate-dependabot-config.yml b/.github/workflows/validate-dependabot-config.yml index 3ea7944dceb..0e02bf49a39 100644 --- a/.github/workflows/validate-dependabot-config.yml +++ b/.github/workflows/validate-dependabot-config.yml @@ -9,6 +9,6 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4 #v4.1.6 - uses: marocchino/validate-dependabot@v3 id: validate From 7a519a64ac70c0739decdfe68e63bd3cc4e77130 Mon Sep 17 00:00:00 2001 From: Yuri Shkuro Date: Fri, 14 Jun 2024 22:46:44 -0400 Subject: [PATCH 2/3] fix versions Signed-off-by: Yuri Shkuro --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 90e39a390c1..7392f5240f7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 #v2.17.4 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 From ea930418cedef39bd7a13d96a9680e031965511c Mon Sep 17 00:00:00 2001 From: Yuri Shkuro Date: Fri, 14 Jun 2024 22:52:18 -0400 Subject: [PATCH 3/3] fix Signed-off-by: Yuri Shkuro --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/validate-dependabot-config.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7392f5240f7..212eadbc143 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -53,7 +53,7 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 #v3.25.6 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 diff --git a/.github/workflows/validate-dependabot-config.yml b/.github/workflows/validate-dependabot-config.yml index 0e02bf49a39..e02e73e6fdf 100644 --- a/.github/workflows/validate-dependabot-config.yml +++ b/.github/workflows/validate-dependabot-config.yml @@ -9,6 +9,6 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 #v4.1.6 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: marocchino/validate-dependabot@v3 id: validate