fix(github-action): update peter-evans/create-pull-request (v7.0.6 → v7.0.8) (#86 )

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
fix(github-action): update github/codeql-action to v3.28.13 (#85 )
2026-01-26 11:34:00 +00:00 · 2025-03-24 20:38:09 +00:00 · 2025-03-24 18:57:55 +00:00 · 2025-03-24 15:46:33 +00:00 · 2025-03-24 10:07:50 +00:00 · 2025-03-24 04:57:56 +00:00
31 changed files with 75 additions and 94 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,33 +1,20 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "github>ivuorinen/renovate-config"
-  ],
+  "extends": ["github>ivuorinen/renovate-config"],
  "packageRules": [
    {
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
+      "matchUpdateTypes": ["minor", "patch"],
      "matchCurrentVersion": "!/^0/",
      "automerge": true
    },
    {
-      "matchDepTypes": [
-        "devDependencies"
-      ],
+      "matchDepTypes": ["devDependencies"],
      "automerge": true
    }
  ],
-  "schedule": [
-    "before 4am on monday"
-  ],
+  "schedule": ["before 4am on monday"],
  "vulnerabilityAlerts": {
-    "labels": [
-      "security"
-    ],
-    "assignees": [
-      "ivuorinen"
-    ]
+    "labels": ["security"],
+    "assignees": ["ivuorinen"]
  }
 }
--- a/.github/workflows/action-security.yml
+++ b/.github/workflows/action-security.yml
@@ -117,21 +117,21 @@ jobs:

      - name: Upload Trivy results
        if: steps.verify-sarif.outputs.has_trivy == 'true'
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: 'trivy-results.sarif'
          category: 'trivy'

      - name: Upload Gitleaks results
        if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: 'gitleaks-report.sarif'
          category: 'gitleaks'

      - name: Archive security reports
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: security-reports-${{ github.run_id }}
          path: |
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,15 +32,15 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          languages: ${{ matrix.language }}
          queries: security-and-quality

      - name: Autobuild
-        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/new-release.yml
+++ b/.github/workflows/new-release.yml
@@ -20,10 +20,10 @@ jobs:
      version: ${{ steps.daily-version.outputs.version }}

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Create tag if necessary
-        uses: fregante/daily-version-action@fb1a60b7c4daf1410cd755e360ebec3901e58588 # v2
+        uses: fregante/daily-version-action@fb1a60b7c4daf1410cd755e360ebec3901e58588 # v2.1.3
        id: daily-version

      - name: Create changelog text
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -103,7 +103,7 @@ jobs:

      - name: Upload Reports
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: MegaLinter reports
          path: |
@@ -113,7 +113,7 @@ jobs:

      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter
@@ -133,7 +133,7 @@ jobs:
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) &&
          !contains(github.event.head_commit.message, 'skip fix')
-        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        id: cpr
        with:
          token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
--- a/.github/workflows/security-suite.yml
+++ b/.github/workflows/security-suite.yml
@@ -87,12 +87,12 @@ jobs:
            --enableExperimental
            --failOnCVSS 7
      - name: Upload OWASP Results
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: reports/dependency-check-report.sarif
          category: owasp-dependency-check
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: owasp-results
          path: reports/dependency-check-report.sarif
@@ -119,12 +119,12 @@ jobs:
        with:
          args: --all-projects --sarif-file-output=snyk-results.sarif
      - name: Upload Snyk Results
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: snyk-results.sarif
          category: snyk
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: snyk-results
          path: snyk-results.sarif
@@ -146,12 +146,12 @@ jobs:
          results_format: sarif
          publish_results: true
      - name: Upload Scorecard Results
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
        with:
          sarif_file: scorecard-results.sarif
          category: scorecard
      - name: Upload artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: scorecard-results
          path: scorecard-results.sarif
@@ -168,7 +168,7 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Download scan results
-        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.0
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
        with:
          path: ./results

@@ -338,7 +338,7 @@ jobs:

      - name: Archive Results
        if: always()
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: security-results
          path: |
--- a/ansible-lint-fix/action.yml
+++ b/ansible-lint-fix/action.yml
@@ -47,6 +47,6 @@ runs:
        fi

    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ansible-lint.sarif
--- a/biome-check/action.yml
+++ b/biome-check/action.yml
@@ -12,7 +12,7 @@ runs:
  using: composite
  steps:
    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Set Git Config
      uses: ivuorinen/actions/set-git-config@main
@@ -31,6 +31,6 @@ runs:
        biome check . --json > biome-report.json

    - name: Upload Biome Results
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: biome-report.json
--- a/biome-fix/action.yml
+++ b/biome-fix/action.yml
@@ -12,7 +12,7 @@ runs:
  using: composite
  steps:
    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Set Git Config
      uses: ivuorinen/actions/set-git-config@main
@@ -32,7 +32,7 @@ runs:

    - name: Push Fixes
      if: success()
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
      with:
        commit_message: 'style: autofix Biome violations'
        add_options: '-u'
--- a/common-cache/action.yml
+++ b/common-cache/action.yml
@@ -95,7 +95,7 @@ runs:
        echo "cache-paths=${cache_paths}" >> $GITHUB_OUTPUT

    - id: cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: ${{ steps.prepare.outputs.cache-paths }}
        key: ${{ steps.prepare.outputs.cache-key }}
--- a/compress-images/action.yml
+++ b/compress-images/action.yml
@@ -18,7 +18,7 @@ runs:
      uses: ivuorinen/actions/set-git-config@main

    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Compress Images
      id: calibre
@@ -29,7 +29,7 @@ runs:

    - name: Create New Pull Request If Needed
      if: steps.calibre.outputs.markdown != ''
-      uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      with:
        title: Compressed Images Nightly
        branch-suffix: timestamp
--- a/csharp-build/action.yml
+++ b/csharp-build/action.yml
@@ -22,7 +22,7 @@ runs:
        default-version: '7.0'

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'

@@ -40,7 +40,7 @@ runs:
        dotnet test --configuration Release --no-build --collect:"XPlat Code Coverage" --logger "trx;LogFileName=test-results.trx"

    - name: Upload Test Results
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: test-results
        path: |
--- a/csharp-lint-check/action.yml
+++ b/csharp-lint-check/action.yml
@@ -22,7 +22,7 @@ runs:
        default-version: '7.0'

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'

@@ -40,6 +40,6 @@ runs:
        fi

    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: dotnet-format.sarif
--- a/csharp-publish/action.yml
+++ b/csharp-publish/action.yml
@@ -26,7 +26,7 @@ runs:
        default-version: '7.0'

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4
+      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
      with:
        dotnet-version: '${{ steps.detect-dotnet-version.outputs.dotnet-version }}'

--- a/docker-build/action.yml
+++ b/docker-build/action.yml
@@ -92,13 +92,13 @@ runs:
        fi

    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3
+      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
      with:
        platforms: ${{ inputs.architectures }}

    - name: Set up Docker Buildx
      id: buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
      with:
        version: latest
        platforms: ${{ inputs.architectures }}
--- a/docker-publish-gh/action.yml
+++ b/docker-publish-gh/action.yml
@@ -97,12 +97,12 @@ runs:
        done

    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3
+      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
      with:
        platforms: ${{ inputs.platforms }}

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
      with:
        platforms: ${{ inputs.platforms }}

@@ -133,7 +133,7 @@ runs:
        echo "tags=${processed_tags}" >> $GITHUB_OUTPUT

    - name: Log in to GitHub Container Registry
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
      with:
        registry: ${{ inputs.registry }}
        username: ${{ github.actor }}
@@ -141,7 +141,7 @@ runs:

    - name: Set up Cosign
      if: inputs.provenance == 'true'
-      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3
+      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0

    - name: Publish Image
      id: publish
--- a/docker-publish-hub/action.yml
+++ b/docker-publish-hub/action.yml
@@ -105,12 +105,12 @@ runs:
        fi

    - name: Set up QEMU
-      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3
+      uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0
      with:
        platforms: ${{ inputs.platforms }}

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
      with:
        platforms: ${{ inputs.platforms }}

@@ -144,14 +144,14 @@ runs:
        echo "repo-url=https://hub.docker.com/r/${full_name}" >> $GITHUB_OUTPUT

    - name: Log in to Docker Hub
-      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
      with:
        username: ${{ inputs.username }}
        password: ${{ inputs.password }}

    - name: Set up Cosign
      if: inputs.provenance == 'true'
-      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3
+      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0

    - name: Update Docker Hub Description
      if: inputs.repository-description != '' || inputs.readme-file != ''
--- a/eslint-check/action.yml
+++ b/eslint-check/action.yml
@@ -239,7 +239,7 @@ runs:

    - name: Upload ESLint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/eslint.sarif
        category: eslint
--- a/eslint-fix/action.yml
+++ b/eslint-fix/action.yml
@@ -12,7 +12,7 @@ runs:
  using: composite
  steps:
    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Set Git Config
      uses: ivuorinen/actions/set-git-config@main
@@ -32,7 +32,7 @@ runs:

    - name: Push Fixes
      if: always()
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
      with:
        commit_message: 'style: autofix ESLint violations'
        add_options: '-u'
--- a/go-build/action.yml
+++ b/go-build/action.yml
@@ -24,7 +24,7 @@ runs:
      uses: ivuorinen/actions/go-version-detect@main

    - name: Setup Go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
      with:
        go-version: '${{ steps.detect-go-version.outputs.go-version }}'

--- a/go-lint/action.yml
+++ b/go-lint/action.yml
@@ -106,7 +106,7 @@ runs:
        done

    - name: Setup Go
-      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
      with:
        go-version: ${{ inputs.go-version }}
        cache: true
@@ -114,7 +114,7 @@ runs:
    - name: Set up Cache
      id: cache
      if: inputs.cache == 'true'
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          ~/.cache/golangci-lint
@@ -266,7 +266,7 @@ runs:

    - name: Upload Lint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
        category: golangci-lint
--- a/node-setup/action.yml
+++ b/node-setup/action.yml
@@ -161,7 +161,7 @@ runs:

    - name: Setup Node.js
      id: setup
-      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
      with:
        node-version: ${{ steps.version.outputs.version }}
        registry-url: ${{ inputs.registry-url }}
@@ -216,7 +216,7 @@ runs:
    - name: Setup Caching
      if: inputs.cache == 'true'
      id: deps-cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          **/node_modules
--- a/php-composer/action.yml
+++ b/php-composer/action.yml
@@ -172,7 +172,7 @@ runs:

    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: |
          vendor
@@ -238,12 +238,6 @@ runs:
          exit 1
        fi

-        # Check for any PHP errors in vendor
-        find vendor -name "*.php" -type f -exec php -l {} \; > /dev/null
-
-        # Verify Composer installation
-        composer validate --no-check-all --strict
-
    - name: Generate Optimized Autoloader
      if: success()
      shell: bash
--- a/php-laravel-phpunit/action.yml
+++ b/php-laravel-phpunit/action.yml
@@ -50,11 +50,11 @@ runs:
        extensions: ${{ inputs.extensions }}
        coverage: ${{ inputs.coverage }}

-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: 'Check file existence'
      id: check_files
-      uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3
+      uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
      with:
        files: 'package.json, artisan'

--- a/pr-lint/action.yml
+++ b/pr-lint/action.yml
@@ -14,7 +14,7 @@ runs:
  steps:
    # Git Checkout
    - name: Checkout Code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        token: ${{ github.token }}

@@ -30,7 +30,7 @@ runs:
    - name: MegaLinter
      # You can override MegaLinter flavor used to have faster performances
      # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter@ec124f7998718d79379a3c5b39f5359952baf21d # v8
+      uses: oxsecurity/megalinter@ec124f7998718d79379a3c5b39f5359952baf21d # v8.4.2
      id: ml

      # All available variables are described in documentation
@@ -79,7 +79,7 @@ runs:
    # Upload MegaLinter artifacts
    - name: Archive production artifacts
      if: success() || failure()
-      uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: MegaLinter reports
        include-hidden-files: 'true'
@@ -120,7 +120,7 @@ runs:
    # Create pull request if applicable
    # (for now works only on PR from same repository, not from forks)
    - name: Create Pull Request with applied fixes
-      uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
      id: cpr
      if: env.APPLY_FIXES_IF_PR == 'true'
      with:
@@ -144,7 +144,7 @@ runs:
      run: sudo chown -Rc $UID .git/

    - name: Commit and push applied linter fixes
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
      if: env.APPLY_FIXES_IF_COMMIT == 'true'
      with:
        branch: >-
--- a/pre-commit/action.yml
+++ b/pre-commit/action.yml
@@ -56,7 +56,7 @@ runs:

    - name: Push pre-commit fixes
      if: always() # Push changes even when pre-commit fails
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
      with:
        commit_message: 'style(pre-commit): autofix'
        add_options: -u
--- a/prettier-check/action.yml
+++ b/prettier-check/action.yml
@@ -102,7 +102,7 @@ runs:

    - name: Set up Cache
      id: cache
-      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      if: inputs.cache == 'true'
      with:
        path: |
@@ -305,7 +305,7 @@ runs:

    - name: Upload Prettier Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/prettier.sarif
        category: prettier
--- a/prettier-fix/action.yml
+++ b/prettier-fix/action.yml
@@ -12,7 +12,7 @@ runs:
  using: 'composite'
  steps:
    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Set Git Config
      uses: ivuorinen/actions/set-git-config@main
@@ -32,7 +32,7 @@ runs:

    - name: Push Fixes
      if: always()
-      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5
+      uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
      with:
        commit_message: 'style: autofix Prettier violations'
        add_options: '-u'
--- a/python-lint-fix/action.yml
+++ b/python-lint-fix/action.yml
@@ -49,7 +49,7 @@ runs:
  using: composite
  steps:
    - name: Setup Python
-      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5
+      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
      with:
        python-version: ${{ inputs.python-version }}
        cache: 'pip'
@@ -213,7 +213,7 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
        category: 'python-lint'
--- a/release-monthly/action.yml
+++ b/release-monthly/action.yml
@@ -62,7 +62,7 @@ runs:
        fi

    - name: Checkout Repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        fetch-depth: 0 # Fetch all history for tag comparison

--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -82,7 +82,7 @@ runs:

    - name: Setup Terraform
      if: steps.check-files.outputs.found == 'true'
-      uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+      uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
      with:
        terraform_version: ${{ inputs.terraform-version }}
        terraform_wrapper: false
@@ -225,7 +225,7 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/tflint.sarif
        category: terraform-lint
Author	SHA1	Message	Date
renovate[bot]	51dbb7fbe1	fix(github-action): update peter-evans/create-pull-request (v7.0.6 → v7.0.8) (#86 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 20:38:09 +00:00
renovate[bot]	411fd89715	fix(github-action): update github/codeql-action to v3.28.13 (#85 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 18:57:55 +00:00
renovate[bot]	642883d9f9	fix(github-action): update actions/upload-artifact to v4.6.2 (#84 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 15:46:33 +00:00
renovate[bot]	5378420242	fix(github-action): update actions/setup-dotnet (v4.3.0 → v4.3.1) (#82 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 10:07:50 +00:00
renovate[bot]	85f88126e0	fix(github-action): update actions/cache (v4.2.0 → v4.2.3) (#81 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-24 04:57:56 +00:00
Ismo Vuorinen	eb085adfe2	chore(ci): update GitHub Actions workflow dependencies to latest versions (#78 )	2025-03-19 17:26:36 +02:00
renovate[bot]	55f7471ea2	fix(github-action): update peter-evans/create-pull-request (v7.0.7 → v7.0.8) (#74 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-18 13:57:35 +02:00
renovate[bot]	e58379d592	fix(github-action): update github/codeql-action (v3.28.10 → v3.28.11) (#73 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-18 08:48:49 +00:00
Ismo Vuorinen	85811a09ab	fix(ci): remove extra checks from php-composer (#70 )	2025-03-13 21:50:32 +02:00
renovate[bot]	acba21a852	fix(github-action): update peter-evans/create-pull-request (v7.0.6 → v7.0.7) (#67 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-02 12:39:21 +02:00
renovate[bot]	9dd848978c	fix(github-action): update actions/download-artifact (v4.1.0 → v4.1.9) (#66 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-03-02 08:27:57 +00:00