diff --git a/.github/workflows/bundle-size.yml b/.github/workflows/bundle-size.yml index 6b0c0f29..2d8067f5 100644 --- a/.github/workflows/bundle-size.yml +++ b/.github/workflows/bundle-size.yml @@ -66,7 +66,7 @@ jobs: - run: npm ci - name: Cache Next.js build (main) - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: frontend/.next/cache key: next-baseline-${{ runner.os }}-${{ hashFiles('frontend/package-lock.json') }} @@ -160,7 +160,7 @@ jobs: - run: npm ci - name: Cache Next.js build (PR) - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: frontend/.next/cache key: next-pr-${{ github.event.pull_request.number }}-${{ hashFiles('frontend/package-lock.json') }}-${{ hashFiles('frontend/src/**') }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c5db1b21..80eaf46a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,7 +61,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 with: languages: ${{ matrix.language }} # Extended queries catch more issues at cost of some false positives. @@ -80,10 +80,10 @@ jobs: - "**/*.spec.ts" - name: Autobuild - uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 with: category: "/language:${{ matrix.language }}" # Upload results to GitHub Security tab diff --git a/.github/workflows/main-gate.yml b/.github/workflows/main-gate.yml index fde62cd1..d3323de8 100644 --- a/.github/workflows/main-gate.yml +++ b/.github/workflows/main-gate.yml @@ -193,7 +193,7 @@ jobs: - run: npm ci - name: Cache Next.js build - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: frontend/.next/cache key: next-cache-${{ runner.os }}-${{ hashFiles('frontend/package-lock.json') }}-${{ hashFiles('frontend/src/**') }} @@ -267,7 +267,7 @@ jobs: - name: Cache Playwright browsers id: pw-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/ms-playwright key: pw-${{ runner.os }}-${{ steps.pw-version.outputs.version }} diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 06266171..1f87f4df 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -57,7 +57,7 @@ jobs: - run: npm ci - name: Cache Next.js build - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: frontend/.next/cache key: next-cache-${{ runner.os }}-${{ hashFiles('frontend/package-lock.json') }}-${{ hashFiles('frontend/src/**') }} @@ -79,7 +79,7 @@ jobs: - name: Cache Playwright browsers id: pw-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/ms-playwright key: pw-${{ runner.os }}-${{ steps.pw-version.outputs.version }} diff --git a/.github/workflows/pr-gate.yml b/.github/workflows/pr-gate.yml index 84f36f66..2489f9a3 100644 --- a/.github/workflows/pr-gate.yml +++ b/.github/workflows/pr-gate.yml @@ -201,7 +201,7 @@ jobs: - run: npm ci - name: Cache Next.js build - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: frontend/.next/cache key: next-cache-${{ runner.os }}-${{ hashFiles('frontend/package-lock.json') }}-${{ hashFiles('frontend/src/**') }} @@ -271,7 +271,7 @@ jobs: - name: Cache Playwright browsers id: pw-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/ms-playwright key: pw-${{ runner.os }}-${{ steps.pw-version.outputs.version }} diff --git a/.github/workflows/pr-screenshots.yml b/.github/workflows/pr-screenshots.yml index ab45e227..e62746a1 100644 --- a/.github/workflows/pr-screenshots.yml +++ b/.github/workflows/pr-screenshots.yml @@ -80,7 +80,7 @@ jobs: - name: Cache Playwright browsers if: steps.changes.outputs.skip != 'true' id: pw-cache - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/.cache/ms-playwright key: pw-${{ runner.os }}-${{ steps.pw-version.outputs.version }} @@ -118,7 +118,7 @@ jobs: - name: Post PR comment if: steps.changes.outputs.skip != 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const fs = require('fs'); diff --git a/.github/workflows/quality-gate.yml b/.github/workflows/quality-gate.yml index e2d21ac1..c69824e4 100644 --- a/.github/workflows/quality-gate.yml +++ b/.github/workflows/quality-gate.yml @@ -67,7 +67,7 @@ jobs: # ── Playwright browsers (cached) ───────────────────────────────────── - name: Cache Playwright browsers - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 id: playwright-cache with: path: ~/.cache/ms-playwright