diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml index 551baf3..1e56c13 100644 --- a/.github/workflows/release-drafter.yaml +++ b/.github/workflows/release-drafter.yaml @@ -14,6 +14,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Release Drafter - uses: release-drafter/release-drafter@c2e2804cc59f45f57076a99af580d0fedb697927 # v7.3.0 + uses: release-drafter/release-drafter@693d20e7c1ce1a81d3a41962f85914253b518449 # v7.3.1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-publish.yaml b/.github/workflows/release-publish.yaml index 344f3d4..efb51b6 100644 --- a/.github/workflows/release-publish.yaml +++ b/.github/workflows/release-publish.yaml @@ -30,7 +30,7 @@ jobs: uv run -m build uv run twine check dist/* - name: Upload pypi packages artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: pypi-packages path: dist/ @@ -49,7 +49,7 @@ jobs: # Note: this action uses PyPI's support for Trusted Publishers # It needs a configuration on the PyPI project - see: # https://docs.pypi.org/trusted-publishers/adding-a-publisher/#github-actions - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 github-release: needs: ["source-wheel"] runs-on: [self-hosted] diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 2ba41f2..a4cf40b 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -22,6 +22,6 @@ jobs: with: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: upload-sarif: true