From 8c4f55a3176092d02a00afefd5d0abacf41c7bfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 03:34:06 +0000 Subject: [PATCH] ci(deps)(deps): bump the github-actions group across 1 directory with 8 updates Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `9` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.19.3` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.4.0` | `3.1.0` | | [lewagon/wait-on-check-action](https://github.com/lewagon/wait-on-check-action) | `1.4.0` | `1.7.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2` | `3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/github-script` from 7 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v9) Updates `step-security/harden-runner` from 2.13.0 to 2.19.3 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...ab7a9404c0f3da075243ca237b5fac12c98deaa5) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `dependabot/fetch-metadata` from 2.4.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/08eff52bf64351f401fb50d4972fa95b9f2c2d1b...25dd0e34f4fe68f24cc83900b1fe3fe149efef98) Updates `lewagon/wait-on-check-action` from 1.4.0 to 1.7.0 - [Release notes](https://github.com/lewagon/wait-on-check-action/releases) - [Changelog](https://github.com/lewagon/wait-on-check-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/lewagon/wait-on-check-action/compare/v1.4.0...v1.7.0) Updates `actions/create-github-app-token` from 2 to 3 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: lewagon/wait-on-check-action dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/harden-runner dependency-version: 2.15.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/claude-code-review.yml | 2 +- .github/workflows/claude.yml | 2 +- .github/workflows/database-migrations.yml | 10 ++++---- .github/workflows/dependency-review.yml | 28 +++++++++++------------ .github/workflows/merge_dependabot.yml | 26 ++++++++++----------- .github/workflows/migrate-database.yml | 6 ++--- .github/workflows/security.yml | 2 +- 7 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 0d892e7f..11c63f9b 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index cf119f44..c1883100 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -26,7 +26,7 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 1 diff --git a/.github/workflows/database-migrations.yml b/.github/workflows/database-migrations.yml index d41b1cf4..dd309f79 100644 --- a/.github/workflows/database-migrations.yml +++ b/.github/workflows/database-migrations.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Bun uses: oven-sh/setup-bun@v2 @@ -67,7 +67,7 @@ jobs: - name: Comment on PR if: steps.check_migrations.outputs.has_migrations == 'true' continue-on-error: true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: github-token: ${{ secrets.PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -96,7 +96,7 @@ jobs: - name: Warn if no migrations if: steps.check_migrations.outputs.has_migrations == 'false' continue-on-error: true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: github-token: ${{ secrets.PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | @@ -126,7 +126,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Bun uses: oven-sh/setup-bun@v2 @@ -150,7 +150,7 @@ jobs: - name: Notify on failure if: failure() continue-on-error: true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: github-token: ${{ secrets.PAT_TOKEN || secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 34374ad2..909d1d64 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -36,13 +36,13 @@ jobs: # timeout-minutes: 10 # steps: # - name: Harden Runner - # uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.10.2 + # uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.10.2 # with: # egress-policy: audit # disable-sudo: true # # - name: Checkout Repository - # uses: actions/checkout@v5 + # uses: actions/checkout@v6 # with: # persist-credentials: false # @@ -71,12 +71,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.10.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.10.2 with: egress-policy: audit - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: persist-credentials: false @@ -86,7 +86,7 @@ jobs: bun-version: latest - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.bun/install/cache key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} @@ -138,7 +138,7 @@ jobs: - name: Upload security reports if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: security-audit-reports path: | @@ -150,7 +150,7 @@ jobs: if: | steps.audit.outputs.snyk_audit_failed == 'true' || steps.audit.outputs.osv_scan_failed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const fs = require('fs'); @@ -191,12 +191,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.10.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.10.2 with: egress-policy: audit - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: persist-credentials: false @@ -237,7 +237,7 @@ jobs: - name: Upload license report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: license-compliance-report path: | @@ -247,7 +247,7 @@ jobs: - name: Comment on license issues if: steps.license-scan.outputs.license_check_failed == 'true' || steps.license-scan.outputs.compliance_failed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const comment = `## ⚖️ License Compliance Alert @@ -281,12 +281,12 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.10.2 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.10.2 with: egress-policy: audit - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Generate SBOM uses: anchore/sbom-action@v0 @@ -295,7 +295,7 @@ jobs: output-file: sbom.spdx.json - name: Upload SBOM - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom path: sbom.spdx.json diff --git a/.github/workflows/merge_dependabot.yml b/.github/workflows/merge_dependabot.yml index 410bc6e2..c5964cb5 100644 --- a/.github/workflows/merge_dependabot.yml +++ b/.github/workflows/merge_dependabot.yml @@ -30,7 +30,7 @@ jobs: compatibility-score: ${{ steps.metadata.outputs.compatibility-score }} steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit disable-sudo: true @@ -38,7 +38,7 @@ jobs: - name: Fetch metadata id: metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -53,12 +53,12 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -69,7 +69,7 @@ jobs: bun-version: latest - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.bun/install/cache key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }} @@ -149,7 +149,7 @@ jobs: steps.typecheck.outputs.typecheck_failed == 'true' || steps.audit.outputs.audit_failed == 'true' || steps.license.outputs.license_failed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const failures = []; @@ -184,7 +184,7 @@ jobs: reason: ${{ steps.eligibility.outputs.reason }} steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit @@ -256,12 +256,12 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Wait for CI checks - uses: lewagon/wait-on-check-action@v1.4.0 + uses: lewagon/wait-on-check-action@v1.7.0 with: ref: ${{ github.event.pull_request.head.sha }} check-regexp: ^(?!Auto-merge|Dependabot|claude-review|claude|Claude|Security Scan).*$ @@ -281,13 +281,13 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 if: vars.DEPENDABOT_APP_ID != '' continue-on-error: true with: @@ -325,12 +325,12 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3 with: egress-policy: audit - name: Add comment for manual review - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const updateType = '${{ needs.metadata.outputs.update-type }}'; diff --git a/.github/workflows/migrate-database.yml b/.github/workflows/migrate-database.yml index 4a3a78c1..5ff7cde1 100644 --- a/.github/workflows/migrate-database.yml +++ b/.github/workflows/migrate-database.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Setup Bun uses: oven-sh/setup-bun@v2 @@ -55,7 +55,7 @@ jobs: - name: Comment on PR if: always() continue-on-error: true - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const status = '${{ job.status }}' === 'success' ? '✅' : '❌'; @@ -78,7 +78,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Setup Bun uses: oven-sh/setup-bun@v2 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 094dc825..f10400ea 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Setup Bun uses: oven-sh/setup-bun@v2