update dependencies in workflow pipelines

OWASP · Jan 16, 2025 · 4b7f55a · 4b7f55a
2 parents 14074e8 + 7c879e3
commit 4b7f55a
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 39 deletions.
diff --git a/.github/workflows/housekeeping.yaml b/.github/workflows/housekeeping.yaml
@@ -74,7 +74,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3.27.0
+        uses: github/codeql-action/upload-sarif@v3.28.1
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -94,7 +94,7 @@ jobs:
           ref: main
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.27.0
+        uses: github/codeql-action/init@v3.28.1
         with:
           languages: 'javascript'
           config-file: ./.github/codeql/codeql-config.yml
@@ -103,10 +103,10 @@ jobs:
           # Prefix the list here with "+" to use these queries and those in the config file.
 
       - name: CodeQL autobuild
-        uses: github/codeql-action/autobuild@v3.27.0
+        uses: github/codeql-action/autobuild@v3.28.1
 
       - name: Perform vulnerability analysis
-        uses: github/codeql-action/analyze@v3.27.0
+        uses: github/codeql-action/analyze@v3.28.1
 
   link_checker:
     name: Link checker

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -135,7 +135,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.27.0
+        uses: github/codeql-action/init@v3.28.1
         with:
           languages: 'javascript'
           config-file: ./.github/codeql/codeql-config.yml
@@ -144,10 +144,10 @@ jobs:
           # Prefix the list here with "+" to use these queries and those in the config file.
 
       - name: CodeQL autobuild
-        uses: github/codeql-action/autobuild@v3.27.0
+        uses: github/codeql-action/autobuild@v3.28.1
 
       - name: Perform vulnerability analysis
-        uses: github/codeql-action/analyze@v3.27.0
+        uses: github/codeql-action/analyze@v3.28.1
 
   e2e_smokes:
     name: Local site e2e smokes
@@ -184,7 +184,7 @@ jobs:
           npm run test:e2e-pr-smokes
 
       - name: Upload e2e videos
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: e2e_vids.zip
           path: td.vue/tests/e2e/videos
@@ -224,7 +224,7 @@ jobs:
           npm run test:e2e-pr
 
       - name: Upload e2e videos
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: e2e_vids.zip
           path: td.vue/tests/e2e/videos
@@ -296,7 +296,7 @@ jobs:
 
       - name: Build for amd64
         id: docker_build
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.11.0
         with:
           context: ./
           file: ./Dockerfile
@@ -309,7 +309,7 @@ jobs:
           load: true
 
       - name: Upload docker local image
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: ${{ env.IMAGE_NAME }}
           path: /tmp/${{ env.IMAGE_NAME }}.tar

diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -54,7 +54,7 @@ jobs:
         run: npm run make-sbom
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-server
           path: './td.server/sbom.*'
@@ -143,7 +143,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.27.0
+        uses: github/codeql-action/init@v3.28.1
         with:
           languages: 'javascript'
           config-file: ./.github/codeql/codeql-config.yml
@@ -152,10 +152,10 @@ jobs:
           # Prefix the list here with "+" to use these queries and those in the config file.
 
       - name: CodeQL autobuild
-        uses: github/codeql-action/autobuild@v3.27.0
+        uses: github/codeql-action/autobuild@v3.28.1
 
       - name: Perform vulnerability analysis
-        uses: github/codeql-action/analyze@v3.27.0
+        uses: github/codeql-action/analyze@v3.28.1
 
   build_docker_image:
     name: Build latest docker
@@ -168,7 +168,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.2.0
+        uses: docker/setup-qemu-action@v3.3.0
 
       - name: Set up Docker Buildx
         id: buildx
@@ -194,7 +194,7 @@ jobs:
       # platform manifests not (yet) supported, so split out architectures
       - name: Build  for amd64 and push latest
         id: docker_build_amd64
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.11.0
         with:
           context: ./
           file: ./Dockerfile
@@ -208,7 +208,7 @@ jobs:
 
       - name: Build for arm64 and push latest-arm64
         id: docker_build_arm64
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.11.0
         with:
           context: ./
           file: ./Dockerfile
@@ -226,7 +226,7 @@ jobs:
           IMAGE_ID: ${{ steps.docker_build_amd64.outputs.imageid }}
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-container-image-app
           path: './boms/*'
@@ -340,7 +340,7 @@ jobs:
         run: npm run test:e2e-ci-smokes
 
       - name: Upload e2e videos
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: e2e_vids.zip
           path: td.vue/tests/e2e/videos
@@ -392,7 +392,7 @@ jobs:
         run: npm run test:e2e-ci
 
       - name: Upload e2e videos
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: e2e_vids.zip
           path: td.vue/tests/e2e/videos
@@ -453,7 +453,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3.27.0
+        uses: github/codeql-action/upload-sarif@v3.28.1
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -490,7 +490,7 @@ jobs:
         run: npm run build:desktop -- --windows --publish never
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-windows-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -532,7 +532,7 @@ jobs:
         run: npm run build:desktop -- --mac --publish never
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-macos-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -579,7 +579,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-linux-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -626,7 +626,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-linux-snap-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -666,7 +666,7 @@ jobs:
           cp raw/sboms-desktop-linux-snap-site/bom.xml  sboms/threat-dragon-desktop-linux-snap-site-bom.xml
           cp raw/sboms-container-image-app/*            sboms/threat-dragon-container-image/app/
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms
           path: 'sboms/'

diff --git a/.github/workflows/release-snap.yaml b/.github/workflows/release-snap.yaml
@@ -53,7 +53,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-linux-snap-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'

diff --git a/.github/workflows/release-windows.yaml b/.github/workflows/release-windows.yaml
@@ -44,7 +44,7 @@ jobs:
         run: npm run build:desktop -- --windows --publish always
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-windows-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -86,7 +86,7 @@ jobs:
         run: npm run make-sbom
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-server
           path: './td.server/sbom.*'
@@ -164,7 +164,7 @@ jobs:
         run: npm run build:desktop -- --windows --publish always
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-windows-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -227,7 +227,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-macos-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -277,7 +277,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-linux-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -333,7 +333,7 @@ jobs:
         run: find . -name "*.log" -exec cat '{}' \; -print
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-desktop-linux-snap-site
           path: './td.vue/dist-desktop/bundled/.sbom/*'
@@ -350,7 +350,7 @@ jobs:
         uses: actions/[email protected]
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.2.0
+        uses: docker/setup-qemu-action@v3.3.0
 
       - name: Set up Docker Buildx
         id: buildx
@@ -376,7 +376,7 @@ jobs:
       # platform manifests not (yet) supported, so split out architectures
       - name: Build for amd64 and push to Docker Hub
         id: docker_build_amd64
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.11.0
         with:
           context: ./
           file: ./Dockerfile
@@ -390,7 +390,7 @@ jobs:
 
       - name: Build for arm64 and push to Docker Hub
         id: docker_build_arm64
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.11.0
         with:
           context: ./
           file: ./Dockerfile
@@ -408,7 +408,7 @@ jobs:
           IMAGE_ID: ${{ steps.docker_build_amd64.outputs.imageid }}
 
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms-container-image-app
           path: './boms/*'
@@ -456,7 +456,7 @@ jobs:
           cp raw/sboms-desktop-linux-snap-site/bom.xml  sboms/threat-dragon-desktop-linux-snap-site-bom.xml
           cp raw/sboms-container-image-app/*            sboms/threat-dragon-container-image/app/
       - name: Save SBOM artifact
-        uses: actions/upload-artifact@v4.5.0
+        uses: actions/upload-artifact@v4.6.0
         with:
           name: sboms
           path: 'sboms/'