Update github-actions

renovate[bot] · web-flow · commit 96d59bc076b2 · 2025-04-07T10:28:22.000Z
Signed-off-by: Renovate Bot &lt;bot@renovateapp.com&gt;
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -51,7 +51,7 @@ jobs:
 
             # Initializes the CodeQL tools for scanning.
             - name: "Initialize CodeQL"
-              uses: "github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9
+              uses: "github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841" # v3.28.13
               with:
                   languages: "${{ matrix.language }}"
                   # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,7 +61,7 @@ jobs:
             # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
             # If this step fails, then you should remove it and run the build manually (see below)
             - name: "Autobuild"
-              uses: "github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9
+              uses: "github/codeql-action/autobuild@1b549b9259bda1cb5ddde3b41741a82a2d15a841" # v3.28.13
 
             # ℹ️ Command-line programs to run using the OS shell.
             # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -74,6 +74,6 @@ jobs:
             #   ./location_of_script_within_repo/buildscript.sh
 
             - name: "Perform CodeQL Analysis"
-              uses: "github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9
+              uses: "github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841" # v3.28.13
               with:
                   category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml
@@ -16,7 +16,7 @@ jobs:
             issues: "write"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -21,7 +21,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -33,4 +33,4 @@ jobs:
                   EMAIL: "github-actions[bot]@users.noreply.github.com"
 
             - name: "Dependency Review"
-              uses: "actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019" # v4.5.0
+              uses: "actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8" # v4.6.0
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -35,7 +35,7 @@ jobs:
             package_json_lintable: "${{ steps.changes.outputs.package_json_lintable }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -60,7 +60,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -77,7 +77,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -88,7 +88,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
@@ -111,7 +111,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -128,7 +128,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -140,7 +140,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
@@ -163,7 +163,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -180,7 +180,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -191,7 +191,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
@@ -214,7 +214,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -231,7 +231,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -242,7 +242,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
@@ -265,7 +265,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -289,7 +289,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -314,7 +314,7 @@ jobs:
         runs-on: "ubuntu-latest"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -325,14 +325,14 @@ jobs:
                   GIT_AUTHOR_NAME: "GitHub Actions Shell"
                   EMAIL: "github-actions[bot]@users.noreply.github.com"
 
-            - uses: "pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2" # v4.0.0
+            - uses: "pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda" # v4.1.0
               with:
                   run_install: false
 
             - name: "Use Node.js 18.x"
-              uses: "actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af" # v4.1.0
+              uses: "actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e" # v4.3.0
               with:
-                  node-version: "18.x"
+                  node-version: "18.20.8"
                   cache: "pnpm"
 
             - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
@@ -364,7 +364,7 @@ jobs:
             # If any jobs we depend on fail, we will fail since this is a required check
             # NOTE: A timeout is considered a failure
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/lock-file-maintenance.yml b/.github/workflows/lock-file-maintenance.yml
@@ -21,7 +21,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -48,7 +48,7 @@ jobs:
 
             - name: "Commit lock file"
               if: "success()"
-              uses: "stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842" # v5.0.1
+              uses: "stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79" # v5.1.0
               with:
                   file_pattern: "pnpm-lock.yaml"
                   commit_message: "chore: updated lock file [ci skip]"
diff --git a/.github/workflows/preview-release.yaml b/.github/workflows/preview-release.yaml
@@ -26,7 +26,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -43,7 +43,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -55,7 +55,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
diff --git a/.github/workflows/require-allow-edits.yml b/.github/workflows/require-allow-edits.yml
@@ -16,7 +16,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -33,7 +33,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -43,7 +43,7 @@ jobs:
                   persist-credentials: false
 
             - name: "Run analysis"
-              uses: "ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46" # v2.4.0
+              uses: "ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186" # v2.4.1
               with:
                   results_file: "results.sarif"
                   results_format: "sarif"
@@ -65,14 +65,14 @@ jobs:
             # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
             # format to the repository Actions tab.
             - name: "Upload artifact"
-              uses: "actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08" # v4.6.0
+              uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02" # v4.6.2
               with:
                   name: "SARIF file"
                   path: "results.sarif"
                   retention-days: 5
 
             # Upload the results to GitHub's code scanning dashboard.
             - name: "Upload to code-scanning"
-              uses: "github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae" # v3.27.9
+              uses: "github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841" # v3.28.13
               with:
                   sarif_file: "results.sarif"
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -29,7 +29,7 @@ jobs:
 
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
             codecov: "${{ steps.changes.outputs.codecov }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -72,7 +72,7 @@ jobs:
             NODE: "${{ matrix.node_version }}"
         steps:
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
@@ -89,7 +89,7 @@ jobs:
 
             - name: "Derive appropriate SHAs for base and head for `nx affected` commands"
               id: "setSHAs"
-              uses: "nrwl/nx-set-shas@e2e6dc8bce4b0387a05eb687735c39c41580b792" # v4
+              uses: "nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b" # v4
 
             - name: "Setup resources and environment"
               id: "setup"
@@ -115,7 +115,7 @@ jobs:
             # Temporary solution until Nx solve this https://github.com/nrwl/nx/issues/22259
             - name: "Get changed files"
               id: "files"
-              uses: "tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366" # v45.0.5
+              uses: "tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8" # v45.0.9
               with:
                   files_ignore_from_source_file: ".github/ignore-files-for-nx-affected.yml"
                   base_sha: "${{ steps.setSHAs.outputs.base }}"
@@ -165,7 +165,7 @@ jobs:
             # If any jobs we depend on fail, we will fail since this is a required check
             # NOTE: A timeout is considered a failure
             - name: "Harden Runner"
-              uses: "step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f" # v2.10.2
+              uses: "step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf" # v2.11.1
               with:
                   egress-policy: "audit"
 
