diff --git a/.github/workflows/ci-api.yml b/.github/workflows/ci-api.yml index 5820065..0d63afe 100644 --- a/.github/workflows/ci-api.yml +++ b/.github/workflows/ci-api.yml @@ -20,11 +20,11 @@ jobs: name: Type-check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 - uses: oven-sh/setup-bun@v2 with: bun-version: "1.3.14" - - uses: actions/cache@v5 + - uses: actions/cache@v5.0.5 with: path: ~/.bun/install/cache key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }} @@ -37,11 +37,11 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 - uses: oven-sh/setup-bun@v2 with: bun-version: "1.3.14" - - uses: actions/cache@v5 + - uses: actions/cache@v5.0.5 with: path: ~/.bun/install/cache key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }} @@ -55,8 +55,8 @@ jobs: runs-on: ubuntu-latest needs: [typecheck, test] steps: - - uses: actions/checkout@v6.0.2 - - uses: docker/setup-buildx-action@v4 + - uses: actions/checkout@v7.0.0 + - uses: docker/setup-buildx-action@v4.1.0 - uses: docker/build-push-action@v7.2.0 with: context: ./api diff --git a/.github/workflows/ci-frontend.yml b/.github/workflows/ci-frontend.yml index cb48322..6a94f25 100644 --- a/.github/workflows/ci-frontend.yml +++ b/.github/workflows/ci-frontend.yml @@ -20,11 +20,11 @@ jobs: name: Type-check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 - uses: oven-sh/setup-bun@v2 with: bun-version: "1.3.14" - - uses: actions/cache@v5 + - uses: actions/cache@v5.0.5 with: path: ~/.bun/install/cache key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }} @@ -37,11 +37,11 @@ jobs: name: Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 - uses: oven-sh/setup-bun@v2 with: bun-version: "1.3.14" - - uses: actions/cache@v5 + - uses: actions/cache@v5.0.5 with: path: ~/.bun/install/cache key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }} @@ -58,8 +58,8 @@ jobs: runs-on: ubuntu-latest needs: [typecheck, build] steps: - - uses: actions/checkout@v6.0.2 - - uses: docker/setup-buildx-action@v4 + - uses: actions/checkout@v7.0.0 + - uses: docker/setup-buildx-action@v4.1.0 - uses: docker/build-push-action@v7.2.0 with: context: ./frontend diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index e5eb767..e3047e3 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -27,7 +27,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 with: fetch-depth: 0 # full history — detect secrets in any commit - uses: gitleaks/gitleaks-action@v3.0.0 @@ -45,12 +45,12 @@ jobs: security-events: write actions: read steps: - - uses: actions/checkout@v6.0.2 - - uses: github/codeql-action/init@v4.36.0 + - uses: actions/checkout@v7.0.0 + - uses: github/codeql-action/init@v4.36.2 with: languages: javascript-typescript queries: security-extended - - uses: github/codeql-action/analyze@v4.36.0 + - uses: github/codeql-action/analyze@v4.36.2 with: category: /language:javascript-typescript @@ -63,7 +63,7 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@v7.0.0 - name: Scan for HIGH/CRITICAL CVEs uses: aquasecurity/trivy-action@v0.36.0 with: @@ -76,7 +76,7 @@ jobs: ignore-unfixed: true - name: Upload results to Security tab if: always() - uses: github/codeql-action/upload-sarif@v4.36.0 + uses: github/codeql-action/upload-sarif@v4.36.2 with: sarif_file: trivy.sarif category: trivy