From c151b844cbfd14d73dde2ea3a3f43fd351c99a59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 08:54:13 +0000 Subject: [PATCH 1/5] deps/gha: bump softprops/action-gh-release from 2.1.0 to 2.2.0 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/01570a1f39cb168c169c802c3bceb9e93fb10974...7b4da11513bf3f43f9999e90eabced41ab8bb048) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/push-github.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-github.yml b/.github/workflows/push-github.yml index 81d9cf9ac..2e9489e07 100644 --- a/.github/workflows/push-github.yml +++ b/.github/workflows/push-github.yml @@ -50,7 +50,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION != 'testing' - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: body: | Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/ @@ -74,7 +74,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION == 'testing' - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: body: | **The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.** From 72d74ece414ee43f17fa5a1ea27f1919d4bcfe67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 08:48:19 +0000 Subject: [PATCH 2/5] deps/gha: bump github/codeql-action from 3.27.5 to 3.27.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.5 to 3.27.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 079b45e12..eafa490ec 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,12 +35,12 @@ jobs: python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yml setup-python-dependencies: false - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 1258ea84c..525adff6e 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -25,6 +25,6 @@ jobs: results_format: sarif publish_results: true - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif From f36ba4245aac2e79cfc7202ca4beae7d811b72ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 08:22:01 +0000 Subject: [PATCH 3/5] deps/gha: bump ruby/setup-ruby from 1.202.0 to 1.204.0 Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.202.0 to 1.204.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc...401c19e14f474b54450cd3905bb8b86e2c8509cf) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/push-packagecloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-packagecloud.yml b/.github/workflows/push-packagecloud.yml index 3e975f800..a6934f842 100644 --- a/.github/workflows/push-packagecloud.yml +++ b/.github/workflows/push-packagecloud.yml @@ -42,7 +42,7 @@ jobs: - name: Check out repository code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install ruby - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0 + uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0 with: ruby-version: "3.0" - name: Install packagecloud From 699c5cc616b50e069cbfac6dea6050b39da1ae7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 08:21:26 +0000 Subject: [PATCH 4/5] deps/gha: bump docker/setup-buildx-action from 3.7.1 to 3.8.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/container-build.yml | 4 ++-- .github/workflows/linux-build.yml | 4 ++-- .github/workflows/push-docker.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 1bfb6c467..9708e7209 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -66,10 +66,10 @@ jobs: SSH_IP: ${{ secrets.ARM_SSH_IP }} SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} - name: Setup Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: inputs.CACHE_SUFFIX != 'arm' - name: Setup Buildx (ARM) - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: inputs.CACHE_SUFFIX == 'arm' with: endpoint: ssh://root@arm diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index d6d44eb15..280a3c5bb 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -75,10 +75,10 @@ jobs: SSH_IP: ${{ secrets.ARM_SSH_IP }} SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} - name: Setup Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: startsWith(env.ARCH, 'arm') == false - name: Setup Buildx (ARM) - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: startsWith(env.ARCH, 'arm') == true with: endpoint: ssh://root@arm diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 4b17ef76e..60911b2ca 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -58,7 +58,7 @@ jobs: SSH_IP: ${{ secrets.ARM_SSH_IP }} SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} - name: Setup Buildx (ARM) - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: endpoint: ssh://root@arm platforms: linux/arm64,linux/arm/v7,linux/arm/v6 From 1983b41feef645cad8f86c1153691823cda626f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 08:42:13 +0000 Subject: [PATCH 5/5] deps/gha: bump actions/upload-artifact from 4.4.3 to 4.5.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.5.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/doc-to-pdf.yml | 2 +- .github/workflows/linux-build.yml | 2 +- .github/workflows/staging-create-infra.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/doc-to-pdf.yml b/.github/workflows/doc-to-pdf.yml index b54a208b6..f9d4880af 100644 --- a/.github/workflows/doc-to-pdf.yml +++ b/.github/workflows/doc-to-pdf.yml @@ -32,7 +32,7 @@ jobs: run: mkdocs serve & sleep 10 - name: Run pdf script run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}' - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index d6d44eb15..89f8e1fc2 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -132,7 +132,7 @@ jobs: scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }} env: LARCH: ${{ env.LARCH }} - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: package-${{ inputs.LINUX }}-${{ env.LARCH }} path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }} diff --git a/.github/workflows/staging-create-infra.yml b/.github/workflows/staging-create-infra.yml index 7fe502230..f91673a59 100644 --- a/.github/workflows/staging-create-infra.yml +++ b/.github/workflows/staging-create-infra.yml @@ -52,7 +52,7 @@ jobs: if: always() env: SECRET_KEY: ${{ secrets.SECRET_KEY }} - - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: always() with: name: tf-${{ inputs.TYPE }}