diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 2281ec1cf..0ae84eb82 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -100,7 +100,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: result-${{ matrix.component }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` @@ -133,7 +133,7 @@ jobs: rm target/codspeed/oxc_benchmark/*.d - name: Upload Binary - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: if-no-files-found: error name: benchmark-linter @@ -168,7 +168,7 @@ jobs: chmod +x ./target/codspeed/oxc_benchmark/* - name: Install codspeed - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cargo-codspeed @@ -193,7 +193,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: result-linter${{ matrix.fixture }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` diff --git a/.github/workflows/cargo-llvm-lines.yml b/.github/workflows/cargo-llvm-lines.yml index 235ab6af1..032692969 100644 --- a/.github/workflows/cargo-llvm-lines.yml +++ b/.github/workflows/cargo-llvm-lines.yml @@ -20,7 +20,7 @@ jobs: - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 - name: Install cargo-llvm-lines - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cargo-llvm-lines diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98d164073..0a7010f5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,7 +55,7 @@ jobs: # Unsung heros of the internet, who led me here to speed up window's slowness: # https://github.com/actions/cache/issues/752#issuecomment-1847036770 # https://github.com/astral-sh/uv/blob/502e04200d52de30d3159894833b3db4f0d6644d/.github/workflows/ci.yml#L158 - - uses: samypr100/setup-dev-drive@d3f2420389ae9ea6e91dd178779e122c42352047 # v3 + - uses: samypr100/setup-dev-drive@c13db539c98b4353ff2bc78fb8f775b94336025b # v3 with: workspace-copy: true drive-size: 8GB @@ -77,7 +77,7 @@ jobs: rustup show git restore . - - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2 + - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2 with: workspaces: ${{ env.DEV_DRIVE_WORKSPACE }} save-if: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/ci_security.yml b/.github/workflows/ci_security.yml index 3965f894f..710375acf 100644 --- a/.github/workflows/ci_security.yml +++ b/.github/workflows/ci_security.yml @@ -25,7 +25,7 @@ jobs: with: persist-credentials: false - - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + - uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: zizmor @@ -35,7 +35,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 70578bfbd..1092d7e31 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -40,7 +40,7 @@ jobs: run: cargo codecov --lcov --output-path lcov.info - name: Upload Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: codecov path: lcov.info @@ -66,7 +66,7 @@ jobs: - name: Upload to codecov.io if: env.CODECOV_TOKEN - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index fd12a133c..cbf5fde3f 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -29,7 +29,7 @@ jobs: uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check Links - uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0 + uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 # v2.2.0 with: # For parameter description, see https://github.com/lycheeverse/lychee#commandline-parameters # Accept 429 for now due to GitHub rate limit. diff --git a/.github/workflows/release_napi_parser.yml b/.github/workflows/release_napi_parser.yml index e6b2912f3..81088bb19 100644 --- a/.github/workflows/release_napi_parser.yml +++ b/.github/workflows/release_napi_parser.yml @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/parser/parser.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} diff --git a/.github/workflows/release_napi_transform.yml b/.github/workflows/release_napi_transform.yml index 9622f789f..5700e873b 100644 --- a/.github/workflows/release_napi_transform.yml +++ b/.github/workflows/release_napi_transform.yml @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/transform/transform.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} diff --git a/.github/workflows/release_oxlint.yml b/.github/workflows/release_oxlint.yml index 3d77bb081..f4a6bf1cb 100644 --- a/.github/workflows/release_oxlint.yml +++ b/.github/workflows/release_oxlint.yml @@ -86,12 +86,12 @@ jobs: - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Install cross - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cross - name: Rust Cache - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: shared-key: release-${{ matrix.target }} @@ -135,7 +135,7 @@ jobs: tar czf $OXLS_BIN_NAME.tar.gz $OXLS_BIN_NAME - name: Upload Binary - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -204,7 +204,7 @@ jobs: done - name: Create GitHub Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 with: body: ${{ steps.run.outputs.CHANGELOG }} draft: false diff --git a/.github/workflows/release_vscode.yml b/.github/workflows/release_vscode.yml index 3b9894cf3..36ab6ccf5 100644 --- a/.github/workflows/release_vscode.yml +++ b/.github/workflows/release_vscode.yml @@ -81,12 +81,12 @@ jobs: run: pnpm run compile - name: Install cross - uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 + uses: taiki-e/install-action@df5dec2a2f73ff6dbace3072df1242669b7bb7d1 # v2.47.9 with: tool: cross - name: Rust Cache - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 + uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 with: shared-key: release-${{ matrix.target }} @@ -117,7 +117,7 @@ jobs: pnpm exec vsce package -o "../../oxc_language_server-${{ matrix.code-target }}.vsix" --target ${{ matrix.code-target }} - name: Upload VSCode extension artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 with: name: packages-${{ matrix.code-target }} path: ./oxc_language_server-${{ matrix.code-target }}.vsix diff --git a/.github/workflows/reusable_prepare_release.yml b/.github/workflows/reusable_prepare_release.yml index dbe89727c..d33ce3924 100644 --- a/.github/workflows/reusable_prepare_release.yml +++ b/.github/workflows/reusable_prepare_release.yml @@ -51,7 +51,7 @@ jobs: # update `Cargo.lock` - run: cargo check - - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7 + - uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7 id: pr with: # bot account with PAT required for triggering workflow runs