diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3c8714ab..7a296574 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'checksrc' @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -116,7 +116,7 @@ jobs: matrix: image: [ubuntu-latest, macos-latest, windows-2022] steps: - - uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 # v2.29.0 + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 if: ${{ contains(matrix.image, 'windows') }} with: msystem: mingw64 @@ -151,7 +151,7 @@ jobs: printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Darwin-x86_64/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt fi - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -326,7 +326,7 @@ jobs: - name: 'cache mbedTLS' if: ${{ matrix.crypto == 'mbedTLS-from-source' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-mbedtls with: path: ~/usr @@ -377,7 +377,7 @@ jobs: - name: 'cache BoringSSL' if: ${{ matrix.crypto == 'BoringSSL' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-boringssl with: path: ~/usr @@ -399,7 +399,7 @@ jobs: - name: 'cache AWS-LC' if: ${{ matrix.crypto == 'AWS-LC' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-aws-lc with: path: ~/usr @@ -416,7 +416,7 @@ jobs: - name: 'cache LibreSSL' if: ${{ matrix.crypto == 'LibreSSL' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-libressl with: path: ~/usr @@ -436,7 +436,7 @@ jobs: - name: 'cache OpenSSL' if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-openssl with: path: ~/usr @@ -454,7 +454,7 @@ jobs: - name: 'cache OpenSSL 1.1.1' if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }} - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 id: cache-openssl111 with: path: ~/usr @@ -469,7 +469,7 @@ jobs: make make -j1 install_sw - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -598,7 +598,7 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 \ ${INSTALL_PACKAGES} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -667,7 +667,7 @@ jobs: site: https://mirrors.kernel.org/sourceware/cygwin/ work-vol: 'D:' - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -751,12 +751,12 @@ jobs: - { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'uwp' } - { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'no-options' } steps: - - uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 # v2.29.0 + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 if: ${{ matrix.sys == 'msys' }} with: msystem: ${{ matrix.sys }} install: gcc ${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || 'ninja' }} openssl-devel zlib-devel - - uses: msys2/setup-msys2@fb197b72ce45fb24f17bf3f807a388985654d1f2 # v2.29.0 + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 if: ${{ matrix.sys != 'msys' }} with: msystem: ${{ matrix.sys }} @@ -765,7 +765,7 @@ jobs: mingw-w64-${{ matrix.env }}-${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || '' }} mingw-w64-${{ matrix.env }}-openssl - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -861,7 +861,7 @@ jobs: - { arch: arm64, plat: uwp , crypto: WinCNG , wincng_ecdsa: 'ON' , log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'OFF' } - { arch: x86 , plat: windows, crypto: WinCNG , wincng_ecdsa: 'OFF', log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'ON' } steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -954,7 +954,7 @@ jobs: env: INSTALL_PACKAGES: ${{ matrix.build == 'autotools' && 'automake libtool' || '' }} run: brew install ${INSTALL_PACKAGES} ${MATRIX_INSTALL} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -1021,11 +1021,11 @@ jobs: matrix: arch: ['x86_64', 'arm64'] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'cmake' - uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda # v0.30.0 + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 with: operating_system: 'netbsd' version: '10.1' @@ -1053,11 +1053,11 @@ jobs: matrix: arch: ['x86_64'] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'cmake' - uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda # v0.30.0 + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 with: operating_system: 'openbsd' version: '7.7' @@ -1088,11 +1088,11 @@ jobs: matrix: arch: ['x86_64', 'arm64'] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'autotools' - uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda # v0.30.0 + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 with: operating_system: 'freebsd' version: '14.3' diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 3194514d..7400c551 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -39,7 +39,7 @@ jobs: dry-run: false language: c - name: 'Upload Crash' - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: ${{ failure() && steps.build.outcome == 'success' }} with: name: artifacts diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b218988..d80f6717 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,18 +30,18 @@ jobs: permissions: security-events: write # To create/update security events steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: actions queries: security-extended - name: 'perform analysis' - uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 c: if: ${{ github.repository_owner == 'libssh2' || github.event_name != 'schedule' }} @@ -65,12 +65,12 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install zlib1g-dev libssl-dev libgcrypt-dev libmbedtls-dev libwolfssl-dev - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: 'initialize' - uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: cpp build-mode: manual @@ -91,4 +91,4 @@ jobs: fi - name: 'perform analysis' - uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 diff --git a/.github/workflows/openssh_server.yml b/.github/workflows/openssh_server.yml index 22e417cd..aefe3dd8 100644 --- a/.github/workflows/openssh_server.yml +++ b/.github/workflows/openssh_server.yml @@ -51,7 +51,7 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: HASH: '${{ steps.hash.outputs.hash }}' run: docker manifest inspect "ghcr.io/${GITHUB_REPOSITORY_OWNER}/ci_tests_openssh_server:${HASH}" - - uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 if: ${{ steps.poll.outcome == 'failure' }} id: meta with: