diff --git a/.github/workflows/changeset-check.yml b/.github/workflows/changeset-check.yml index bac0612..96e2567 100644 --- a/.github/workflows/changeset-check.yml +++ b/.github/workflows/changeset-check.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ae9f127..f00345a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ jobs: name: Hygiene runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 - uses: actions/setup-node@v6 @@ -41,7 +41,7 @@ jobs: name: Backend runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 @@ -53,7 +53,7 @@ jobs: # mongodb-memory-server downloads the mongod binary (~780 MB) on first # use. Cache it so repeat runs skip the download entirely. - name: Cache mongodb-memory-server binary - uses: actions/cache@v5 + uses: actions/cache@v6 with: path: ~/.cache/mongodb-binaries key: mongodb-memory-server-${{ runner.os }} @@ -72,7 +72,7 @@ jobs: name: Frontend runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 72f4d87..3bea66f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: language: [javascript-typescript, actions] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 9a37894..01a5ed2 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -41,7 +41,7 @@ jobs: --health-timeout 5s --health-retries 6 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 97aee2a..6d55d03 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 diff --git a/.github/workflows/load-smoke.yml b/.github/workflows/load-smoke.yml index 4aef4d2..9f88080 100644 --- a/.github/workflows/load-smoke.yml +++ b/.github/workflows/load-smoke.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 # The compose stack reads .env. We only need the bits the api + # worker care about — frontend isn't started in this drill. diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml index 7f630da..ae56417 100644 --- a/.github/workflows/mutation.yml +++ b/.github/workflows/mutation.yml @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 diff --git a/.github/workflows/preview-env.yml b/.github/workflows/preview-env.yml index 109e299..435ab54 100644 --- a/.github/workflows/preview-env.yml +++ b/.github/workflows/preview-env.yml @@ -42,7 +42,7 @@ jobs: echo "Configure repo secrets to enable per-PR Railway envs." exit 0 - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 if: ${{ env.RAILWAY_TOKEN != '' }} env: RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1ff6f62..6c743e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: run: npm ci - name: Create Release PR or publish to GitHub Releases - uses: changesets/action@63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b # v1 + uses: changesets/action@a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d # v1 with: # `version` updates package.json + CHANGELOG.md from pending changesets # and opens / updates a "Version Packages" PR. Merging that PR triggers diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 51cf914..aded055 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -24,12 +24,12 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 - name: Run gitleaks - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2 + uses: gitleaks/gitleaks-action@e0c47f4f8be36e29cdc102c57e68cb5cbf0e8d1e # v3.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_CONFIG: .gitleaks.toml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Run osv-scanner # `--skip-git` was removed in osv-scanner v2.x. Default behavior @@ -56,7 +56,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 @@ -94,7 +94,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/dependency-review-action@v5 with: fail-on-severity: high diff --git a/.github/workflows/storybook.yml b/.github/workflows/storybook.yml index dc7ed72..ef4c33e 100644 --- a/.github/workflows/storybook.yml +++ b/.github/workflows/storybook.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-node@v6 with: node-version: 20 diff --git a/.github/workflows/supply-chain.yml b/.github/workflows/supply-chain.yml index eba3aa2..20a2700 100644 --- a/.github/workflows/supply-chain.yml +++ b/.github/workflows/supply-chain.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: # On push.tags this is the tag ref already; on workflow_dispatch # we explicitly check out the requested tag so the SBOM matches