fix(github-action): update ossf/scorecard-action (v2.4.1 → v2.4.2) (#149 )

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
fix(github-action): update ivuorinen/actions (25.5.12 → 25.5.26) (#148 )
2026-02-04 11:42:59 +00:00 · 2025-06-02 07:42:09 +00:00 · 2025-06-02 02:55:25 +00:00 · 2025-05-26 13:36:14 +03:00 · 2025-05-26 10:28:41 +00:00 · 2025-05-17 00:48:28 +00:00
16 changed files with 26 additions and 26 deletions
--- a/.github/workflows/action-security.yml
+++ b/.github/workflows/action-security.yml
@@ -117,14 +117,14 @@ jobs:
      - name: Upload Trivy results
        if: steps.verify-sarif.outputs.has_trivy == 'true'
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: 'trivy-results.sarif'
          category: 'trivy'
      - name: Upload Gitleaks results
        if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: 'gitleaks-report.sarif'
          category: 'gitleaks'
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,15 +32,15 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          languages: ${{ matrix.language }}
          queries: security-and-quality
      - name: Autobuild
-        uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -13,4 +13,4 @@ jobs:
      - name: 'Checkout Repository'
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0
+        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -69,7 +69,7 @@ jobs:
      - name: MegaLinter
        id: ml
-        uses: oxsecurity/megalinter/flavors/cupcake@04cf22b980c2e9c2121553417ed651c944afc8e1 # v8.6.0
+        uses: oxsecurity/megalinter/flavors/cupcake@5a91fb06c83d0e69fbd23756d47438aa723b4a5a # v8.7.0
        env:
          PARALLEL: true # Run linters in parallel
          FILTER_REGEX_EXCLUDE: '(\.automation/test|docs/json-schemas|\.github/workflows)'
@@ -113,7 +113,7 @@ jobs:
      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter
--- a/.github/workflows/security-suite.yml
+++ b/.github/workflows/security-suite.yml
@@ -87,7 +87,7 @@ jobs:
            --enableExperimental
            --failOnCVSS 7
      - name: Upload OWASP Results
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: reports/dependency-check-report.sarif
          category: owasp-dependency-check
@@ -119,7 +119,7 @@ jobs:
        with:
          args: --all-projects --sarif-file-output=snyk-results.sarif
      - name: Upload Snyk Results
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: snyk-results.sarif
          category: snyk
@@ -140,13 +140,13 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Run Scorecard
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
        with:
          results_file: scorecard-results.sarif
          results_format: sarif
          publish_results: true
      - name: Upload Scorecard Results
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
        with:
          sarif_file: scorecard-results.sarif
          category: scorecard
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -32,4 +32,4 @@ JAVASCRIPT_ES_CONFIG_FILE: .eslintrc.json
 TYPESCRIPT_ES_CONFIG_FILE: .eslintrc.json
 FILTER_REGEX_EXCLUDE: >
-  (node_modules|\.automation/test|docs/json-schemas|\.github/workflows)
+  (node_modules|\.automation/test|docs/json-schemas)
--- a/ansible-lint-fix/action.yml
+++ b/ansible-lint-fix/action.yml
@@ -47,6 +47,6 @@ runs:
        fi
    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ansible-lint.sarif
--- a/biome-check/action.yml
+++ b/biome-check/action.yml
@@ -31,6 +31,6 @@ runs:
        biome check . --json > biome-report.json
    - name: Upload Biome Results
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: biome-report.json
--- a/csharp-lint-check/action.yml
+++ b/csharp-lint-check/action.yml
@@ -40,6 +40,6 @@ runs:
        fi
    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: dotnet-format.sarif
--- a/eslint-check/action.yml
+++ b/eslint-check/action.yml
@@ -239,7 +239,7 @@ runs:
    - name: Upload ESLint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/eslint.sarif
        category: eslint
--- a/go-build/action.yml
+++ b/go-build/action.yml
@@ -24,7 +24,7 @@ runs:
      uses: ivuorinen/actions/go-version-detect@main
    - name: Setup Go
-      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
      with:
        go-version: '${{ steps.detect-go-version.outputs.go-version }}'
--- a/go-lint/action.yml
+++ b/go-lint/action.yml
@@ -106,7 +106,7 @@ runs:
        done
    - name: Setup Go
-      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
      with:
        go-version: ${{ inputs.go-version }}
        cache: true
@@ -266,7 +266,7 @@ runs:
    - name: Upload Lint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
        category: golangci-lint
--- a/pr-lint/action.yml
+++ b/pr-lint/action.yml
@@ -29,7 +29,7 @@ runs:
    #   ╰──────────────────────────────────────────────────────────╯
    - name: Setup Git Config
      id: git-config
-      uses: ivuorinen/actions/set-git-config@279ab4ac65d73b63b72f4a4064149b885b1ab134 # 25.4.25
+      uses: ivuorinen/actions/set-git-config@baed29f713eaa0817982be42681e66511cb092b5 # 25.5.26
    #   ╭──────────────────────────────────────────────────────────╮
    #   │               Install packages for linting               │
@@ -114,7 +114,7 @@ runs:
    - name: Setup Go
      if: steps.detect-go.outputs.found == 'true'
-      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
+      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
      with:
        go-version-file: 'go.mod'
        cache: true
@@ -125,7 +125,7 @@ runs:
    - name: MegaLinter
      # You can override MegaLinter flavor used to have faster performances
      # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter/flavors/cupcake@04cf22b980c2e9c2121553417ed651c944afc8e1 # v8.6.0
+      uses: oxsecurity/megalinter/flavors/cupcake@5a91fb06c83d0e69fbd23756d47438aa723b4a5a # v8.7.0
      id: ml
      # All available variables are described in documentation
--- a/prettier-check/action.yml
+++ b/prettier-check/action.yml
@@ -305,7 +305,7 @@ runs:
    - name: Upload Prettier Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/prettier.sarif
        category: prettier
--- a/python-lint-fix/action.yml
+++ b/python-lint-fix/action.yml
@@ -213,7 +213,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
        category: 'python-lint'
--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -225,7 +225,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/tflint.sarif
        category: terraform-lint
Author	SHA1	Message	Date
renovate[bot]	607d30ad0c	fix(github-action): update ossf/scorecard-action (v2.4.1 → v2.4.2) (#149 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-02 07:42:09 +00:00
renovate[bot]	d6d99b627e	fix(github-action): update ivuorinen/actions (25.5.12 → 25.5.26) (#148 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-06-02 02:55:25 +00:00
Ismo Vuorinen	baed29f713	chore(ci): allow .github/workflows in .mega-linter.yml (#146 )	2025-05-26 13:36:14 +03:00
renovate[bot]	598fe0190a	fix(github-action): update actions/dependency-review-action (v4.7.0 → v4.7.1) (#138 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-26 10:28:41 +00:00
renovate[bot]	5979943049	fix(github-action): update ivuorinen/actions (25.5.5 → 25.5.12) (#140 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-17 00:48:28 +00:00
renovate[bot]	245d8a9c98	fix(github-action): update github/codeql-action (v3.28.17 → v3.28.18) (#139 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-16 21:12:50 +00:00
renovate[bot]	140177528b	feat(github-action): update ivuorinen/actions (25.4.28 → 25.5.5) (#136 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-12 09:13:58 +00:00
renovate[bot]	deb8ece950	feat(github-action): update actions/dependency-review-action (v4.6.0 → v4.7.0) (#135 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-12 05:04:05 +00:00
renovate[bot]	8d9f6811d7	feat(github-action): update actions/setup-go (v5.4.0 → v5.5.0) (#134 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-12 00:38:05 +00:00
renovate[bot]	2be873ebc8	feat(github-action): update oxsecurity/megalinter (v8.6.0 → v8.7.0) (#132 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-05 08:55:04 +00:00
renovate[bot]	644f3dec68	fix(github-action): update ivuorinen/actions (25.4.25 → 25.4.28) (#130 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-05 08:42:23 +00:00
renovate[bot]	300d2020d4	fix(github-action): update github/codeql-action (v3.28.16 → v3.28.17) (#129 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2025-05-05 04:46:53 +00:00