From 3809994181c34c374169e38e800617b772d64723 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 21:44:29 +0000 Subject: [PATCH] chore(deps): update all digest updates --- .github/workflows/ci.yml | 2 +- .github/workflows/ossf.yml | 2 +- .github/workflows/scans.yml | 34 +++++++++++++++++----------------- Dockerfile | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bbbf8f3..4945dbc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 + - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 - id: setup-python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 diff --git a/.github/workflows/ossf.yml b/.github/workflows/ossf.yml index a9811e6..c14085a 100644 --- a/.github/workflows/ossf.yml +++ b/.github/workflows/ossf.yml @@ -41,6 +41,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: results.sarif diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml index 76eff14..3877f6a 100644 --- a/.github/workflows/scans.yml +++ b/.github/workflows/scans.yml @@ -25,12 +25,12 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: bridgecrewio/checkov-action@f9b0a2206b0401cad02ac0a66be2a7934a5be838 # master + - uses: bridgecrewio/checkov-action@2fd3901c8feb52417f27f0d9800259a106c1ec1e # master with: soft_fail: ${{ github.event_name != 'pull_request' }} - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: results.sarif @@ -65,7 +65,7 @@ jobs: db-file: matcher.db - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: clair_results.sarif @@ -80,7 +80,7 @@ jobs: - uses: microsoft/DevSkim-Action@4b5047945a44163b94642a1cecc0d93a3f428cc6 # v1 - - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: devskim-results.sarif @@ -111,7 +111,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: results.sarif @@ -125,7 +125,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - id: grype - uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7 + uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7 with: path: . fail-build: ${{ github.event_name == 'pull_request' }} @@ -133,7 +133,7 @@ jobs: only-fixed: true - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: ${{ steps.grype.outputs.sarif }} @@ -155,7 +155,7 @@ jobs: load: true - id: grype - uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7 + uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7 with: image: ${{ env.IMAGE_ID }} fail-build: ${{ github.event_name == 'pull_request' }} @@ -165,7 +165,7 @@ jobs: IMAGE_ID: ${{ steps.build.outputs.imageid }} - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: ${{ steps.grype.outputs.sarif }} @@ -192,7 +192,7 @@ jobs: bom: true - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: results.sarif @@ -226,7 +226,7 @@ jobs: path: megalinter-reports - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: megalinter-reports/megalinter-report.sarif ref: ${{ github.head_ref && format('refs/heads/{0}', github.head_ref) || github.ref }} @@ -258,7 +258,7 @@ jobs: - uses: microsoft/security-devops-action@08976cb623803b1b36d7112d4ff9f59eae704de0 # v1 id: msdo - - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: ${{ steps.msdo.outputs.sarifFile }} @@ -292,13 +292,13 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0 + - uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0 with: output-file: "${{ github.event.repository.name }}-sbom.spdx.json" dependency-snapshot: true - id: grype - uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7 + uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7 with: sbom: "${{ github.event.repository.name }}-sbom.spdx.json" fail-build: ${{ github.event_name == 'pull_request' }} @@ -306,7 +306,7 @@ jobs: only-fixed: true - if: ${{ success() || failure() }} - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: ${{ steps.grype.outputs.sarif }} @@ -337,7 +337,7 @@ jobs: scanners: vuln,secret,misconfig skip-setup-trivy: true - - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: trivy-results.sarif @@ -376,7 +376,7 @@ jobs: severity: HIGH,CRITICAL skip-setup-trivy: true - - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4 + - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 with: sarif_file: trivy-results.sarif diff --git a/Dockerfile b/Dockerfile index 1c8a216..45746fb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM ghcr.io/astral-sh/uv:0.10.10@sha256:cbe0a44ba994e327b8fe7ed72beef1aaa7d2c4c ## # base ## -FROM debian:stable-slim@sha256:85dfcffff3c1e193877f143d05eaba8ae7f3f95cb0a32e0bc04a448077e1ac69 AS base +FROM debian:stable-slim@sha256:99fc6d2a0882fcbcdc452948d2d54eab91faafc7db037df82425edcdcf950e1f AS base # set up user ARG USER=user