From dc466d25ea31c33111f090a362b92f06a5067430 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 08:30:19 +0000 Subject: [PATCH] [#patch](deps): Bump the actions-deps group with 6 updates Bumps the actions-deps group with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.0` | `2.14.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.6.0` | `3.7.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3.1.0` | `3.2.0` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.69.1` | `1.70.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.2.0` | `7.2.1` | | [actions/cache](https://github.com/actions/cache) | `5.0.2` | `5.0.3` | Updates `step-security/harden-runner` from 2.14.0 to 2.14.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9) Updates `docker/login-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/5e57cd118135c172c3672efd75eb46360885c0ef...c94ce9fb468520275223c153574b00df6fe4bcc9) Updates `actions/attest-build-provenance` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8...96278af6caaf10aea03fd8d33a09a777ca52d62f) Updates `reviewdog/action-actionlint` from 1.69.1 to 1.70.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](https://github.com/reviewdog/action-actionlint/compare/83e4ed25b168066ad8f62f5afbb29ebd8641d982...e58ee9d111489c31395fbe4857b0be6e7635dbda) Updates `astral-sh/setup-uv` from 7.2.0 to 7.2.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/61cb8a9741eeb8a550a1b8544337180c0fc8476b...803947b9bd8e9f986429fa0c5a41c367cd732b41) Updates `actions/cache` from 5.0.2 to 5.0.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/attest-build-provenance dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: reviewdog/action-actionlint dependency-version: 1.70.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: astral-sh/setup-uv dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/cache dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/clean-branch-cache.yml | 2 +- .github/workflows/docker-build-and-push.yml | 6 +++--- .github/workflows/gitleaks.yml | 2 +- .github/workflows/go-ci.yml | 6 +++--- .github/workflows/go-security-scan.yml | 2 +- .github/workflows/infra-security-scan.yml | 8 ++++---- .github/workflows/local-auto-tagger.yml | 2 +- .github/workflows/pulumi-preview.yml | 10 +++++----- .github/workflows/pulumi-up.yml | 10 +++++----- .github/workflows/python-ci.yml | 8 ++++---- .github/workflows/rust-ci.yml | 8 ++++---- .github/workflows/terraform-ci.yml | 8 ++++---- 12 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/clean-branch-cache.yml b/.github/workflows/clean-branch-cache.yml index 0cee6d7..ad1b575 100644 --- a/.github/workflows/clean-branch-cache.yml +++ b/.github/workflows/clean-branch-cache.yml @@ -17,7 +17,7 @@ jobs: permissions: actions: write steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index da1ed2c..654c828 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -76,7 +76,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block @@ -108,7 +108,7 @@ jobs: with: cache-binary: false - name: Log in to the Container registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 if: inputs.push with: registry: ${{ inputs.registry }} @@ -152,7 +152,7 @@ jobs: tags: localimage:${{ github.sha }} - name: Generate artifact attestation if: inputs.push - uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-name: ${{ inputs.registry }}/${{ inputs.image }} subject-digest: ${{ steps.build.outputs.digest }} diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index e911bed..943d3ec 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -25,7 +25,7 @@ jobs: runs-on: ${{ inputs.runs-on }} if: (github.actor != 'dependabot[bot]') steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index e4f874d..68723c8 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -34,7 +34,7 @@ jobs: pull-requests: write checks: write steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -70,7 +70,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -106,7 +106,7 @@ jobs: permissions: contents: write steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/go-security-scan.yml b/.github/workflows/go-security-scan.yml index 3843795..77559ae 100644 --- a/.github/workflows/go-security-scan.yml +++ b/.github/workflows/go-security-scan.yml @@ -33,7 +33,7 @@ jobs: env: GO111MODULE: on steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/infra-security-scan.yml b/.github/workflows/infra-security-scan.yml index 1af0cc9..9e38645 100644 --- a/.github/workflows/infra-security-scan.yml +++ b/.github/workflows/infra-security-scan.yml @@ -34,7 +34,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block @@ -78,7 +78,7 @@ jobs: pull-requests: write security-events: write steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block @@ -93,14 +93,14 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: reviewdog/action-actionlint@83e4ed25b168066ad8f62f5afbb29ebd8641d982 # v1.69.1 + - uses: reviewdog/action-actionlint@e58ee9d111489c31395fbe4857b0be6e7635dbda # v1.70.0 continue-on-error: true with: fail_level: any filter_mode: nofilter tool_name: actionlint - name: Install uv - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 with: enable-cache: true - name: Run zizmor diff --git a/.github/workflows/local-auto-tagger.yml b/.github/workflows/local-auto-tagger.yml index b9d0e55..9c146f8 100644 --- a/.github/workflows/local-auto-tagger.yml +++ b/.github/workflows/local-auto-tagger.yml @@ -17,7 +17,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/pulumi-preview.yml b/.github/workflows/pulumi-preview.yml index 185291a..c787284 100644 --- a/.github/workflows/pulumi-preview.yml +++ b/.github/workflows/pulumi-preview.yml @@ -51,7 +51,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -74,7 +74,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -88,12 +88,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | ${{ inputs.working-directory }}/.venv @@ -110,7 +110,7 @@ jobs: # kics-scan ignore-line requested-token-type: urn:pulumi:token-type:access_token:personal scope: user:notdodo - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ env.PULUMI_HOME }}/plugins key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }} diff --git a/.github/workflows/pulumi-up.yml b/.github/workflows/pulumi-up.yml index 3924870..6716dfc 100644 --- a/.github/workflows/pulumi-up.yml +++ b/.github/workflows/pulumi-up.yml @@ -50,7 +50,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -73,7 +73,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -87,12 +87,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | ${{ inputs.working-directory }}/.venv @@ -109,7 +109,7 @@ jobs: # kics-scan ignore-line requested-token-type: urn:pulumi:token-type:access_token:personal scope: user:notdodo - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ env.PULUMI_HOME }}/plugins key: python-${{ inputs.python-version }}-venv-${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory), format('{0}/uv.lock', inputs.working-directory)) }} diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 749bd30..31ca167 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -31,7 +31,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -52,7 +52,7 @@ jobs: python-version: ${{ inputs.python-version }} # ----- Poetry ----- - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 if: ${{ hashFiles(format('{0}/poetry.lock', inputs.working-directory)) != '' }} with: path: ~/.local/bin/ @@ -66,12 +66,12 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true - id: cache-deps - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | ${{ inputs.working-directory }}/.venv diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 44d0ccd..5672235 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -52,7 +52,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -85,7 +85,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -116,7 +116,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -170,7 +170,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 9d2ed3d..53f93ea 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -47,7 +47,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: audit @@ -66,7 +66,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }} @@ -135,7 +135,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: audit @@ -153,7 +153,7 @@ jobs: - run: | echo "plugin_cache_dir = '$HOME/.terraform.d/plugin-cache'" > ~/.terraformrc mkdir -p ~/.terraform.d/plugin-cache - - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ~/.terraform.d/plugin-cache key: terraform-providers-${{ hashFiles('**/.terraform.lock.hcl') }}