From caa00818177f373cfe944c8d41fd769d7a2a5be0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:37:09 -0800 Subject: [PATCH 1/2] build(deps): bump the actions group with 2 updates (#624) Bumps the actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/upload-artifact` from 4.4.3 to 4.5.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b) Updates `github/codeql-action` from 3.27.9 to 3.28.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...48ab28a6f5dbc2a99bf1e0131198dd8f1df78169) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/fuzzing.yml | 6 +++--- .github/workflows/posix.yml | 14 +++++++------- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/windows.yml | 6 +++--- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 385ccc75..7881c898 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -118,7 +118,7 @@ jobs: python ubpf/dictionary_generator.py >build/bin/dictionary.txt - name: Upload fuzzer as artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: fuzzer-${{ matrix.platform }}-${{ matrix.arch }} path: build/bin/* @@ -173,7 +173,7 @@ jobs: dir build\bin\RelWithDebInfo - name: Upload fuzzer as artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: fuzzer-${{ matrix.platform }}-${{ matrix.arch }} path: | @@ -261,7 +261,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: fuzzing-artifacts-${{ matrix.platform }}-${{ matrix.arch }} path: artifacts/ diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index aef34dba..d9984ca1 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -71,7 +71,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 with: languages: 'cpp' @@ -173,7 +173,7 @@ jobs: - name: Upload scan-build report if: inputs.scan_build == true - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: scan-build_report path: ${{github.workspace}}/scan_build_report @@ -274,7 +274,7 @@ jobs: - name: Upload the DEB package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: linux_deb_package path: ${{ steps.package_locations.outputs.REL_DEB_PACKAGE_PATH }} @@ -282,7 +282,7 @@ jobs: - name: Upload the RPM package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: linux_rpm_package path: ${{ steps.package_locations.outputs.REL_RPM_PACKAGE_PATH }} @@ -290,7 +290,7 @@ jobs: - name: Upload the Linux TGZ package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: linux_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -298,7 +298,7 @@ jobs: - name: Upload the macOS TGZ package if: inputs.upload_packages == true && inputs.platform == 'macos-latest' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: macos_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -306,4 +306,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 35656465..edd2d659 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -63,7 +63,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 9738f7ae..40b307e9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -57,7 +57,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 with: languages: 'cpp' @@ -116,7 +116,7 @@ jobs: - name: Upload the Windows TGZ package if: inputs.upload_packages == true - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b with: name: windows_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -124,4 +124,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 From 6628f4a179478d2464cb6d849d1b0cf1b29e4d38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 11:45:51 -0800 Subject: [PATCH 2/2] build(deps): bump the actions group with 3 updates (#628) Bumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `step-security/harden-runner` from 2.10.2 to 2.10.3 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/0080882f6c36860b6ba35c610c98ce87d4e2f26f...c95a14d0e5bab51a9f56296a4eb0e416910cd350) Updates `actions/upload-artifact` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/6f51ac03b9356f520e9adb1b1b7802705f340c2b...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) Updates `github/codeql-action` from 3.28.0 to 3.28.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/48ab28a6f5dbc2a99bf1e0131198dd8f1df78169...b6a472f63d85b9c78a3ac5e89422239fc15e9b3c) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- .github/workflows/fuzzing.yml | 10 +++++----- .github/workflows/main.yml | 2 +- .github/workflows/posix.yml | 16 ++++++++-------- .github/workflows/scorecards.yml | 6 +++--- .github/workflows/update-docs.yml | 2 +- .github/workflows/windows.yml | 8 ++++---- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 21a469b1..922916c5 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 7881c898..9b737616 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -118,7 +118,7 @@ jobs: python ubpf/dictionary_generator.py >build/bin/dictionary.txt - name: Upload fuzzer as artifacts - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: fuzzer-${{ matrix.platform }}-${{ matrix.arch }} path: build/bin/* @@ -135,7 +135,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -173,7 +173,7 @@ jobs: dir build\bin\RelWithDebInfo - name: Upload fuzzer as artifacts - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: fuzzer-${{ matrix.platform }}-${{ matrix.arch }} path: | @@ -261,7 +261,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: fuzzing-artifacts-${{ matrix.platform }}-${{ matrix.arch }} path: artifacts/ diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7617da33..4c3bfde6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -368,7 +368,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index d9984ca1..0d2c349e 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -61,7 +61,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -71,7 +71,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c with: languages: 'cpp' @@ -173,7 +173,7 @@ jobs: - name: Upload scan-build report if: inputs.scan_build == true - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: scan-build_report path: ${{github.workspace}}/scan_build_report @@ -274,7 +274,7 @@ jobs: - name: Upload the DEB package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: linux_deb_package path: ${{ steps.package_locations.outputs.REL_DEB_PACKAGE_PATH }} @@ -282,7 +282,7 @@ jobs: - name: Upload the RPM package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: linux_rpm_package path: ${{ steps.package_locations.outputs.REL_RPM_PACKAGE_PATH }} @@ -290,7 +290,7 @@ jobs: - name: Upload the Linux TGZ package if: inputs.upload_packages == true && inputs.platform == 'ubuntu-latest' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: linux_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -298,7 +298,7 @@ jobs: - name: Upload the macOS TGZ package if: inputs.upload_packages == true && inputs.platform == 'macos-latest' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: macos_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -306,4 +306,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index edd2d659..59f68326 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -63,7 +63,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 9e87b056..62e49cb2 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 40b307e9..bf624e67 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -47,7 +47,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -57,7 +57,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c with: languages: 'cpp' @@ -116,7 +116,7 @@ jobs: - name: Upload the Windows TGZ package if: inputs.upload_packages == true - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: windows_tgz_package path: ${{ steps.package_locations.outputs.REL_TGZ_PACKAGE_PATH }} @@ -124,4 +124,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c