Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit e9a138f

Browse filesBrowse files
sinsukehlabsinsukehlab
authored
Bump actions in workflow files (#89)
* Bump actions in workflow files actions/checkout@v3 to 4 github/codeql-action/init@v2 to 3 github/codeql-action/autobuild@v2 to 3 github/codeql-action/analyze@v2 to 3 * Create dependabot.yml github-actions
1 parent e975b5d commit e9a138f
Copy full SHA for e9a138f

File tree

Expand file treeCollapse file tree

4 files changed

+14
-8
lines changed
Filter options
Expand file treeCollapse file tree

4 files changed

+14
-8
lines changed

‎.github/dependabot.yml

Copy file name to clipboard
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "monthly"

‎.github/workflows/codeql-analysis.yml

Copy file name to clipboardExpand all lines: .github/workflows/codeql-analysis.yml
+4-4Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,15 +22,15 @@ jobs:
2222

2323
steps:
2424
- name: Checkout repository
25-
uses: actions/checkout@v3
25+
uses: actions/checkout@v4
2626

2727
- name: Initialize CodeQL
28-
uses: github/codeql-action/init@v2
28+
uses: github/codeql-action/init@v3
2929
with:
3030
languages: ${{ matrix.language }}
3131

3232
- name: Autobuild
33-
uses: github/codeql-action/autobuild@v2
33+
uses: github/codeql-action/autobuild@v3
3434

3535
- name: Perform CodeQL Analysis
36-
uses: github/codeql-action/analyze@v2
36+
uses: github/codeql-action/analyze@v3

‎.github/workflows/jarvis-code.yml

Copy file name to clipboardExpand all lines: .github/workflows/jarvis-code.yml
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,11 @@ jobs:
2323
contents: read
2424
steps:
2525
- name: Check out code
26-
uses: actions/checkout@v3
26+
uses: actions/checkout@v4
2727
- name: Check GitHub Status
2828
# Source of GitHub Action in line 30:
2929
# https://github.com/dduzgun-security/secure-code-game-action
3030
uses: dduzgun-security/secure-code-game-action@dc70b85ad674f6e93657401f3933622870372093 # v1.0
3131
with:
3232
who-to-greet: "Jarvis, obviously ..."
33-
get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"
33+
get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"

‎.github/workflows/jarvis-hack.yml

Copy file name to clipboardExpand all lines: .github/workflows/jarvis-hack.yml
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ jobs:
1414
contents: read
1515
steps:
1616
- name: Check out code
17-
uses: actions/checkout@v3
17+
uses: actions/checkout@v4
1818

1919
- name: Check for insecure actions
2020
run: |
2121
if grep -q "uses: dduzgun-security/secure-code-game-action@" $GITHUB_WORKSPACE/.github/workflows/jarvis-code.yml; then
2222
echo "Insecure action detected. Please remove it from your workflow."
2323
exit 1
24-
fi
24+
fi

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.