chore(deps): update github-actions (#686)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/dependency-review-action](https://togithub.com/actions/dependency-review-action) | action | patch | `v3.0.6` -> `v3.0.7` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | minor | `v3.7.0` -> `v3.8.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.21.3` -> `v2.21.4` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/dependency-review-action (actions/dependency-review-action)</summary> ### [`v3.0.7`](https://togithub.com/actions/dependency-review-action/releases/tag/v3.0.7): 3.0.7 [Compare Source](https://togithub.com/actions/dependency-review-action/compare/v3.0.6...v3.0.7) #### What's Changed - Make GHES support / setup more clear by [@rajbos](https://togithub.com/rajbos) in [actions/dependency-review-action#534 - Add an option to deny packages or groups of packages by [@adrienpessu](https://togithub.com/adrienpessu) in [actions/dependency-review-action#544 #### New Contributors - [@rajbos](https://togithub.com/rajbos) made their first contribution in [actions/dependency-review-action#534 - [@adrienpessu](https://togithub.com/adrienpessu) made their first contribution in [actions/dependency-review-action#544 **Full Changelog**: actions/dependency-review-action@v3...v3.0.7 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.0`](https://togithub.com/actions/setup-node/releases/tag/v3.8.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.7.0...v3.8.0) #### What's Changed ##### Bug fixes: - Add check for existing paths by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#803 - Resolve SymbolicLink by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#809 - Change passing logic for cache input by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#816 - Fix armv7 cache issue by [@louislam](https://togithub.com/louislam) in [actions/setup-node#794 - Update check-dist workflow name by [@sinchang](https://togithub.com/sinchang) in [actions/setup-node#710 ##### Feature implementations: - feat: handling the case where "node" is used for tool-versions file. by [@xytis](https://togithub.com/xytis) in [actions/setup-node#812 ##### Documentation changes: - Refer to semver package name in README.md by [@olleolleolle](https://togithub.com/olleolleolle) in [actions/setup-node#808 ##### Update dependencies: - Update toolkit cache to fix zstd by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#804 - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#802 - Bump semver from 6.1.2 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#807 - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#815 #### New Contributors - [@olleolleolle](https://togithub.com/olleolleolle) made their first contribution in [actions/setup-node#808 - [@louislam](https://togithub.com/louislam) made their first contribution in [actions/setup-node#794 - [@sinchang](https://togithub.com/sinchang) made their first contribution in [actions/setup-node#710 - [@xytis](https://togithub.com/xytis) made their first contribution in [actions/setup-node#812 **Full Changelog**: actions/setup-node@v3...v3.8.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier).  Signed-off-by: Mend Renovate <bot@renovateapp.com>
slsa-framework · Aug 14, 2023 · b9a0e6b · b9a0e6b
1 parent 9d7646a
commit b9a0e6b
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -44,7 +44,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
+        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
+        uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
       # Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
@@ -68,4 +68,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
+        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml
@@ -11,4 +11,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6
+        uses: actions/dependency-review-action@7d90b4f05fea31dde1c4a1fb3fa787e197ea93ab # v3.0.7
diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml
@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: Set Node.js 16
-        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
+        uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # v3.8.0
         with:
           node-version: 16
 

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
+        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
         with:
           sarif_file: results.sarif