diff --git a/.github/workflows/binary-builds.yml b/.github/workflows/binary-builds.yml index d22f9b636e..3db8bbff56 100644 --- a/.github/workflows/binary-builds.yml +++ b/.github/workflows/binary-builds.yml @@ -155,7 +155,7 @@ jobs: permissions: contents: write # needed to issue a GH release or uploading release assets steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 1adc93d28f..8212d0cf54 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -59,7 +59,7 @@ jobs: platform: arm64 runs-on: ${{ matrix.platform == 'amd64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup tool versions diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 18fe511684..c6c46f0b9d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: build-mode: none steps: - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Initialize CodeQL uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml index 47d8a229be..d42a2d5c02 100644 --- a/.github/workflows/dockertests.yml +++ b/.github/workflows/dockertests.yml @@ -29,7 +29,7 @@ jobs: os: ['ubuntu-24.04', 'ubuntu-24.04-arm'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -89,7 +89,7 @@ jobs: os: ['ubuntu-24.04', 'ubuntu-24.04-arm'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -123,7 +123,7 @@ jobs: os: [ubuntu-24.04, ubuntu-24.04-arm] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -150,7 +150,7 @@ jobs: win-tests: runs-on: windows-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/.github/workflows/fix-renovate-pnpm-checksum.yml b/.github/workflows/fix-renovate-pnpm-checksum.yml index fa7ff07834..63978dce35 100644 --- a/.github/workflows/fix-renovate-pnpm-checksum.yml +++ b/.github/workflows/fix-renovate-pnpm-checksum.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: ref: ${{ github.head_ref }} token: ${{ secrets.WORKFLOW_TOKEN }} diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index d800ed53b1..93e5f2a2f8 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -55,7 +55,7 @@ jobs: packages: write # needed for publishing images on GH package registry runs-on: ${{ fromJSON(inputs.image).runner || 'ubuntu-24.04' }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Free disk space diff --git a/.github/workflows/java-reachables-test.yml b/.github/workflows/java-reachables-test.yml index 473a0c3450..852bdb212d 100644 --- a/.github/workflows/java-reachables-test.yml +++ b/.github/workflows/java-reachables-test.yml @@ -30,7 +30,7 @@ jobs: os: ['ubuntu-24.04'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up JDK ${{ matrix.java-version }} @@ -49,13 +49,13 @@ jobs: pnpm install:frozen mkdir -p repotests mkdir -p bomresults - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'DependencyTrack/dependency-track' path: 'repotests/dependency-track' ref: '4.11.1' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'DependencyTrack/frontend' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 053621172f..57049ab0e0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -31,7 +31,7 @@ jobs: lint: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 001369d989..ad5e942259 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -49,7 +49,7 @@ jobs: outputs: node-versions: ${{ steps.read-versions.outputs.versions }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - id: read-versions @@ -66,7 +66,7 @@ jobs: os: ['ubuntu-22.04', 'ubuntu-24.04', 'windows-latest', 'windows-11-arm', 'ubuntu-22.04-arm', 'ubuntu-24.04-arm', 'macos-15', 'macos-latest'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -93,7 +93,7 @@ jobs: matrix: java-version: ['24'] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up Python @@ -179,7 +179,7 @@ jobs: artifact: cdxgenx runs-on: ${{ matrix.os }}-latest steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 9cf71549de..df55c380c5 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -23,7 +23,7 @@ jobs: permissions: id-token: write # needed for npm provenance attestation steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -58,7 +58,7 @@ jobs: permissions: packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up QEMU @@ -101,7 +101,7 @@ jobs: permissions: packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up QEMU @@ -145,7 +145,7 @@ jobs: permissions: packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false fetch-depth: 0 @@ -174,7 +174,7 @@ jobs: contents: write # needed for creating GH releases and uploading release assets packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -258,7 +258,7 @@ jobs: contents: write # needed for creating GH releases and uploading release assets packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -329,7 +329,7 @@ jobs: contents: write # needed for creating GH releases and uploading release assets packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -399,7 +399,7 @@ jobs: permissions: packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm @@ -452,7 +452,7 @@ jobs: contents: write # needed for creating GH releases and uploading release assets packages: write # needed for uploading images to GH package registry steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/.github/workflows/nydus-demo.yml b/.github/workflows/nydus-demo.yml index 8b2c8b364d..86a39c148b 100644 --- a/.github/workflows/nydus-demo.yml +++ b/.github/workflows/nydus-demo.yml @@ -20,7 +20,7 @@ jobs: os: ['ubuntu-latest'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up JDK ${{ matrix.java-version }} @@ -32,7 +32,7 @@ jobs: uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: .nvmrc - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'DependencyTrack/dependency-track' diff --git a/.github/workflows/python-atom-tests.yml b/.github/workflows/python-atom-tests.yml index 313e55e08b..8bf8c606a4 100644 --- a/.github/workflows/python-atom-tests.yml +++ b/.github/workflows/python-atom-tests.yml @@ -30,7 +30,7 @@ jobs: os: ['ubuntu-24.04'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false fetch-depth: 0 @@ -53,43 +53,43 @@ jobs: mkdir -p bomresults env: CI: true - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'scipy/scipy' path: 'repotests/scipy' ref: 'v1.15.2' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'psf/black' path: 'repotests/black' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'psf/pyperf' path: 'repotests/pyperf' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'psf/cachecontrol' path: 'repotests/cachecontrol' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'pallets/flask' path: 'repotests/flask' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'pallets/click' path: 'repotests/click' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'pallets/jinja' path: 'repotests/jinja' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'pypa/bandersnatch' diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index d23afec0ab..6620876a3d 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 413ff84509..c74d3be26f 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -29,15 +29,15 @@ jobs: cli-tests-quick-amd64: runs-on: ["self-hosted", "ubuntu", "amd64"] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'hoolicorp/java-sec-code' path: 'repotests/java-sec-code' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'wix/greyhound' @@ -94,37 +94,37 @@ jobs: cli-tests-quick-arm64: runs-on: ["self-hosted", "ubuntu", "arm64"] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: '1.25.4' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'aws-solutions/iot-device-simulator' path: 'repotests/iot-device-simulator' ref: 'v3.0.9' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'ollama/ollama' path: 'repotests/ollama' ref: 'v0.5.7' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'caddyserver/caddy' path: 'repotests/caddy' ref: 'v2.9.1' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'flutter/gallery' ref: 'v2.10.2' path: 'repotests/gallery' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'ShiftLeftSecurity/shiftleft-go-example' @@ -182,7 +182,7 @@ jobs: os: ['self-hosted-ubuntu', 'ubuntu-24.04-arm', 'windows-latest', 'macos-15'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up JDK ${{ matrix.java-version }} @@ -277,276 +277,276 @@ jobs: - name: pip install custom-json-diff run: | pip install custom-json-diff - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'ShiftLeftSecurity/shiftleft-java-example' path: 'repotests/shiftleft-java-example' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'ShiftLeftSecurity/shiftleft-ts-example' path: 'repotests/shiftleft-ts-example' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'HooliCorp/vulnerable_net_core' path: 'repotests/vulnerable_net_core' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'HooliCorp/Goatly.NET' path: 'repotests/Goatly.NET' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'HooliCorp/DjanGoat' path: 'repotests/DjanGoat' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'prabhu/Vulnerable-Web-Application' path: 'repotests/Vulnerable-Web-Application' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'prabhu/railsgoat' path: 'repotests/railsgoat' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'bazelbuild/examples' path: 'repotests/bazel-examples' ref: 'b51e3bdd468ce8c4a516d7dca993909dcc84af32' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'gojek/ziggurat' ref: '4.9.4' path: 'repotests/ziggurat' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'apple/swift-markdown' ref: '0.3.0' path: 'repotests/swift-markdown' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'GoogleCloudPlatform/microservices-demo' ref: 'v0.8.1' path: 'repotests/microservices-demo' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'zoom/meetingsdk-vuejs-sample' ref: 'v2.18.0' path: 'repotests/meetingsdk-vuejs-sample' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'kriasoft/react-app' path: 'repotests/react-app' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'patrickjuchli/basic-ftp' path: 'repotests/basic-ftp' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'Atome-FE/llama-node' path: 'repotests/llama-node' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'DIYgod/RSSHub' path: 'repotests/RSSHub' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'sveltejs/examples' path: 'repotests/sveltejs-examples' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'openpbs/openpbs' ref: 'v23.06.06' path: 'repotests/openpbs' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'home-assistant/android' ref: '2023.11.3' path: 'repotests/ha-android' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'rust-lang/rust' ref: '1.74.0' path: 'repotests/rs-rust' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'rust-lang/cargo' ref: '0.75.0' path: 'repotests/rs-cargo' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'Keats/validator' ref: 'v0.15.0' path: 'repotests/rs-validator' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'tokio-rs/axum' ref: 'axum-v0.6.20' path: 'repotests/rs-axum' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'fsprojects/FAKE' ref: '6.0.0' path: 'repotests/dotnet-paket' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'timheuer/SimpleFrameworkApp' ref: 'master' path: 'repotests/SimpleFrameworkApp' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'chabbasaad/Reporting-Windows-Application' ref: 'master' path: 'repotests/Reporting-Windows-Application' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'appthreat/blint' ref: 'v1.0.34' path: 'repotests/blint' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'hoolicorp/java-sec-code' path: 'repotests/java-sec-code' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'DefectDojo/django-DefectDojo' ref: '2.28.2' path: 'repotests/django-DefectDojo' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'googleprojectzero/Jackalope' path: 'repotests/Jackalope' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'hritik14/broken-mvn-wrapper' path: 'repotests/broken-mvn-wrapper' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'microsoft/dotnet-podcasts' path: 'repotests/dotnet-podcasts' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'microsoft/react-native-windows' path: 'repotests/react-native-windows' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'oracle/dbt-oracle' path: 'repotests/dbt-oracle' ref: 'v1.7.6' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'fortra/impacket' path: 'repotests/impacket' ref: 'impacket_0_9_20' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'wix/greyhound' path: 'repotests/greyhound' ref: '385bb84a6f712ee18064a3b5ecb8d9dcbc1c75f3' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'owasp-dep-scan/blint' path: 'repotests/blint' ref: 'v2.2.2' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'malice00/cdxgen-expo-test' ref: 'main' path: 'repotests/expo-test' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'malice00/cdxgen-cocoapods-test' ref: 'main' path: 'repotests/cocoapods-test' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'elastic/elasticsearch' path: 'repotests/elasticsearch' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'quarkusio/quarkus-quickstarts' path: 'repotests/quarkus-quickstarts' ref: '3.17.3' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'aws-solutions/iot-device-simulator' path: 'repotests/iot-device-simulator' ref: 'v3.0.9' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'bionomia/bionomia' path: 'repotests/bionomia' ref: '5ada8b5f4a5f68561a7195e2badc2f744dc4676e' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'MaibornWolff/SecObserve' path: 'repotests/SecObserve' ref: 'v1.28.0' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'SeanyCash/TwinCAT_CNC' path: 'repotests/TwinCAT_CNC' ref: '0e1020338c10cf77249aeaff34520f9516816167' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'playframework/play-samples' path: 'repotests/play-samples' ref: '0dccba17856e89dbb5e457ab760efb14cc691395' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'com-lihaoyi/mill' path: 'repotests/mill' ref: '0.12.10' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'ngudbhav/rails-api-boilerplate' path: 'repotests/rails-api-boilerplate' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'eclipse-theia/theia-ide' @@ -985,7 +985,7 @@ jobs: CDXGEN_DEBUG_MODE: verbose NODE_NO_WARNINGS: 1 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Set up JDK ${{ matrix.java-version }} @@ -1050,18 +1050,18 @@ jobs: - name: pip install custom-json-diff run: | pip install custom-json-diff - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'hoolicorp/java-sec-code' path: 'repotests/java-sec-code' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'quarkusio/quarkus-quickstarts' path: 'repotests/quarkus-quickstarts' ref: '3.17.3' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false repository: 'aws-solutions/iot-device-simulator' diff --git a/.github/workflows/snapshot-tests.yml b/.github/workflows/snapshot-tests.yml index dca97d3e41..9a668a983d 100644 --- a/.github/workflows/snapshot-tests.yml +++ b/.github/workflows/snapshot-tests.yml @@ -42,7 +42,7 @@ jobs: runs-on: ["snapshot-test"] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/test-nodejs-nightly.yml b/.github/workflows/test-nodejs-nightly.yml index a4890ceae6..d552b54167 100644 --- a/.github/workflows/test-nodejs-nightly.yml +++ b/.github/workflows/test-nodejs-nightly.yml @@ -20,7 +20,7 @@ jobs: os: [ 'macos-15', 'ubuntu-24.04', 'ubuntu-24.04-arm', 'windows-11-arm', 'windows-2022', 'windows-2025' ] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Setup pnpm diff --git a/lib/helpers/utils.poku.js b/lib/helpers/utils.poku.js index 90863132f6..f62119bab5 100644 --- a/lib/helpers/utils.poku.js +++ b/lib/helpers/utils.poku.js @@ -2593,8 +2593,8 @@ it("parse github actions workflow data", () => { assert.deepStrictEqual(dep_list[0], { group: "actions", name: "checkout", - version: "6.0.0", - purl: "pkg:github/actions/checkout@6.0.0?commit=1af3b93b6815bc44a9784bd300feb67ff0d1eeb3", + version: "6.0.1", + purl: "pkg:github/actions/checkout@6.0.1?commit=8e8c483db84b4bee98b60c0593521ed34d9990e8", properties: [ { name: "SrcFile",