diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index ee7a0ca53b..9963b39264 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -45,7 +45,7 @@ jobs: security-events: write steps: - name: Download SARIF file - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: results.sarif path: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 912e6821b8..1136909c35 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: working-directory: lambdas run: yarn install --frozen-lockfile && yarn run test && yarn dist - name: Get installation token - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 + uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 id: token with: app-id: ${{ vars.RELEASER_APP_ID }} @@ -45,7 +45,7 @@ jobs: - name: Attest if: ${{ steps.release.outputs.releases_created == 'true' }} id: attest - uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 + uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 with: subject-path: '${{ github.workspace }}/lambdas/functions/**/*.zip' - name: Update release notes with attestation diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 53fb58235e..b67b898e5e 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -63,7 +63,7 @@ jobs: run: | git config user.name github-actions[bot] git config --global user.email "github-actions[bot]@users.noreply.github.com" - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: 3.x - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV