diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index b39c6ba754b8..5fb8a7d3b6a2 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -83,7 +83,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: block @@ -104,7 +104,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -129,7 +129,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -137,7 +137,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -160,7 +160,7 @@ jobs: composer-options: '--prefer-dist --no-progress --no-interaction' - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/cleanup-pr-assets.yml b/.github/workflows/cleanup-pr-assets.yml index d8ecdf816727..dc42b7e97024 100644 --- a/.github/workflows/cleanup-pr-assets.yml +++ b/.github/workflows/cleanup-pr-assets.yml @@ -21,7 +21,7 @@ jobs: github.event.pull_request.user.login != 'dependabot[bot]' steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true disable-sudo: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4180adc5f832..0cddd6c4dab1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,9 +44,9 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c + uses: github/codeql-action/init@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 with: languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c + uses: github/codeql-action/analyze@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 diff --git a/.github/workflows/deploy-storybook.yml b/.github/workflows/deploy-storybook.yml index 33824b5b509d..46dfb3b7dae3 100644 --- a/.github/workflows/deploy-storybook.yml +++ b/.github/workflows/deploy-storybook.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm diff --git a/.github/workflows/lint-css-js-md.yml b/.github/workflows/lint-css-js-md.yml index 2f701c78758b..cf971d153b46 100644 --- a/.github/workflows/lint-css-js-md.yml +++ b/.github/workflows/lint-css-js-md.yml @@ -61,7 +61,7 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-sudo: true disable-file-monitoring: true @@ -77,7 +77,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -88,7 +88,7 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/lint-i18n.yml b/.github/workflows/lint-i18n.yml index 673da392997d..860ff1c6483d 100644 --- a/.github/workflows/lint-i18n.yml +++ b/.github/workflows/lint-i18n.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -60,7 +60,7 @@ jobs: run: wp package install wp-cli/i18n-command:dev-main - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -84,7 +84,7 @@ jobs: composer-options: '--prefer-dist --no-progress --no-interaction' - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 4f0b8c1a3af0..6db02fb06360 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: timeout-minutes: 5 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: block diff --git a/.github/workflows/lint-plugin-check.yml b/.github/workflows/lint-plugin-check.yml index 5440a6cb9eb2..ee03c0419a1c 100644 --- a/.github/workflows/lint-plugin-check.yml +++ b/.github/workflows/lint-plugin-check.yml @@ -42,7 +42,7 @@ jobs: timeout-minutes: 10 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -50,7 +50,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -74,7 +74,7 @@ jobs: composer-options: '--prefer-dist --no-progress --no-interaction' - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 6730bdb4cf58..6714b5fe5383 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -37,7 +37,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -48,7 +48,7 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest @@ -102,7 +102,7 @@ jobs: needs: [dry-run] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -113,7 +113,7 @@ jobs: # See go/npm-publish - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -126,7 +126,7 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index e8d39ca975f1..a59a754f65fb 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -41,7 +41,7 @@ jobs: environment: Production steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -104,7 +104,7 @@ jobs: needs: [checks] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -222,7 +222,7 @@ jobs: echo "" > assets_version/assets_version.txt - name: Upload assets version - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: assets-version path: public/static/assets_version @@ -245,7 +245,7 @@ jobs: release_name: ${{ steps.release_branch.outputs.release_name }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} - name: Download assets version - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: assets-version continue-on-error: true @@ -269,7 +269,7 @@ jobs: continue-on-error: true - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -293,7 +293,7 @@ jobs: composer-options: '--prefer-dist --no-progress --no-interaction' - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest @@ -396,7 +396,7 @@ jobs: mv build/*.zip build/release-assets/ - name: Upload artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: release-assets path: build/release-assets @@ -408,7 +408,7 @@ jobs: needs: [build] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -416,14 +416,14 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Download release artifacts - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: release-assets path: build - name: Publish Release id: create_release - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 with: tag_name: ${{ env.TAG_NAME }} name: ${{ env.release_name }} @@ -444,7 +444,7 @@ jobs: if: ${{ ! startsWith(github.ref, 'refs/heads/release/') && ! contains(github.event.inputs.version, 'rc') }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -455,7 +455,7 @@ jobs: token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -466,7 +466,7 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest @@ -500,12 +500,12 @@ jobs: SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }} steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Download release artifacts - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: release-assets path: release-assets diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 53ea9c695fdb..634a883387dc 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -48,7 +48,7 @@ jobs: # Upload the results as artifacts (optional). - name: 'Upload artifact' - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: SARIF file path: results.sarif @@ -56,6 +56,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c + uses: github/codeql-action/upload-sarif@5cf07d8b700b67e235fbb65cbc84f69c0cf10464 with: sarif_file: results.sarif diff --git a/.github/workflows/tests-e2e.yml b/.github/workflows/tests-e2e.yml index e4e24b2d02f9..fb48d291966e 100644 --- a/.github/workflows/tests-e2e.yml +++ b/.github/workflows/tests-e2e.yml @@ -70,7 +70,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -78,7 +78,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -101,7 +101,7 @@ jobs: composer-options: '--prefer-dist --no-progress --no-interaction' - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest @@ -116,7 +116,7 @@ jobs: run: bun run workflow:build-plugin - name: Upload bundle - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: web-stories path: build/web-stories @@ -149,7 +149,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: audit @@ -168,7 +168,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Download bundle - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: web-stories @@ -177,7 +177,7 @@ jobs: run: sudo apt-get install libgbm1 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -229,7 +229,7 @@ jobs: ARTIFACT_NAME: failures-artifacts-${{ matrix.wp }}-${{ matrix.shard }} - name: Upload artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b if: always() with: name: ${{ env.ARTIFACT_NAME }} diff --git a/.github/workflows/tests-karma-dashboard.yml b/.github/workflows/tests-karma-dashboard.yml index 130c0fa0af68..7f5a6f80c5ef 100644 --- a/.github/workflows/tests-karma-dashboard.yml +++ b/.github/workflows/tests-karma-dashboard.yml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: block @@ -68,7 +68,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm diff --git a/.github/workflows/tests-karma-editor.yml b/.github/workflows/tests-karma-editor.yml index bb222c1b3957..9b1e68206b41 100644 --- a/.github/workflows/tests-karma-editor.yml +++ b/.github/workflows/tests-karma-editor.yml @@ -83,7 +83,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: block @@ -106,7 +106,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm diff --git a/.github/workflows/tests-unit-js.yml b/.github/workflows/tests-unit-js.yml index de9d9a74728d..5b44a43c3b61 100644 --- a/.github/workflows/tests-unit-js.yml +++ b/.github/workflows/tests-unit-js.yml @@ -51,7 +51,7 @@ jobs: shard: ['1/2', '2/2'] steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-sudo: true disable-file-monitoring: true @@ -70,7 +70,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm diff --git a/.github/workflows/tests-unit-php.yml b/.github/workflows/tests-unit-php.yml index 6a3df7d6be14..3d95484e8190 100644 --- a/.github/workflows/tests-unit-php.yml +++ b/.github/workflows/tests-unit-php.yml @@ -80,7 +80,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: disable-file-monitoring: true egress-policy: audit diff --git a/.github/workflows/update-browserslist.yml b/.github/workflows/update-browserslist.yml index 9a88a092ee77..174331a97775 100644 --- a/.github/workflows/update-browserslist.yml +++ b/.github/workflows/update-browserslist.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -32,7 +32,7 @@ jobs: token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm diff --git a/.github/workflows/update-google-fonts.yml b/.github/workflows/update-google-fonts.yml index 6bf16c51b36b..39d6f3c8e033 100644 --- a/.github/workflows/update-google-fonts.yml +++ b/.github/workflows/update-google-fonts.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -32,7 +32,7 @@ jobs: token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm @@ -43,7 +43,7 @@ jobs: PUPPETEER_SKIP_DOWNLOAD: true - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 + uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 with: bun-version: latest diff --git a/.github/workflows/update-product-schema.yml b/.github/workflows/update-product-schema.yml index dfd236e88fa9..9bd4223e9af1 100644 --- a/.github/workflows/update-product-schema.yml +++ b/.github/workflows/update-product-schema.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/update-templates.yml b/.github/workflows/update-templates.yml index 68e0e1729d90..133c7fe1976a 100644 --- a/.github/workflows/update-templates.yml +++ b/.github/workflows/update-templates.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -32,7 +32,7 @@ jobs: token: ${{ secrets.GOOGLEFORCREATORS_BOT_TOKEN }} - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version-file: '.nvmrc' cache: npm