From ffc40de5d318f526fcfc61886cc5877274815e27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 06:27:38 +0000 Subject: [PATCH] build(deps): bump the prod-github-actions group across 1 directory with 7 updates Bumps the prod-github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.2` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.2.1` | `4.5.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.15` | `3.27.9` | | [gradle/actions](https://github.com/gradle/actions) | `3.5.0` | `4.2.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.4` | `4.4.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.3.0` | | [MobSF/mobsfscan](https://github.com/mobsf/mobsfscan) | `0.3.9` | `0.4.5` | Updates `actions/checkout` from 4.1.7 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.7...v4.2.2) Updates `actions/setup-java` from 4.2.1 to 4.5.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v4.2.1...v4.5.0) Updates `github/codeql-action` from 3.25.15 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.25.15...v3.27.9) Updates `gradle/actions` from 3.5.0 to 4.2.1 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](https://github.com/gradle/actions/compare/v3.5.0...v4.2.1) Updates `actions/upload-artifact` from 4.3.4 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.3.4...v4.4.3) Updates `actions/setup-python` from 5.1.1 to 5.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.1.1...v5.3.0) Updates `MobSF/mobsfscan` from 0.3.9 to 0.4.5 - [Release notes](https://github.com/mobsf/mobsfscan/releases) - [Commits](https://github.com/mobsf/mobsfscan/compare/849b749e7f3244c7b4f418ff858a9fa4e1406115...3d87bc570c4614d705547bddb521395663dba353) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions - dependency-name: gradle/actions dependency-type: direct:production update-type: version-update:semver-major dependency-group: prod-github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions - dependency-name: MobSF/mobsfscan dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 10 +++++----- .github/workflows/detekt.yml | 8 ++++---- ...e2e-test-fusionauth-latest-android-latest.yml | 6 +++--- ...e2e-test-fusionauth-latest-android-matrix.yml | 6 +++--- ...e2e-test-fusionauth-matrix-android-latest.yml | 6 +++--- .github/workflows/lint.yml | 16 ++++++++-------- .github/workflows/mobsf.yml | 8 ++++---- .github/workflows/pre-release.yml | 6 +++--- .github/workflows/release.yml | 6 +++--- 9 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0f471b9..88a28b0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,17 +50,17 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 - name: Setup JDK 17 - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.25.15 + uses: github/codeql-action/init@v3.27.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.25.15 + uses: github/codeql-action/autobuild@v3.27.9 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -87,6 +87,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.25.15 + uses: github/codeql-action/analyze@v3.27.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/detekt.yml b/.github/workflows/detekt.yml index a96d8a8..91350a5 100644 --- a/.github/workflows/detekt.yml +++ b/.github/workflows/detekt.yml @@ -48,7 +48,7 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' @@ -62,11 +62,11 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Sets up Gradle as a prerequisite to run Detekt - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3.5.0 + uses: gradle/actions/setup-gradle@v4.2.1 with: gradle-home-cache-cleanup: true @@ -76,7 +76,7 @@ jobs: # Uploads Sarif Report to GitHub - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v3.25.15 + uses: github/codeql-action/upload-sarif@v3.27.9 if: success() || failure() with: sarif_file: build/reports/detekt/merge.sarif.json diff --git a/.github/workflows/e2e-test-fusionauth-latest-android-latest.yml b/.github/workflows/e2e-test-fusionauth-latest-android-latest.yml index 44a08e1..4d842e8 100644 --- a/.github/workflows/e2e-test-fusionauth-latest-android-latest.yml +++ b/.github/workflows/e2e-test-fusionauth-latest-android-latest.yml @@ -43,14 +43,14 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Create and start FusionAuth containers used by E2E test and sleeps for 30 seconds. # Despite its waiting until the container started with the status healthy, @@ -84,7 +84,7 @@ jobs: # Upload E2E Test recording - name: Upload recording - uses: actions/upload-artifact@v4.3.4 + uses: actions/upload-artifact@v4.4.3 if: ${{ failure() }} with: name: 'E2E Test recording - ${{ matrix.api-level }} ${{ matrix.target }} ${{ matrix.arch }} ${{ env.fusionauth-docker-image-version }}' diff --git a/.github/workflows/e2e-test-fusionauth-latest-android-matrix.yml b/.github/workflows/e2e-test-fusionauth-latest-android-matrix.yml index f850d6c..5e0d2ce 100644 --- a/.github/workflows/e2e-test-fusionauth-latest-android-matrix.yml +++ b/.github/workflows/e2e-test-fusionauth-latest-android-matrix.yml @@ -59,14 +59,14 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Create and start FusionAuth containers used by E2E test and sleeps for 30 seconds. # Despite its waiting until the container started with the status healthy, @@ -100,7 +100,7 @@ jobs: # Upload E2E Test recording - name: Upload recording - uses: actions/upload-artifact@v4.3.4 + uses: actions/upload-artifact@v4.4.3 if: ${{ failure() }} with: name: 'E2E Test recording - ${{ matrix.api-level }} ${{ matrix.target }} ${{ matrix.arch }} ${{ env.fusionauth-docker-image-version }}' diff --git a/.github/workflows/e2e-test-fusionauth-matrix-android-latest.yml b/.github/workflows/e2e-test-fusionauth-matrix-android-latest.yml index 922337c..57e72f4 100644 --- a/.github/workflows/e2e-test-fusionauth-matrix-android-latest.yml +++ b/.github/workflows/e2e-test-fusionauth-matrix-android-latest.yml @@ -44,14 +44,14 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Create and start FusionAuth containers used by E2E test and sleeps for 30 seconds. # Despite its waiting until the container started with the status healthy, @@ -85,7 +85,7 @@ jobs: # Upload E2E Test recording - name: Upload recording - uses: actions/upload-artifact@v4.3.4 + uses: actions/upload-artifact@v4.4.3 if: ${{ failure() }} with: name: 'E2E Test recording - ${{ matrix.api-level }} ${{ matrix.target }} ${{ matrix.arch }} ${{ matrix.fusionauth-docker-image-version }}' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8f3d13c..acb893a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -42,7 +42,7 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' @@ -56,11 +56,11 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3.5.0 + uses: gradle/actions/setup-gradle@v4.2.1 with: gradle-home-cache-cleanup: true @@ -70,7 +70,7 @@ jobs: # Uploads Sarif Report for the library to GitHub - name: Upload kotlin library report - uses: github/codeql-action/upload-sarif@v3.25.15 + uses: github/codeql-action/upload-sarif@v3.27.9 if: success() || failure() with: sarif_file: library/build/reports/lint-results-debug.sarif @@ -99,7 +99,7 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' @@ -113,11 +113,11 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Sets up Gradle as a prerequisite to run Android Lint - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3.5.0 + uses: gradle/actions/setup-gradle@v4.2.1 with: gradle-home-cache-cleanup: true @@ -127,7 +127,7 @@ jobs: # Uploads Sarif Report for the app to GitHub - name: Upload kotlin app report - uses: github/codeql-action/upload-sarif@v3.25.15 + uses: github/codeql-action/upload-sarif@v3.27.9 if: success() || failure() with: sarif_file: app/build/reports/lint-results-debug.sarif diff --git a/.github/workflows/mobsf.yml b/.github/workflows/mobsf.yml index 49613fa..cfe2d3b 100644 --- a/.github/workflows/mobsf.yml +++ b/.github/workflows/mobsf.yml @@ -30,11 +30,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.7 + - uses: actions/checkout@v4.2.2 # Sets up the python as a prerequisites for MobSF - name: Setup python - uses: actions/setup-python@v5.1.1 + uses: actions/setup-python@v5.3.0 with: python-version: 3.8 @@ -47,13 +47,13 @@ jobs: # Performs analysis using MobSF and outputs a Sarif Report - name: Run mobsfscan - uses: MobSF/mobsfscan@849b749e7f3244c7b4f418ff858a9fa4e1406115 + uses: MobSF/mobsfscan@3d87bc570c4614d705547bddb521395663dba353 with: args: . --sarif --output mobsf.sarif.json || true # Uploads Sarif Report to GitHub - name: Upload mobsfscan report - uses: github/codeql-action/upload-sarif@v3.25.15 + uses: github/codeql-action/upload-sarif@v3.27.9 if: success() || failure() with: sarif_file: mobsf.sarif.json diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 240d3c5..2ce3f89 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -41,18 +41,18 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Sets up Gradle as a prerequisite to run Maven Pre-Release - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3.5.0 + uses: gradle/actions/setup-gradle@v4.2.1 with: gradle-home-cache-cleanup: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05bbc30..9b34e41 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -56,18 +56,18 @@ jobs: steps: # Sets up JDK as a prerequisite to run Gradle - name: Setup Java - uses: actions/setup-java@v4.2.1 + uses: actions/setup-java@v4.5.0 with: java-version: '17' distribution: 'zulu' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout repository - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 # Sets up Gradle as a prerequisite to run Maven Release - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3.5.0 + uses: gradle/actions/setup-gradle@v4.2.1 with: gradle-home-cache-cleanup: true