Merge branch 'main' into feature/DEF-3580-dependency-review-v3

Author: JPLachance

.github/workflows/actions-codeql.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 

.github/workflows/dependency-review-v2.yml

@@ -57,7 +57,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 
@@ -120,7 +120,7 @@ jobs:
             core.setFailure(`Could not determine configuration for inputs: ${inputs}`)
 
       - name: Scan
-        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
+        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 Can't update past this version because https://github.com/actions/dependency-review-action/issues/907
         with:
           comment-summary-in-pr: ${{ inputs.comment-summary-in-pr }}
           fail-on-severity: ${{ inputs.fail-on-severity }}

.github/workflows/dependency-review.yml

@@ -63,7 +63,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 

.github/workflows/java-maven-openjdk-codeql.yml

@@ -45,7 +45,7 @@ jobs:
       # Allow calling Git on a working copy owned by another user than the current one.
       # see: https://github.blog/2022-04-12-git-security-vulnerability-announced/
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 
@@ -64,7 +64,7 @@ jobs:
           languages: java
 
       - name: Cache maven dependencies
-        uses: actions/[email protected].0
+        uses: actions/[email protected].3
         with:
           path: ~/.m2
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}

.github/workflows/java-maven-openjdk-dependency-submission.yml

@@ -50,15 +50,15 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           egress-policy: audit
 
       - name: Checkout repository
         uses: actions/[email protected]
 
       - name: Cache maven dependencies
-        uses: actions/[email protected].0
+        uses: actions/[email protected].3
         with:
           path: ~/.m2
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}

.github/workflows/java-maven-openjdk11-codeql.yml

@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
           disable-sudo: true
           egress-policy: audit
@@ -53,7 +53,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -75,7 +75,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/java-maven-openjdk11-dependency-submission.yml

@@ -4,8 +4,6 @@ audit-renovate-config/** @coveo/dev-tooling @coveo/r-d-security-defence @coveo/c
 .github/workflows/actions-codeql.yml @coveo/r-d-security-defence
 .github/workflows/dependency-review.yml @coveo/r-d-security-defence
 .github/workflows/dependency-review-v2.yml @coveo/r-d-security-defence
-.github/workflows/java-maven-openjdk11-codeql.yml @coveo/r-d-security-defence
-.github/workflows/java-maven-openjdk11-dependency-submission.yml @coveo/r-d-security-defence
 .github/workflows/java-maven-openjdk-codeql.yml @coveo/r-d-security-defence
 .github/workflows/java-maven-openjdk-dependency-review.yml @coveo/r-d-security-defence
 .github/workflows/java-maven-openjdk-dependency-submission.yml @coveo/r-d-security-defence