diff --git a/.github/workflows/cache_cleaner.yml b/.github/workflows/cache_cleaner.yml index 57b92a62..41f8b426 100644 --- a/.github/workflows/cache_cleaner.yml +++ b/.github/workflows/cache_cleaner.yml @@ -15,7 +15,7 @@ jobs: actions: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/first_pull_request.yml b/.github/workflows/first_pull_request.yml index b339a390..f3e27970 100644 --- a/.github/workflows/first_pull_request.yml +++ b/.github/workflows/first_pull_request.yml @@ -16,11 +16,11 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit - - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | // Get a list of all issues created by the PR opener diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 28d6b1a6..f245b1d2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: block @@ -37,7 +37,7 @@ jobs: with: persist-credentials: false - name: Set up Python${{ matrix.python-version }} - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x" cache: pip @@ -64,7 +64,7 @@ jobs: python-version: [ "3.10", "3.11", "3.12", "3.13" ] steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -73,7 +73,7 @@ jobs: with: persist-credentials: false - name: Set up Python${{ matrix.python-version }} - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -111,7 +111,7 @@ jobs: shell: bash -l {0} steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -120,7 +120,7 @@ jobs: with: persist-credentials: false - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }} - uses: mamba-org/setup-micromamba@b09ef9b599704322748535812ca03efb2625677b # v2.0.5 + uses: mamba-org/setup-micromamba@7f29b8b80078b1b601dfa018b0f7425c587c63bb # v2.0.6 with: cache-downloads: true cache-environment: true @@ -159,7 +159,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index b3fd9f77..f9bb22cc 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -17,7 +17,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -26,7 +26,7 @@ jobs: with: persist-credentials: false - name: Create Release - uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2 + uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3 env: # This token is provided by Actions, you do not need to create your own token GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-pypi-production.yml b/.github/workflows/publish-pypi-production.yml index a8bf74fb..320dbc77 100644 --- a/.github/workflows/publish-pypi-production.yml +++ b/.github/workflows/publish-pypi-production.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -27,7 +27,7 @@ jobs: with: persist-credentials: false - name: Set up Python3.x - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x" - name: Install CI libraries @@ -37,4 +37,4 @@ jobs: run: | python -m flit build - name: Publish distribution 📦 to PyPI - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 diff --git a/.github/workflows/tag-testpypi-staging.yml b/.github/workflows/tag-testpypi-staging.yml index 990af4de..b992ffe2 100644 --- a/.github/workflows/tag-testpypi-staging.yml +++ b/.github/workflows/tag-testpypi-staging.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -27,7 +27,7 @@ jobs: with: persist-credentials: false - name: Set up Python3.x - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.x" - name: Install CI libraries @@ -37,7 +37,7 @@ jobs: run: | python -m flit build - name: Publish distribution 📦 to Test PyPI - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 with: repository-url: https://test.pypi.org/legacy/ skip-existing: true diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index 086ecdab..c22a8791 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -39,7 +39,7 @@ jobs: shell: bash -l {0} steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: disable-sudo: true egress-policy: audit @@ -49,7 +49,7 @@ jobs: fetch-depth: 0 # Fetch all history for all branches and tags. persist-credentials: false - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }} - uses: mamba-org/setup-micromamba@b09ef9b599704322748535812ca03efb2625677b # v2.0.5 + uses: mamba-org/setup-micromamba@7f29b8b80078b1b601dfa018b0f7425c587c63bb # v2.0.6 with: cache-downloads: true cache-environment: true