Merge branch 'intel:main' into main

.github/actions/spelling/allow.txt

@@ -110,6 +110,7 @@ customisation
 customise
 customising
 cve
+cveb
 cvedb
 cvedetails
 cves
@@ -552,6 +553,7 @@ sbs
 sdk
 sdl
 seahorse
+securitydata
 securityscorecards
 shadowsocks
 shreyamalviya

.github/workflows/codeql-analysis.yml

@@ -47,7 +47,7 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/coverity.yml

@@ -18,7 +18,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - uses: vapier/coverity-scan-action@cae3c096a2eb21c431961a49375ac17aea2670ce # v1.7.0
       with:
         email: ${{ secrets.COVERITY_SCAN_EMAIL }}

.github/workflows/cve_scan.yml

@@ -19,7 +19,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'

.github/workflows/dependency-review.yml

@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0

.github/workflows/formatting.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'

.github/workflows/linting.yml

@@ -24,7 +24,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'

.github/workflows/sbom.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: ${{ matrix.python }}

.github/workflows/scorecard.yml

@@ -27,7 +27,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 

.github/workflows/spelling.yml

@@ -18,7 +18,7 @@ jobs:
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - uses: check-spelling/check-spelling@d7cd2973c513e84354f9d6cf50a6417a628a78ce # v0.0.21
       with:
         post_comment: '0'

.github/workflows/testing.yml

@@ -23,14 +23,23 @@ env:
 jobs:
   docs:
     name: Documentation
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-js-dependencies","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.x'
@@ -49,6 +58,15 @@ jobs:
 
   tests:
     name: Linux tests
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: ubuntu-22.04
     strategy:
       matrix:
@@ -60,7 +78,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: ${{ matrix.python }}
@@ -120,6 +138,15 @@ jobs:
 
   long_tests:
     name: Long tests on Python 3.10
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: ubuntu-22.04
     timeout-minutes: 90
     env:
@@ -130,7 +157,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.10'
@@ -217,6 +244,15 @@ jobs:
 
   linux-mayfail:
     name: Tests that may fail due to network or HTML
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: ubuntu-22.04
     timeout-minutes: 45
     env:
@@ -227,7 +263,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.10'
@@ -310,6 +346,15 @@ jobs:
 
   windows_tests:
     name: Windows tests
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: windows-latest
     timeout-minutes: 90
     env:
@@ -321,7 +366,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.10'
@@ -379,6 +424,15 @@ jobs:
 
   windows_long_tests:
     name: Windows long tests
+    if: |
+      ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+      ! (
+        startsWith(github.head_ref, 'chore-sbom-py') ||
+        contains(
+          fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+          github.head_ref
+        )
+      )
     runs-on: windows-latest
     timeout-minutes: 120
     env:
@@ -391,7 +445,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.9'
@@ -478,3 +532,4 @@ jobs:
           flags: win-longtests
           name: codecov-umbrella
           fail_ci_if_error: false
+

.github/workflows/update-cache.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: '3.10'

.github/workflows/update-js-dependencies.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:

.github/workflows/update-pre-commit.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:

.github/workflows/update-spdx-header.yml

@@ -27,7 +27,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Update spdx header
         run: |
           sed -i "s/[0-9]\{4\}/$(date +%Y)/" spdx_header.txt