diff --git a/.github/workflows/acceptance-public.yml b/.github/workflows/acceptance-public.yml index 6707af9fd9..43942ce2b4 100644 --- a/.github/workflows/acceptance-public.yml +++ b/.github/workflows/acceptance-public.yml @@ -40,7 +40,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -51,7 +51,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 with: check_name: Test Results json_thousands_separator: ',' diff --git a/.github/workflows/acceptance-workflow.yml b/.github/workflows/acceptance-workflow.yml index 380f481cec..34bbf4a00d 100644 --- a/.github/workflows/acceptance-workflow.yml +++ b/.github/workflows/acceptance-workflow.yml @@ -51,7 +51,7 @@ jobs: echo "OPERATOR_ID_MAIN=${{ inputs.operator_id }}" >> $GITHUB_ENV fi - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -127,7 +127,7 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 if: ${{ !cancelled() }} with: check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/acceptance.yml b/.github/workflows/acceptance.yml index 8d183a733d..a95f1b31b0 100644 --- a/.github/workflows/acceptance.yml +++ b/.github/workflows/acceptance.yml @@ -52,7 +52,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -63,7 +63,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 with: check_name: '' # Set to empty to disable check run json_thousands_separator: ',' diff --git a/.github/workflows/charts.yml b/.github/workflows/charts.yml index 5512755720..b69ed5c1bb 100644 --- a/.github/workflows/charts.yml +++ b/.github/workflows/charts.yml @@ -19,7 +19,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -44,7 +44,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/conformity-workflow.yml b/.github/workflows/conformity-workflow.yml index 049d0c7cba..151d37213b 100644 --- a/.github/workflows/conformity-workflow.yml +++ b/.github/workflows/conformity-workflow.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/dapp.yml b/.github/workflows/dapp.yml index 0270655bda..0f5662ef22 100644 --- a/.github/workflows/dapp.yml +++ b/.github/workflows/dapp.yml @@ -23,7 +23,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -67,7 +67,7 @@ jobs: - name: Dump relay logs if: ${{ always() && !cancelled() }} - uses: step-security/gh-docker-logs@fabd93e8cf0be430ca117408e07af71b2993caac # v2.2.5 + uses: step-security/gh-docker-logs@2ffe2e0e1da43c5db68902dd900c47cdba10bfe6 # v2.2.6 with: dest: './logs' diff --git a/.github/workflows/dev-tool-workflow.yml b/.github/workflows/dev-tool-workflow.yml index 7e23935898..91f6ed05bc 100644 --- a/.github/workflows/dev-tool-workflow.yml +++ b/.github/workflows/dev-tool-workflow.yml @@ -21,7 +21,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/flow-pr-title-check.yml b/.github/workflows/flow-pr-title-check.yml index fb486bafee..29ad609ae8 100644 --- a/.github/workflows/flow-pr-title-check.yml +++ b/.github/workflows/flow-pr-title-check.yml @@ -44,11 +44,11 @@ jobs: statuses: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - name: Check PR Title - uses: step-security/conventional-pr-title-action@d47e8818876fa91d2010b65c4d699bb5f0d34d56 # v3.2.3 + uses: step-security/conventional-pr-title-action@e2a9b8d87a4b25077f0696ec3e2b4dd5a3f43734 # v3.2.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/foundry.yml b/.github/workflows/foundry.yml index cba3aa355a..5ba7e576ad 100644 --- a/.github/workflows/foundry.yml +++ b/.github/workflows/foundry.yml @@ -17,7 +17,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -26,7 +26,7 @@ jobs: submodules: recursive - name: Install Foundry - uses: step-security/foundry-toolchain@ced99da5c56c695ce707ab2715ca678d6e8a7038 # v1.4.0 + uses: step-security/foundry-toolchain@0f33b42dd54256dc78d44981318d1a5c5f1c4958 # v1.4.1 with: version: nightly diff --git a/.github/workflows/gh-pages-sync.yaml b/.github/workflows/gh-pages-sync.yaml index 123e898ef6..64e0082636 100644 --- a/.github/workflows/gh-pages-sync.yaml +++ b/.github/workflows/gh-pages-sync.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -34,7 +34,7 @@ jobs: - name: Import GPG Key id: gpg_importer - uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0 + uses: step-security/ghaction-import-gpg@69c854a83c7f79463f8bdf46772ab09826c560cd # v6.3.1 with: git_commit_gpgsign: true git_committer_email: ${{ vars.GIT_USER_EMAIL }} diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml index a559d8a096..d2ddd937ae 100644 --- a/.github/workflows/image-build.yml +++ b/.github/workflows/image-build.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/manual-testing.yml b/.github/workflows/manual-testing.yml index daf9207bde..dd30a1b420 100644 --- a/.github/workflows/manual-testing.yml +++ b/.github/workflows/manual-testing.yml @@ -195,7 +195,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -206,7 +206,7 @@ jobs: merge-multiple: true - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 with: # check_name: Acceptance Tests check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/openrpc-updater.yml b/.github/workflows/openrpc-updater.yml index 30abbb2ca4..91e4a16841 100644 --- a/.github/workflows/openrpc-updater.yml +++ b/.github/workflows/openrpc-updater.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -58,7 +58,7 @@ jobs: needs: clone-and-build-execution-apis steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/postman.yml b/.github/workflows/postman.yml index 68b596d7e0..baa4ad1bdf 100644 --- a/.github/workflows/postman.yml +++ b/.github/workflows/postman.yml @@ -23,7 +23,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/pr-label-milestone-check.yml b/.github/workflows/pr-label-milestone-check.yml index 397c1310a0..3d68ca3c39 100644 --- a/.github/workflows/pr-label-milestone-check.yml +++ b/.github/workflows/pr-label-milestone-check.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/release-acceptance.yml b/.github/workflows/release-acceptance.yml index d6d54a200f..e4b7fdbc02 100644 --- a/.github/workflows/release-acceptance.yml +++ b/.github/workflows/release-acceptance.yml @@ -24,7 +24,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -91,7 +91,7 @@ jobs: path: test-*.xml - name: Publish Test Report - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 if: ${{ !cancelled() }} with: check_name: '' # Set to empty to disable check run diff --git a/.github/workflows/release-automation.yml b/.github/workflows/release-automation.yml index 19c0951291..5f27e1e584 100644 --- a/.github/workflows/release-automation.yml +++ b/.github/workflows/release-automation.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - name: Parse Version id: version_parser - uses: step-security/semver-utils@b6c771610a344202ca367c085698ff554fe8f124 # v4.3.1 + uses: step-security/semver-utils@4ae9c1fd6d1c5f8f152fe7e2efe8069a952c2ace # v4.3.2 with: lenient: false version: ${{ github.event.inputs.version }} @@ -59,7 +59,7 @@ jobs: - name: Import GPG Key id: gpg_importer - uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0 + uses: step-security/ghaction-import-gpg@69c854a83c7f79463f8bdf46772ab09826c560cd # v6.3.1 with: git_commit_gpgsign: true git_committer_email: ${{ vars.GIT_USER_EMAIL }} @@ -105,7 +105,7 @@ jobs: - name: Close the Milestone if: ${{ steps.version_parser.outputs.prerelease == '' }} id: milestone - uses: step-security/close-milestone@fcc24c91b3886d0febeb22fc919b9b0a47bd6187 # v2.2.0 + uses: step-security/close-milestone@b097272a7aaa0f5c40dc6bc671d45d35c5e85b51 # v2.2.1 with: milestone_name: ${{ steps.version_parser.outputs.release }} env: @@ -113,7 +113,7 @@ jobs: - name: Create Release Notes if: ${{ steps.milestone.outputs.milestone_id != '' }} - uses: step-security/release-notes-generator-action@1142226ab217ce65957748bffea7cdfbd6d43e99 # v3.1.8 + uses: step-security/release-notes-generator-action@192a9376ac53e5d2537e9398dbfde46b91866986 # v3.1.9 env: FILENAME: ${{ env.RELEASE_NOTES_FILENAME }} GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} @@ -130,7 +130,7 @@ jobs: tagging_message: ${{ env.RELEASE_TAG }} - name: Create Github Release - uses: ncipollo/release-action@bcfe5470707e8832e12347755757cec0eb3c22af # v1.18.0 + uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: bodyFile: ${{ env.RELEASE_NOTES_FILENAME }}.md commit: ${{ env.RELEASE_BRANCH }} @@ -153,7 +153,7 @@ jobs: MILE_STONE: ${{ needs.branch_bump_tag.outputs.milestone }} steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -166,7 +166,7 @@ jobs: - name: Import GPG Key id: gpg_importer - uses: step-security/ghaction-import-gpg@c86c374c0659a6c2d1284bccf8af889e73ce8fe0 # v6.3.0 + uses: step-security/ghaction-import-gpg@69c854a83c7f79463f8bdf46772ab09826c560cd # v6.3.1 with: git_commit_gpgsign: true git_tag_gpgsign: true diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index d22caddaad..bd33478876 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/release-production.yml b/.github/workflows/release-production.yml index 0bd0943366..991d06720a 100644 --- a/.github/workflows/release-production.yml +++ b/.github/workflows/release-production.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -29,7 +29,7 @@ jobs: run: echo "TAG=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV - name: Login to GitHub Container Registry - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -61,7 +61,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -98,7 +98,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/subgraph.yml b/.github/workflows/subgraph.yml index 488fff0dc2..cdfb3d1527 100644 --- a/.github/workflows/subgraph.yml +++ b/.github/workflows/subgraph.yml @@ -24,7 +24,7 @@ jobs: working-directory: ./tools/subgraph-example/ steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 97bb6f4997..0261f23495 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,7 @@ jobs: runs-on: hiero-smart-contracts-linux-medium steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit @@ -64,7 +64,7 @@ jobs: - name: Publish Test Report if: ${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name && github.actor != 'dependabot[bot]' && github.actor != 'swirlds-automation' && !cancelled() && !failure() }} - uses: step-security/publish-unit-test-result-action@43e0c963eea0ace6eca353cb1d814d857fee5c53 # v2.20.2 + uses: step-security/publish-unit-test-result-action@5d195d4dec0b9fa7b51a3dbc4298362a021247c7 # v2.20.4 with: # check_name: Tests check_name: '' # Set to empty to disable check run