diff --git a/.github/workflows/block-merge-eol.yml b/.github/workflows/block-merge-eol.yml index 3ea4d268d250b..ab04945680864 100644 --- a/.github/workflows/block-merge-eol.yml +++ b/.github/workflows/block-merge-eol.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Set server major version environment - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index 6166080833424..3a9d5cc37836c 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Register server reference to fallback to master branch - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/block-outdated-3rdparty.yml b/.github/workflows/block-outdated-3rdparty.yml index 39ab6c078c207..7beef53946b7f 100644 --- a/.github/workflows/block-outdated-3rdparty.yml +++ b/.github/workflows/block-outdated-3rdparty.yml @@ -41,7 +41,7 @@ jobs: echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT" - name: Register server reference to fallback to master branch - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/bug-report-labeler.yml b/.github/workflows/bug-report-labeler.yml index 743713dec1a0e..369f95b7947fa 100644 --- a/.github/workflows/bug-report-labeler.yml +++ b/.github/workflows/bug-report-labeler.yml @@ -14,7 +14,7 @@ jobs: issues: write steps: - name: Extract version number and apply label - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const body = context.payload.issue.body || ''; diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1e8000cc3665c..232743ef4e0db 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,13 +37,13 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} config-file: ./.github/codeql-config.yml - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index f245332d60f8d..396e92985f73c 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Get repository from pull request comment - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: get-repository with: github-token: ${{secrets.GITHUB_TOKEN}} @@ -124,7 +124,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm diff --git a/.github/workflows/command-pull-3rdparty.yml b/.github/workflows/command-pull-3rdparty.yml index 97ea974ea1a19..9c58d785c1c42 100644 --- a/.github/workflows/command-pull-3rdparty.yml +++ b/.github/workflows/command-pull-3rdparty.yml @@ -32,7 +32,7 @@ jobs: # must fetch the PR via the API. This also gives us base.ref for free, avoiding # a second API call. The GITHUB_TOKEN needs pull-requests:read (granted above). - name: Get pull request metadata - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 id: get-pr with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 9243c5643b67d..a7cc8a81e79d2 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -50,7 +50,7 @@ jobs: - name: Check composer.json id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: files: 'composer.json' @@ -66,7 +66,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -154,7 +154,7 @@ jobs: path: ./ - name: Set up node ${{ needs.init.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ needs.init.outputs.nodeVersion }} @@ -184,7 +184,7 @@ jobs: SETUP_TESTING: ${{ matrix.containers == 'setup' && 'true' || '' }} - name: Upload snapshots and videos - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: snapshots_${{ matrix.containers }} @@ -207,7 +207,7 @@ jobs: run: docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} tar -cvjf - data > data.tar - name: Upload data archive - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: failure() && matrix.containers != 'component' with: name: nc_data_${{ matrix.containers }} diff --git a/.github/workflows/integration-dav.yml b/.github/workflows/integration-dav.yml index ea519e51d2dc7..db670de0b22b3 100644 --- a/.github/workflows/integration-dav.yml +++ b/.github/workflows/integration-dav.yml @@ -71,7 +71,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Python - uses: LizardByte/actions/actions/setup_python@0affa4f7bcb27562658960eee840eff8ff844578 # v2026.328.161128 + uses: LizardByte/actions/actions/setup_python@4125866b7b655a6fe038b0e22a43a4c5d259af79 # v2026.417.35446 with: python-version: '2.7' diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 8f970dda86144..3b7e7e1906ce5 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -68,7 +68,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index fa23f2b07fb48..231a5d2f92a71 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -65,7 +65,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node-test-handlebars.yml b/.github/workflows/node-test-handlebars.yml index 8020318dc4953..a73f5251cf477 100644 --- a/.github/workflows/node-test-handlebars.yml +++ b/.github/workflows/node-test-handlebars.yml @@ -71,7 +71,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index 331493b1d5d60..359bead65f746 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -70,7 +70,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index c55367d167f1c..ff6f1a423e4e3 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -68,7 +68,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index c2736aa90e34d..3cf372a436285 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -49,7 +49,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -70,7 +70,7 @@ jobs: - name: Create Pull Request if: steps.checkout.outcome == 'success' - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(deps): Fix npm audit' diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index 154e5ce99ee53..64916c66ee122 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -100,14 +100,14 @@ jobs: - name: Upload profiles if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a with: name: profiles path: | before.json after.json - - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7 + - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7 if: failure() && steps.compare.outcome == 'failure' with: github-token: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/rector-apply.yml b/.github/workflows/rector-apply.yml index 7ff6376fe87f0..bdcac534b7c0f 100644 --- a/.github/workflows/rector-apply.yml +++ b/.github/workflows/rector-apply.yml @@ -56,7 +56,7 @@ jobs: run: composer run rector - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'refactor: Apply rector changes' diff --git a/.github/workflows/rector.yml b/.github/workflows/rector.yml index 4fc4d714b79b4..735cb94974335 100644 --- a/.github/workflows/rector.yml +++ b/.github/workflows/rector.yml @@ -20,7 +20,7 @@ jobs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index deb9c75616f80..5155e481ea207 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -114,7 +114,7 @@ jobs: - name: Upload Security Analysis results to GitHub if: always() - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/update-cacert-bundle.yml b/.github/workflows/update-cacert-bundle.yml index 57a29e7f529e8..7c28bd87baef9 100644 --- a/.github/workflows/update-cacert-bundle.yml +++ b/.github/workflows/update-cacert-bundle.yml @@ -32,7 +32,7 @@ jobs: run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(security): Update CA certificate bundle' diff --git a/.github/workflows/update-code-signing-crl.yml b/.github/workflows/update-code-signing-crl.yml index ae2ccdb48bba3..9704aa12cfde3 100644 --- a/.github/workflows/update-code-signing-crl.yml +++ b/.github/workflows/update-code-signing-crl.yml @@ -35,7 +35,7 @@ jobs: run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(security): Update code signing revocation list' diff --git a/.github/workflows/update-min-supported-desktop.yml b/.github/workflows/update-min-supported-desktop.yml index 3413147a6496c..e2726906defcb 100644 --- a/.github/workflows/update-min-supported-desktop.yml +++ b/.github/workflows/update-min-supported-desktop.yml @@ -107,7 +107,7 @@ jobs: fi - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 if: steps.update-files.outputs.CHANGES_MADE == 'true' with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/update-stable-titles.yml b/.github/workflows/update-stable-titles.yml index 1c0c54e0247a1..8fe443f027c7c 100644 --- a/.github/workflows/update-stable-titles.yml +++ b/.github/workflows/update-stable-titles.yml @@ -24,7 +24,7 @@ jobs: run: sleep 15 - name: Get PR details and update title - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: |