From a1dea94037346d164831e95b95ba27deb6ce762b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 01:07:24 +0000 Subject: [PATCH] chore(deps): update github-actions --- .github/workflows/ci.yml | 24 ++++++++++++------------ .github/workflows/lint.yml | 14 +++++++------- .github/workflows/pages.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/scheduled-release.yml | 4 ++-- .github/workflows/security.yml | 20 ++++++++++---------- .github/workflows/update-vendor-hash.yml | 8 ++++---- 7 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a3780785..1d17c160 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: ci: ${{ steps.detect.outputs.ci }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -72,7 +72,7 @@ jobs: - windows-11-arm steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -243,7 +243,7 @@ jobs: --health-retries 5 steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -285,7 +285,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -319,7 +319,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -337,7 +337,7 @@ jobs: with: persist-credentials: false - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Build with Nix run: nix build '.#micasa' @@ -352,7 +352,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -367,7 +367,7 @@ jobs: with: persist-credentials: false - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Build docs run: nix run '.#docs' @@ -383,7 +383,7 @@ jobs: runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -419,7 +419,7 @@ jobs: build_tags: ["", "selfhosted"] steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -446,7 +446,7 @@ jobs: persist-credentials: false - name: Setup Blacksmith Builder - uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1 + uses: useblacksmith/setup-docker-builder@722e97d12b1d06a961800dd6c05d79d951ad3c80 # v1 - name: Build relay image${{ matrix.build_tags && format(' ({0})', matrix.build_tags) }} run: docker build --build-arg BUILD_TAGS=${{ matrix.build_tags }} -f deploy/relay/Dockerfile . @@ -463,7 +463,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c5170192..fe5b0e46 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -21,7 +21,7 @@ jobs: ci: ${{ steps.detect.outputs.ci }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -61,7 +61,7 @@ jobs: CGO_ENABLED: "0" steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -106,7 +106,7 @@ jobs: CGO_ENABLED: "0" steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -143,7 +143,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -161,7 +161,7 @@ jobs: fetch-depth: 0 persist-credentials: false - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Run pre-commit hooks env: @@ -180,7 +180,7 @@ jobs: CGO_ENABLED: "0" steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -213,7 +213,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 2e02e03b..0feea5a3 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -31,7 +31,7 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -48,7 +48,7 @@ jobs: - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Build docs run: nix run '.#docs' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6056b583..26380995 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: packages: write steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: audit @@ -51,7 +51,7 @@ jobs: # of pre-built CGO_ENABLED=0 binaries. Buildx assembles the multi-arch # manifest without emulation. - name: Setup Blacksmith Builder - uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1 + uses: useblacksmith/setup-docker-builder@722e97d12b1d06a961800dd6c05d79d951ad3c80 # v1 # useblacksmith/setup-docker-builder drops buildkitd.toml in the repo # root, which trips goreleaser's dirty-state check. Exclude it locally diff --git a/.github/workflows/scheduled-release.yml b/.github/workflows/scheduled-release.yml index ce8a5232..5842b066 100644 --- a/.github/workflows/scheduled-release.yml +++ b/.github/workflows/scheduled-release.yml @@ -24,7 +24,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: audit @@ -32,7 +32,7 @@ jobs: - name: Generate app token id: app-token - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: client-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 6c7d40eb..b5669c68 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -21,7 +21,7 @@ jobs: ci: ${{ steps.detect.outputs.ci }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -59,7 +59,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -77,7 +77,7 @@ jobs: with: persist-credentials: false - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Run govulncheck run: nix run '.#govulncheck' @@ -94,7 +94,7 @@ jobs: CGO_ENABLED: "0" steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -133,7 +133,7 @@ jobs: cancel-in-progress: ${{ github.event_name == 'pull_request' }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -148,7 +148,7 @@ jobs: fetch-depth: 0 persist-credentials: false - - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2 + - uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab # v3.95.3 with: extra_args: --only-verified @@ -167,7 +167,7 @@ jobs: CGO_ENABLED: "0" steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -189,7 +189,7 @@ jobs: go-version: "1.26" - name: Initialize CodeQL - uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: languages: go build-mode: manual @@ -198,7 +198,7 @@ jobs: run: go build ./... - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 result: name: Security Result @@ -207,7 +207,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: block disable-telemetry: true diff --git a/.github/workflows/update-vendor-hash.yml b/.github/workflows/update-vendor-hash.yml index aa323959..05efd9eb 100644 --- a/.github/workflows/update-vendor-hash.yml +++ b/.github/workflows/update-vendor-hash.yml @@ -22,7 +22,7 @@ jobs: needed: ${{ steps.check.outputs.needed }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -60,7 +60,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: deploy-on-self-hosted-vm: true egress-policy: block @@ -77,7 +77,7 @@ jobs: - name: Generate app token id: app-token - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: client-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} @@ -88,7 +88,7 @@ jobs: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} - - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6 - name: Tidy go modules run: nix develop -c go mod tidy