From 3506b09a32b9d7e6ac70ccc3b5993f2d7e0c1c7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 24 Oct 2025 22:02:26 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/workflows/ci.yml | 16 ++++++++-------- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/deploy.yml | 8 ++++---- .github/workflows/semgrep.yml | 6 +++--- .github/workflows/typos.yml | 4 ++-- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 77f658e1..36c2205d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,8 +15,8 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v5 - - uses: oven-sh/setup-bun@v2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 with: bun-version: latest - run: bun install --frozen-lockfile @@ -24,7 +24,7 @@ jobs: - run: bun run test --coverage-reporter=lcov --coverage-reporter=text - name: Report coverage if: ${{ github.repository_owner == 'maxmilton' }} - uses: qltysh/qlty-action/coverage@v1 + uses: qltysh/qlty-action/coverage@a2277a908db90c4c868832fb9204521fb940fdb4 # v1 with: token: ${{ secrets.QLTY_COVERAGE_TOKEN }} files: coverage/lcov.info @@ -34,15 +34,15 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v5 - - uses: oven-sh/setup-bun@v2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 with: bun-version: latest - run: bun install --frozen-lockfile - run: bun playwright install chromium firefox webkit - run: bun run build - run: bun run test:e2e --reporter=github,html - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: playwright-report @@ -54,8 +54,8 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v5 - - uses: oven-sh/setup-bun@v2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 with: bun-version: latest - run: bun install --frozen-lockfile diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b4a315e8..1039e2d3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,11 +27,11 @@ jobs: - language: javascript-typescript build-mode: none steps: - - uses: actions/checkout@v5 - - uses: github/codeql-action/init@v3 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: github/codeql-action/init@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-and-quality - - uses: github/codeql-action/autobuild@v3 - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/autobuild@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3 + - uses: github/codeql-action/analyze@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index caef090e..75a30507 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -17,21 +17,21 @@ jobs: contents: read deployments: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: fetch-depth: 0 # full history to get the last tagged git commit - - uses: actions/cache@v4 + - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: .wrangler/state key: wrangler-${{ github.run_id }} restore-keys: | wrangler- - - uses: oven-sh/setup-bun@v2 + - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2 with: bun-version: latest - run: bun install --frozen-lockfile - run: bun run build - - uses: cloudflare/wrangler-action@v3 + - uses: cloudflare/wrangler-action@da0e0dfe58b7a431659754fdf3f186c529afbe65 # v3 with: accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 006972ed..5bb934c7 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -14,17 +14,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 container: - image: semgrep/semgrep + image: semgrep/semgrep@sha256:4372a1de903521f9f10f877b6caf15d150d17e1ca592582682c8d02b77cbd4f6 permissions: actions: read contents: read security-events: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - run: semgrep ci --sarif-output=semgrep.sarif env: SEMGREP_RULES: p/default p/owasp-top-ten p/cwe-top-25 p/gitleaks p/r2c-security-audit - - uses: github/codeql-action/upload-sarif@v3 + - uses: github/codeql-action/upload-sarif@d198d2fabf39a7f36b5ce57ce70d4942944f006e # v3 if: always() with: sarif_file: semgrep.sarif diff --git a/.github/workflows/typos.yml b/.github/workflows/typos.yml index f1f3cd3e..0d5507a3 100644 --- a/.github/workflows/typos.yml +++ b/.github/workflows/typos.yml @@ -14,5 +14,5 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v5 - - uses: crate-ci/typos@v1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: crate-ci/typos@80c8a4945eec0f6d464eaf9e65ed98ef085283d1 # v1