diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2bc2f7a..6d0477a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,7 +39,7 @@ jobs: return await script({ core }) - name: Load image metadata - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 id: metadata with: images: | @@ -147,14 +147,14 @@ jobs: ref: ${{ github.head_ref }} - name: Setup NodeJS - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: cache: npm cache-dependency-path: docs/src/package-lock.json node-version: lts/* - name: Generate authentication token with GitHub App to trigger Actions - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.VERIFIED_COMMIT_ID }} diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 052bf40..e1b2765 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -45,7 +45,7 @@ jobs: git-cliff -v --tag ${{ env.FLUTTER_VERSION }} --github-repo ${{ github.repository }} --output changelog.md - name: Generate authentication token with GitHub App to trigger Actions - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.VERIFIED_COMMIT_ID }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78e0bf5..2d2ca70 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,7 +48,7 @@ jobs: return await script({ core }) - name: Load image metadata - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 id: metadata with: images: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a2058d1..813208c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,7 @@ jobs: return await script({ core }) - name: Load image metadata - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 id: metadata with: images: | @@ -147,7 +147,7 @@ jobs: sarif-file: sarif.json - name: Upload the results to GitHub's code scanning dashboard - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 with: sarif_file: sarif.json @@ -160,7 +160,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Generate authentication token with GitHub App to trigger Actions - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.VERIFIED_COMMIT_ID }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9c5eb97..f9b2fb4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -70,6 +70,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 with: sarif_file: results.sarif diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index d1c7e01..84bbd7f 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -17,7 +17,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Generate authentication token with GitHub App to trigger Actions - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.VERIFIED_COMMIT_ID }} diff --git a/.github/workflows/update_version.yml b/.github/workflows/update_version.yml index 6ae96f4..f7cfb52 100644 --- a/.github/workflows/update_version.yml +++ b/.github/workflows/update_version.yml @@ -213,7 +213,7 @@ jobs: path: test - name: Setup NodeJS - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: cache: npm cache-dependency-path: docs/src/package-lock.json @@ -241,7 +241,7 @@ jobs: echo "COMMIT_MESSAGE=chore(release): upgrade flutter to ${{ env.FLUTTER_VERSION }}" >> $GITHUB_ENV - name: Generate authentication token with GitHub App to trigger Actions - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 id: app-token with: app-id: ${{ secrets.VERIFIED_COMMIT_ID }} @@ -251,7 +251,7 @@ jobs: # TODO: Generate changelog for the new flutter version, that will be the new tag - name: Create pull request if there are changes - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 with: commit-message: ${{ env.COMMIT_MESSAGE }} branch: update-flutter-dependencies/${{ env.FLUTTER_VERSION }}