diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 922916c5..1b495dbc 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 9b737616..4c960b98 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -135,7 +135,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4c3bfde6..894baca1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -368,12 +368,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: Coveralls Finished - uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 # v2.3.4 + uses: coverallsapp/github-action@773b6d8e80fa7862da56a7664bd747c91255b2e2 # v2.3.5 with: github-token: ${{ secrets.github_token }} parallel-finished: true diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index f2307b63..4c6633e0 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -61,7 +61,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -71,7 +71,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c + uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 with: languages: 'cpp' @@ -211,7 +211,7 @@ jobs: - name: Coveralls Parallel if: inputs.enable_coverage == true - uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 # v2.3.4 + uses: coverallsapp/github-action@773b6d8e80fa7862da56a7664bd747c91255b2e2 # v2.3.5 with: github-token: ${{ secrets.github_token }} flag-name: run-${{inputs.build_type}}-${{inputs.platform}}-${{inputs.arch}} @@ -306,4 +306,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c + uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 59f68326..2d80453f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 62e49cb2..bbfe4406 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index bf624e67..8a819ae2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit @@ -57,7 +57,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c + uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 with: languages: 'cpp' @@ -124,4 +124,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c + uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4