diff --git a/.github/workflows/acceptance-public.yml b/.github/workflows/acceptance-public.yml index 4d2e33db5b..143883646a 100644 --- a/.github/workflows/acceptance-public.yml +++ b/.github/workflows/acceptance-public.yml @@ -40,7 +40,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 with: check_name: Test Results json_thousands_separator: ',' diff --git a/.github/workflows/acceptance-workflow.yml b/.github/workflows/acceptance-workflow.yml index 01e93f4a10..69d9e9ebe4 100644 --- a/.github/workflows/acceptance-workflow.yml +++ b/.github/workflows/acceptance-workflow.yml @@ -51,7 +51,7 @@ jobs: echo "OPERATOR_ID_MAIN=${{ inputs.operator_id }}" >> $GITHUB_ENV fi - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -127,7 +127,7 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 if: ${{ !cancelled() }} with: check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/acceptance.yml b/.github/workflows/acceptance.yml index 897bbde37d..68e1515577 100644 --- a/.github/workflows/acceptance.yml +++ b/.github/workflows/acceptance.yml @@ -52,7 +52,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -63,7 +63,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 with: check_name: '' # Set to empty to disable check run json_thousands_separator: ',' diff --git a/.github/workflows/charts.yml b/.github/workflows/charts.yml index cb04edaba8..46ceb0bdf6 100644 --- a/.github/workflows/charts.yml +++ b/.github/workflows/charts.yml @@ -19,7 +19,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.11" @@ -35,7 +35,7 @@ jobs: uses: Azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 - name: Install ct - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 - name: Run lint run: ct lint --config .github/ct.yaml --all @@ -44,7 +44,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -55,7 +55,7 @@ jobs: submodules: 'false' - name: Setup Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.11" @@ -73,7 +73,7 @@ jobs: timeout-minutes: 3 - name: Set up Docker Qemu - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 @@ -95,7 +95,7 @@ jobs: tags: localhost:5001/${{ github.repository }}:test - name: Install ct - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 - name: Install chart run: ct install --helm-extra-args="--timeout 10m" --all diff --git a/.github/workflows/conformity-workflow.yml b/.github/workflows/conformity-workflow.yml index 53afbda86c..6e64459051 100644 --- a/.github/workflows/conformity-workflow.yml +++ b/.github/workflows/conformity-workflow.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/dapp.yml b/.github/workflows/dapp.yml index 5f7e9481ec..81fbaec4f2 100644 --- a/.github/workflows/dapp.yml +++ b/.github/workflows/dapp.yml @@ -23,7 +23,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/dev-tool-workflow.yml b/.github/workflows/dev-tool-workflow.yml index 28b5edb44b..c8545e8c2a 100644 --- a/.github/workflows/dev-tool-workflow.yml +++ b/.github/workflows/dev-tool-workflow.yml @@ -21,7 +21,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -37,7 +37,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: "1.24.0" diff --git a/.github/workflows/flow-pr-title-check.yml b/.github/workflows/flow-pr-title-check.yml index 0242ec902c..1d6d0ad7fe 100644 --- a/.github/workflows/flow-pr-title-check.yml +++ b/.github/workflows/flow-pr-title-check.yml @@ -44,7 +44,7 @@ jobs: statuses: write steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/foundry.yml b/.github/workflows/foundry.yml index 5ba7e576ad..be925d02c8 100644 --- a/.github/workflows/foundry.yml +++ b/.github/workflows/foundry.yml @@ -17,7 +17,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -26,7 +26,7 @@ jobs: submodules: recursive - name: Install Foundry - uses: step-security/foundry-toolchain@0f33b42dd54256dc78d44981318d1a5c5f1c4958 # v1.4.1 + uses: step-security/foundry-toolchain@b3c15ce3e2e69928bd4ea48ecd830fe3b9550fd5 # v1.5.0 with: version: nightly diff --git a/.github/workflows/gh-pages-sync.yaml b/.github/workflows/gh-pages-sync.yaml index 64e0082636..ccf6a3cf05 100644 --- a/.github/workflows/gh-pages-sync.yaml +++ b/.github/workflows/gh-pages-sync.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index c9313d5d64..4029401bbe 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Docker Qemu - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 diff --git a/.github/workflows/manual-testing.yml b/.github/workflows/manual-testing.yml index efe2fd3e11..a5742a530a 100644 --- a/.github/workflows/manual-testing.yml +++ b/.github/workflows/manual-testing.yml @@ -195,7 +195,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -206,7 +206,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 with: # check_name: Acceptance Tests check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/openrpc-updater.yml b/.github/workflows/openrpc-updater.yml index 7908484f19..c68f0c4c48 100644 --- a/.github/workflows/openrpc-updater.yml +++ b/.github/workflows/openrpc-updater.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -58,7 +58,7 @@ jobs: needs: clone-and-build-execution-apis steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -135,7 +135,7 @@ jobs: - name: Create Pull Request if: ${{ env.SKIP_PR != 'true' }} - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.GH_ACCESS_TOKEN }} commit-message: Update OpenRPC JSON diff --git a/.github/workflows/postman.yml b/.github/workflows/postman.yml index 3fa447c7de..8b908b04ac 100644 --- a/.github/workflows/postman.yml +++ b/.github/workflows/postman.yml @@ -26,7 +26,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/pr-label-milestone-check.yml b/.github/workflows/pr-label-milestone-check.yml index 1cc92432b1..dd080484a8 100644 --- a/.github/workflows/pr-label-milestone-check.yml +++ b/.github/workflows/pr-label-milestone-check.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/release-acceptance.yml b/.github/workflows/release-acceptance.yml index b47873dcfa..6c2b98e87f 100644 --- a/.github/workflows/release-acceptance.yml +++ b/.github/workflows/release-acceptance.yml @@ -24,7 +24,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -91,7 +91,7 @@ jobs: path: test-*.xml - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 if: ${{ !cancelled() }} with: check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/release-automation.yml b/.github/workflows/release-automation.yml index 8947dc7132..f6c6c1d80b 100644 --- a/.github/workflows/release-automation.yml +++ b/.github/workflows/release-automation.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -153,7 +153,7 @@ jobs: MILE_STONE: ${{ needs.branch_bump_tag.outputs.milestone }} steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -195,7 +195,7 @@ jobs: run: npm run bump-version --semver=${{ env.NEXT_VERSION_SNAPSHOT }} --snapshot=true - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: body: | **Description**: diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index bd33478876..5f6418665b 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -33,7 +33,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Qemu - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 diff --git a/.github/workflows/release-production.yml b/.github/workflows/release-production.yml index 0dee3663ff..a990997ba4 100644 --- a/.github/workflows/release-production.yml +++ b/.github/workflows/release-production.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -36,7 +36,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Qemu - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 @@ -61,7 +61,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -98,7 +98,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/subgraph.yml b/.github/workflows/subgraph.yml index 7e55e0c4f2..065b2d6421 100644 --- a/.github/workflows/subgraph.yml +++ b/.github/workflows/subgraph.yml @@ -24,7 +24,7 @@ jobs: working-directory: ./tools/subgraph-example/ steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2df26c2b7d..78529c6425 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -64,7 +64,7 @@ jobs: - name: Publish Test Report if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && github.actor != 'dependabot[bot]' && github.actor != 'swirlds-automation' && !cancelled() && !failure() }} - uses: step-security/publish-unit-test-result-action@c8537a200a435e2560109a6a8ed9cac838b62656 # v2.20.5 + uses: step-security/publish-unit-test-result-action@914f0f642c242f38335a491805adfc9bd64b1cbb # v2.21.1 with: # check_name: Tests check_name: '' # Set to empty to disable check run