diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 22ee0fd88..e92eaca6c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,10 +27,10 @@ jobs: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/ng-renovate.yml b/.github/workflows/ng-renovate.yml index e31bc7c42..bab725a1f 100644 --- a/.github/workflows/ng-renovate.yml +++ b/.github/workflows/ng-renovate.yml @@ -41,7 +41,7 @@ jobs: uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Setup Dart if: matrix.REPOSITORY == 'angular/dev-infra' # Dart is only needed for rules_sass which is in dev-infra. - uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c # v1 + uses: dart-lang/setup-dart@65eb853c7ba17dde3be364c3d2858773e7144260 # v1 - run: pnpm exec renovate working-directory: ./.github/ng-renovate env: diff --git a/.github/workflows/rules_sass-compiler-updates.yml b/.github/workflows/rules_sass-compiler-updates.yml index fb7efff85..9c96b3322 100644 --- a/.github/workflows/rules_sass-compiler-updates.yml +++ b/.github/workflows/rules_sass-compiler-updates.yml @@ -26,11 +26,11 @@ jobs: working-directory: bazel/rules/rules_sass steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: dart-lang/setup-dart@e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c # v1 + - uses: dart-lang/setup-dart@65eb853c7ba17dde3be364c3d2858773e7144260 # v1 - run: dart pub get --enforce-lockfile - run: mkdir -p src/compiler/built/ - run: dart compile exe src/compiler/bin/x_sass.dart -o src/compiler/built/${{ matrix.bin_name }} - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ matrix.bin_name }} path: bazel/rules/rules_sass/src/compiler/built/${{ matrix.bin_name }} @@ -66,7 +66,7 @@ jobs: fi - name: Create Pull Request if: steps.check.outputs.skip_pr != 'true' - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.ANGULAR_ROBOT_ACCESS_TOKEN }} push-to-fork: 'angular-robot/dev-infra' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 75724207b..6162e9564 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: # Upload the results as artifacts. - name: 'Upload artifact' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif diff --git a/github-actions/bazel/setup/action.yml b/github-actions/bazel/setup/action.yml index 3021614e1..b8ebfcbc0 100644 --- a/github-actions/bazel/setup/action.yml +++ b/github-actions/bazel/setup/action.yml @@ -13,7 +13,7 @@ runs: using: composite steps: - name: Configure action caching for bazel version downloaded by bazelisk - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ~/.cache/bazelisk @@ -27,7 +27,7 @@ runs: shell: bash - name: Configure action caching for bazel repository cache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: # Note: Bazel repository cache is located in system locations and cannot use # a shared cache between different runner operating systems. diff --git a/github-actions/previews/pack-and-upload-artifact/action.yml b/github-actions/previews/pack-and-upload-artifact/action.yml index 334ead239..fe9d0c8d0 100644 --- a/github-actions/previews/pack-and-upload-artifact/action.yml +++ b/github-actions/previews/pack-and-upload-artifact/action.yml @@ -61,7 +61,7 @@ runs: tar -chzvf "$pkg" -C '${{steps.copy.outputs.deploy-dir}}' . echo "artifact-path=$pkg" >> $GITHUB_OUTPUT - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: '${{inputs.workflow-artifact-name}}' path: '${{steps.pack.outputs.artifact-path}}' diff --git a/github-actions/previews/upload-artifacts-to-firebase/action.yml b/github-actions/previews/upload-artifacts-to-firebase/action.yml index e4370c842..229f90dfd 100644 --- a/github-actions/previews/upload-artifacts-to-firebase/action.yml +++ b/github-actions/previews/upload-artifacts-to-firebase/action.yml @@ -91,7 +91,7 @@ runs: entryPoint: '${{inputs.firebase-config-dir}}' channelId: pr-${{github.repository}}-${{steps.artifact-info.outputs.unsafe-pull-number}}-${{inputs.workflow-artifact-name}} - - uses: marocchino/sticky-pull-request-comment@d4d6b0936434b21bc8345ad45a440c5f7d2c40ff # v3.0.3 + - uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 with: header: ${{inputs.workflow-artifact-name}} message: |