diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8c8e542..73e0e92c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,14 +32,14 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - if: ${{ matrix.target == 'Windows' }} - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 id: cache-winsdk with: path: /winsdk key: cache-winsdk-10.0.26100-14.43.17.13 - if: ${{ matrix.target == 'Windows' && steps.cache-winsdk.outputs.cache-hit != 'true' }} run: ./get-winsdk.sh - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }}-${{ matrix.target }} max-size: 2G @@ -59,7 +59,7 @@ jobs: container: ghcr.io/philips-software/amp-devcontainer-cpp:v6.10.2@sha256:6dcb2bba0b158b055995b728631e1b92c7e8bae97119b0f171429423ed9d5e19 # v6.10.2 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} max-size: 2G @@ -88,7 +88,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }}-${{ matrix.os }}-${{ matrix.type }}${{ matrix.preset_suffix }} max-size: 2G diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 88822524..878f13c8 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -26,13 +26,13 @@ jobs: with: fetch-depth: 0 persist-credentials: false - - uses: oxsecurity/megalinter/flavors/c_cpp@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0 + - uses: oxsecurity/megalinter/flavors/c_cpp@0e3ce9b9c8c10effb9b269509cc47ca17cae31c7 # v9.5.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: git diff - - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 if: ${{ success() || failure() }} with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index b4b4cb20..d7e72745 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -19,7 +19,7 @@ jobs: name: Create Release runs-on: [ubuntu-latest] steps: - - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 id: token with: app-id: ${{ vars.FOREST_RELEASER_APP_ID }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c97fb7ca..95512311 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -31,6 +31,6 @@ jobs: results_format: sarif repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} publish_results: true - - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: sarif_file: scorecards.sarif diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 851a9b0d..6641c9d0 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -27,7 +27,7 @@ jobs: fetch-depth: 0 # Disable shallow clone to enable blame information persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} max-size: 2G @@ -73,14 +73,14 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: hendrikmuhs/ccache-action@33522472633dbd32578e909b315f5ee43ba878ce # v1.2.22 + - uses: hendrikmuhs/ccache-action@d62db5f07c26379fc4b4e0916f098a92573c3b03 # v1.2.23 with: key: ${{ github.job }} - - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 with: languages: cpp - uses: lukka/run-cmake@5d55ea7949e25f69f0ecb516d8d572297e03a956 # v10.9 with: configurePreset: "Host" buildPreset: "Host-Debug" - - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 diff --git a/.mega-linter.yml b/.mega-linter.yml index 3cac3b79..bfd7a14e 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -20,10 +20,13 @@ DISABLE_LINTERS: - SPELL_CSPELL DISABLE_ERRORS_LINTERS: - MARKDOWN_MARKDOWN_LINK_CHECK + - REPOSITORY_OSV_SCANNER - SPELL_PROSELINT - SPELL_LYCHEE CPP_CLANG_FORMAT_FILTER_REGEX_EXCLUDE: (external) SPELL_PROSELINT_FILE_EXTENSIONS: [".md", ".adoc"] +ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES: + - GITHUB_TOKEN SARIF_REPORTER: true PRINT_ALPACA: false SHOW_SKIPPED_LINTERS: false