diff --git a/.github/workflows/auto-update-semconv.yml b/.github/workflows/auto-update-semconv.yml index 15a247d..bd6d54e 100644 --- a/.github/workflows/auto-update-semconv.yml +++ b/.github/workflows/auto-update-semconv.yml @@ -74,7 +74,7 @@ jobs: distribution: temurin java-version: 21 - - uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + - uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: Generate code run: ./gradlew clean generateSemanticConventions --console=plain diff --git a/.github/workflows/build-common.yml b/.github/workflows/build-common.yml index 94f6db0..3c748b0 100644 --- a/.github/workflows/build-common.yml +++ b/.github/workflows/build-common.yml @@ -71,7 +71,7 @@ jobs: distribution: temurin java-version: 21 - - uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + - uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: build run: > diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fae37b7..546cafc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,10 +40,10 @@ jobs: - name: Set up gradle if: matrix.language == 'java' - uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: languages: ${{ matrix.language }} # using "linked" helps to keep up with the latest Kotlin support @@ -60,6 +60,6 @@ jobs: DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }} - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index a1422a1..9b5f668 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -14,4 +14,4 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # this needs to be in its own workflow in order to make OSSF scorecard happy - - uses: gradle/actions/wrapper-validation@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + - uses: gradle/actions/wrapper-validation@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 diff --git a/.github/workflows/issue-management-stale-action.yml b/.github/workflows/issue-management-stale-action.yml index 60cc575..7ab52a6 100644 --- a/.github/workflows/issue-management-stale-action.yml +++ b/.github/workflows/issue-management-stale-action.yml @@ -20,7 +20,7 @@ jobs: # Action #1: Handle issues/PRs awaiting author feedback # - After 7 days inactive: Adds "stale" label + warning comment # - After 7 more days inactive: Closes - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: only-labels: "needs author feedback" days-before-stale: 7 @@ -38,7 +38,7 @@ jobs: # - Targets: Issues with "enhancement" label (but NOT "needs author feedback") # - After 365 days inactive: Adds "stale" label + closes immediately (no warning period) # - Skips: Issues with "needs author feedback" to avoid conflicts with Action #1 - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: only-labels: "enhancement" # Skip issues that need author feedback (handled by the first action with 7+7 day policy) @@ -55,7 +55,7 @@ jobs: # Action #3: Handle stale PRs # - After 180 days inactive: Adds "stale" label + warning comment # - After 14 more days inactive: Closes - - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: days-before-issue-stale: -1 days-before-issue-close: -1 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 3ff386d..208f2ea 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 with: sarif_file: results.sarif diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b003968..fe25908 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,7 @@ jobs: distribution: temurin java-version: 21 - - uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + - uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: Build and publish artifacts run: ./gradlew assemble publishToSonatype closeAndReleaseSonatypeStagingRepository @@ -178,7 +178,7 @@ jobs: java-version: 21 - name: Setup Gradle - uses: gradle/actions/setup-gradle@f29f5a9d7b09a7c6b29859002d29d24e1674c884 # v5.0.1 + uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 - name: Update apidiff baseline env: