diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index cd78207ce5a..3ad9b7b823f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -56,7 +56,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} queries: security-extended,security-and-quality @@ -87,6 +87,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e91a0a4b89d..864fd77028b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: misspell # Check spellings as well - uses: reviewdog/action-misspell@30433ca7be17888deb78a32521706fb65defbf3f # v1.21.0 + uses: reviewdog/action-misspell@ef8b22c1cca06c8d306fc6be302c3dab0f6ca12f # v1.23.0 with: github_token: ${{ secrets.github_token }} locale: "US" @@ -35,14 +35,14 @@ jobs: exclude: | ./docs/docsgen/source/_static/* - name: shellcheck # Static check shell scripts - uses: reviewdog/action-shellcheck@52f34f737a16c65b8caa8c51ae1b23036afe5685 # v1.23.0 + uses: reviewdog/action-shellcheck@d99499e855260c9c56f7a1d066933b57326e9e7c # v1.26.0 with: github_token: ${{ secrets.github_token }} reporter: github-pr-check level: info filter_mode: diff_context - name: cpplint # Static check C++ code - uses: reviewdog/action-cpplint@f60159ccbe0f2f3657a23bd6c03b26dcca4b2102 # v1.5.0 + uses: reviewdog/action-cpplint@3f691d27ef181edb2a57b6d1edcec63ade34c611 # v1.7.0 with: github_token: ${{ secrets.github_token }} reporter: github-pr-check @@ -99,7 +99,7 @@ jobs: # To toggle linter comments in the files page, press `i` on the keyboard if: always() continue-on-error: true - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: # Path to SARIF file relative to the root of the repository sarif_file: lintrunner.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e34ebdfb5ee..8fccf6e61e6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif diff --git a/requirements-lintrunner.txt b/requirements-lintrunner.txt index 9ea1712fd17..913cac5c8ad 100644 --- a/requirements-lintrunner.txt +++ b/requirements-lintrunner.txt @@ -3,7 +3,7 @@ lintrunner-adapters>=0.12.3 # RUFF ruff==0.4.7 # MYPY -mypy==1.10.1 +mypy==1.11.1 types-protobuf==4.24.0.20240129 # BLACK-ISORT black==24.4.2