diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ca87a66..844d92d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -12,7 +12,7 @@ jobs: if: github.event_name == 'pull_request' steps: - uses: actions/checkout@v4 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@v4 id: f with: filters: | @@ -27,6 +27,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: DavidAnson/markdownlint-cli2-action@v16 + - uses: DavidAnson/markdownlint-cli2-action@v24 - uses: lycheeverse/lychee-action@v2 with: { args: "--no-progress './**/*.md'" } diff --git a/.github/workflows/estate-lint.yml b/.github/workflows/estate-lint.yml index efafbac..4df25fc 100644 --- a/.github/workflows/estate-lint.yml +++ b/.github/workflows/estate-lint.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: { python-version: "3.12" } - name: estate-lint (7 structural checks; fail on error-level violations) run: python3 "${{ inputs.tools-dir }}/estate-lint.py" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1340e4c..82bc0e6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: googleapis/release-please-action@v4 + - uses: googleapis/release-please-action@v5 with: release-type: ${{ inputs.release-type }} # Note: for monorepos use manifest mode (.release-please-config.json). diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index df12ca5..3461503 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v4 with: { fetch-depth: 0 } - name: gitleaks (full history) - uses: gitleaks/gitleaks-action@v2 + uses: gitleaks/gitleaks-action@v3 sbom: runs-on: ubuntu-latest steps: @@ -22,5 +22,5 @@ jobs: - name: SBOM (CycloneDX) + vuln scan uses: anchore/sbom-action@v0 with: { format: cyclonedx-json, artifact-name: sbom.cdx.json } - - uses: anchore/scan-action@v4 + - uses: anchore/scan-action@v7 with: { path: ".", fail-build: false }