diff --git a/.github/actions/surefire-report-summary/package-lock.json b/.github/actions/surefire-report-summary/package-lock.json index 4082ea0..d575676 100644 --- a/.github/actions/surefire-report-summary/package-lock.json +++ b/.github/actions/surefire-report-summary/package-lock.json @@ -3288,7 +3288,7 @@ "integrity": "sha512-QIT7FH7fNmd9n4se7FFKHbsLKGQiw885Ds6Y/sxKgCZ6natwCsXdgPOADnYVxN2QrRweF0FZWbJ6S7Rsn7llug==", "dev": true, "dependencies": { - "@typescript-eslint/utils": "^5.10.0" + "@typescript-eslint/utils": "^5.0.10" }, "engines": { "node": "^14.15.0 || ^16.10.0 || >=18.0.0" diff --git a/.github/workflows/nodejs-security.yaml b/.github/workflows/nodejs-security.yaml index 7c3e6dc..806c312 100644 --- a/.github/workflows/nodejs-security.yaml +++ b/.github/workflows/nodejs-security.yaml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/node@master + uses: snyk/actions/node@v1.0.0 continue-on-error: ${{ inputs.continue-on-error }} env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.github/workflows/php-library-security.yml b/.github/workflows/php-library-security.yml index 037da90..901689d 100644 --- a/.github/workflows/php-library-security.yml +++ b/.github/workflows/php-library-security.yml @@ -50,7 +50,7 @@ jobs: run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/php@master + uses: snyk/actions/php@v1.0.0 env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} SEVERITY_THRESHOLD: ${{ inputs.severity-threshold && format('--severity-threshold={0}', inputs.severity-threshold) || '' }} @@ -58,7 +58,7 @@ jobs: args: --sarif-file-output=snyk.sarif $SEVERITY_THRESHOLD - name: isPrivate - uses: octokit/graphql-action@v2.x + uses: octokit/graphql-action@v3.0.0 id: isPrivate with: query: | @@ -74,6 +74,6 @@ jobs: - name: Upload result to GitHub Code Scanning if: ${{ fromJSON(steps.isPrivate.outputs.data).repository.isPrivate == false }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/.github/workflows/php-security.yml b/.github/workflows/php-security.yml index 6134a1d..839c8f9 100644 --- a/.github/workflows/php-security.yml +++ b/.github/workflows/php-security.yml @@ -43,7 +43,7 @@ jobs: tools: composer:${{ inputs.composer-version }} - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/php@master + uses: snyk/actions/php@v1.0.0 env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} SEVERITY_THRESHOLD: ${{ inputs.severity-threshold && format('--severity-threshold={0}', inputs.severity-threshold) || '' }} @@ -51,7 +51,7 @@ jobs: args: ${{ inputs.working-directory}}/ --sarif-file-output=snyk.sarif $SEVERITY_THRESHOLD - name: isPrivate - uses: octokit/graphql-action@v2.x + uses: octokit/graphql-action@v3.0.0 id: isPrivate with: query: | @@ -67,6 +67,6 @@ jobs: - name: Upload result to GitHub Code Scanning if: ${{ fromJSON(steps.isPrivate.outputs.data).repository.isPrivate == false }} - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: snyk.sarif diff --git a/README.md b/README.md index d07045f..9f1df10 100644 --- a/README.md +++ b/README.md @@ -205,13 +205,13 @@ The build and upload-to-s3 steps would look like the following: ```YAML build: - uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v5.0.10 with: upload-artifact: true build-command: npm run build:prod upload-to-s3: - uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v5.0.10 with: environment: nonprod short-commit: ${{ needs.build-names.outputs.short_sha }} @@ -246,7 +246,7 @@ The build and upload-to-s3 steps would have the following inputs: ```YAML build: - uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v5.0.10 with: upload-artifact: true build-folder: build @@ -254,7 +254,7 @@ The build and upload-to-s3 steps would have the following inputs: build-command: npm run build:prod upload-to-s3: - uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v5.0.10 with: environment: dev short-commit: ${{ needs.build-names.outputs.short_sha }} @@ -290,7 +290,7 @@ The upload-to-s3 action with a matrix strategy defined: ```YAML upload-to-s3: - uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v5.0.10 strategy: matrix: buildName: [ @@ -352,11 +352,11 @@ IDE integration matches those on the Snyk website. pull_request: types: - closed - + jobs: security: if: github.event.pull_request.merged == true - uses: dvsa/.github/.github/workflows/java-security.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/java-security.yaml@v5.0.10 with: java_version: 11 snyk_project: smc-w53 @@ -493,11 +493,11 @@ Typically, this would run on push so the action result can be used to validate a pull_request: types: - closed - + jobs: security: if: github.event.pull_request.merged == true - uses: dvsa/.github/.github/workflows/java-security.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/java-security.yaml@v5.0.10 with: java_version: 11 snyk_project: smc-w53 @@ -544,7 +544,7 @@ on: jobs: unit-test: - uses: dvsa/.github/.github/workflows/java-test.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/java-test.yaml@v5.0.10 with: config_file_contents: | environment: development @@ -574,18 +574,18 @@ on: jobs: security: - uses: dvsa/.github/.github/workflows/php-security.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-security.yml@v5.0.10 secrets: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} ``` -if using library version amend +if using library version amend ```YAML - uses: dvsa/.github/.github/workflows/php-security.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-security.yml@v5.0.10 ``` -to +to ```YAML - uses: dvsa/.github/.github/workflows/php-library-security.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-security.yml@v5.0.10 ``` @@ -613,16 +613,16 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-static.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-static.yml@v5.0.10 ``` -if using library version amend +if using library version amend ```YAML - uses: dvsa/.github/.github/workflows/php-static.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-static.yml@v5.0.10 ``` -to +to ```YAML - uses: dvsa/.github/.github/workflows/php-library-static.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-static.yml@v5.0.10 ``` @@ -651,18 +651,18 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-tests.yml@v4.1.1 - with: + uses: dvsa/.github/.github/workflows/php-tests.yml@v5.0.10 + with: php_versions: "[\"7.4\",\"8.0\"]" ``` -if using library version amend +if using library version amend ```YAML - uses: dvsa/.github/.github/workflows/php-tests.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-tests.yml@v5.0.10 ``` -to +to ```YAML - uses: dvsa/.github/.github/workflows/php-library-tests.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-tests.yml@v5.0.10 ``` diff --git a/workflow-templates/check-pr-title.yaml b/workflow-templates/check-pr-title.yaml index 0d44849..5b8d36a 100644 --- a/workflow-templates/check-pr-title.yaml +++ b/workflow-templates/check-pr-title.yaml @@ -19,8 +19,8 @@ jobs: env: TITLE: ${{ github.event.pull_request.title }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6.0.0 + - uses: actions/setup-node@v6.0.0 with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/workflow-templates/ci.yaml b/workflow-templates/ci.yaml index 0d36e3d..f0a9b47 100644 --- a/workflow-templates/ci.yaml +++ b/workflow-templates/ci.yaml @@ -5,13 +5,13 @@ on: jobs: lint: - uses: dvsa/.github/.github/workflows/nodejs-lint.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-lint.yaml@v5.0.10 test: - uses: dvsa/.github/.github/workflows/nodejs-test.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-test.yaml@v5.0.10 security: - uses: dvsa/.github/.github/workflows/nodejs-security.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-security.yaml@v5.0.10 secrets: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -24,7 +24,7 @@ jobs: env: BRANCH_NAME: ${{ github.ref_name }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6.0.0 - name: Set short sha output id: sha run: echo "SHORT_SHA=$(git rev-parse --short=11 HEAD)" >> $GITHUB_OUTPUT @@ -35,7 +35,7 @@ jobs: echo "NAME=${PRETTY_BRANCH_NAME}" >> $GITHUB_OUTPUT build: - uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-build.yaml@v5.0.10 needs: [ build-names ] with: upload-artifact: ${{ github.ref_name == 'main' }} @@ -44,7 +44,7 @@ jobs: upload-to-s3: if: ${{ github.ref_name == github.event.repository.default_branch }} - uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/upload-to-s3.yaml@v5.0.10 needs: [ lint, test, build, build-names ] with: environment: dev @@ -61,7 +61,7 @@ jobs: update-lambda-code: if: ${{ github.ref_name == github.event.repository.default_branch }} - uses: dvsa/.github/.github/workflows/update-lambda-function.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/update-lambda-function.yaml@v5.0.10 needs: [ build-names, build, upload-s3 ] with: environment: dev diff --git a/workflow-templates/npm-publish.yaml b/workflow-templates/npm-publish.yaml index f679b94..5b5baf0 100644 --- a/workflow-templates/npm-publish.yaml +++ b/workflow-templates/npm-publish.yaml @@ -6,7 +6,7 @@ on: jobs: publish: - uses: dvsa/.github/.github/workflows/nodejs-publish.yaml@v4.1.1 + uses: dvsa/.github/.github/workflows/nodejs-publish.yaml@v5.0.10 with: node-version: '18.x' download-artifact: true diff --git a/workflow-templates/php-library-security.yml b/workflow-templates/php-library-security.yml index 42fada3..ac570d5 100644 --- a/workflow-templates/php-library-security.yml +++ b/workflow-templates/php-library-security.yml @@ -10,7 +10,7 @@ on: jobs: security: - uses: dvsa/.github/.github/workflows/php-library-security.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-security.yml@v5.0.10 with: php-versions: "[\"7.4\",\"8.0\"]" secrets: diff --git a/workflow-templates/php-library-static.yml b/workflow-templates/php-library-static.yml index 8515a7e..c4dbf6c 100644 --- a/workflow-templates/php-library-static.yml +++ b/workflow-templates/php-library-static.yml @@ -10,5 +10,5 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-library-static.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-static.yml@v5.0.10 diff --git a/workflow-templates/php-library-tests.yml b/workflow-templates/php-library-tests.yml index ed6ed31..1d8a6f8 100644 --- a/workflow-templates/php-library-tests.yml +++ b/workflow-templates/php-library-tests.yml @@ -10,6 +10,6 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-library-tests.yml@v4.1.1 + uses: dvsa/.github/.github/workflows/php-library-tests.yml@v5.0.10 with: php-versions: "[\"7.4\",\"8.0\"]" diff --git a/workflow-templates/php-security.yml b/workflow-templates/php-security.yml index 88c0e11..8701987 100644 --- a/workflow-templates/php-security.yml +++ b/workflow-templates/php-security.yml @@ -10,6 +10,6 @@ on: jobs: security: - uses: dvsa/.github/.github/workflows/php-security.yml@v5.0.6 + uses: dvsa/.github/.github/workflows/php-security.yml@v5.0.10 secrets: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/workflow-templates/php-static.yml b/workflow-templates/php-static.yml index 0b8dd4d..6ceda59 100644 --- a/workflow-templates/php-static.yml +++ b/workflow-templates/php-static.yml @@ -10,5 +10,5 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-static.yml@v5.0.6 + uses: dvsa/.github/.github/workflows/php-static.yml@v5.0.10 diff --git a/workflow-templates/php-tests.yml b/workflow-templates/php-tests.yml index 0f0d73a..e20db50 100644 --- a/workflow-templates/php-tests.yml +++ b/workflow-templates/php-tests.yml @@ -10,6 +10,6 @@ on: jobs: static: - uses: dvsa/.github/.github/workflows/php-tests.yml@v5.0.6 + uses: dvsa/.github/.github/workflows/php-tests.yml@v5.0.10 with: php-versions: "[\"8.2\","8.3","8.4"]" diff --git a/workflow-templates/snyk-monitor.yaml b/workflow-templates/snyk-monitor.yaml index 66a4ce9..9025eb6 100644 --- a/workflow-templates/snyk-monitor.yaml +++ b/workflow-templates/snyk-monitor.yaml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6.0.0 - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/node@master + uses: snyk/actions/node@v1.0.0 env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: diff --git a/workflow-templates/terraform-static-full.yaml b/workflow-templates/terraform-static-full.yaml index 6e37454..f306d5f 100644 --- a/workflow-templates/terraform-static-full.yaml +++ b/workflow-templates/terraform-static-full.yaml @@ -6,4 +6,4 @@ on: jobs: terraform-static: - uses: dvsa/.github/.github/workflows/terraform-static-full.yaml@v5.0.0 \ No newline at end of file + uses: dvsa/.github/.github/workflows/terraform-static-full.yaml@v5.0.10 \ No newline at end of file diff --git a/workflow-templates/terraform-static.yaml b/workflow-templates/terraform-static.yaml index 18a9e0e..0a35c6d 100644 --- a/workflow-templates/terraform-static.yaml +++ b/workflow-templates/terraform-static.yaml @@ -5,4 +5,4 @@ on: jobs: terraform-static: - uses: dvsa/.github/.github/workflows/terraform-static.yaml@v5.0.0 \ No newline at end of file + uses: dvsa/.github/.github/workflows/terraform-static.yaml@v5.0.10 \ No newline at end of file