diff --git a/.github/workflows/dotnet-build-test-lint.yml b/.github/workflows/dotnet-build-test-lint.yml index ef862c13e..63f97922b 100644 --- a/.github/workflows/dotnet-build-test-lint.yml +++ b/.github/workflows/dotnet-build-test-lint.yml @@ -43,7 +43,7 @@ jobs: - name: Test run: dotnet test Microsoft.TeamsAI.Tests/Microsoft.Teams.AI.Tests.csproj --no-restore --verbosity normal --logger trx --results-directory ./TestResults --collect:"XPlat Code Coverage" --configuration Release - name: Coverage - uses: danielpalme/ReportGenerator-GitHub-Action@873ee34c88a6234bdab7fd264d3666fd1ab417f7 # 5.1.26 + uses: danielpalme/ReportGenerator-GitHub-Action@4d510cbed8a05af5aefea46c7fd6e05b95844c89 # 5.2.0 with: reports: ${{ env.SOLUTION_DIR }}TestResults/*/coverage.cobertura.xml targetdir: ${{ env.SOLUTION_DIR }}TestResults/coverage @@ -55,6 +55,6 @@ jobs: name: testresults-dotnet-${{ matrix.dotnet-version }} path: ${{ env.SOLUTION_DIR }}TestResults - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit diff --git a/.github/workflows/dotnet-codeql.yml b/.github/workflows/dotnet-codeql.yml index 2becccd0a..373c967b0 100644 --- a/.github/workflows/dotnet-codeql.yml +++ b/.github/workflows/dotnet-codeql.yml @@ -39,7 +39,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Initialize CodeQL - uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: languages: csharp - name: Setup .NET @@ -50,6 +50,6 @@ jobs: working-directory: dotnet/packages/Microsoft.TeamsAI/ run: dotnet build Microsoft.Teams.AI.sln --configuration Release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: category: "/language:csharp" diff --git a/.github/workflows/js-build-test-lint.yml b/.github/workflows/js-build-test-lint.yml index 84dd7f0ee..b8125e556 100644 --- a/.github/workflows/js-build-test-lint.yml +++ b/.github/workflows/js-build-test-lint.yml @@ -42,6 +42,6 @@ jobs: - name: Lint run: yarn lint - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 + uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 with: egress-policy: audit diff --git a/.github/workflows/js-codeql.yml b/.github/workflows/js-codeql.yml index fb27f2a16..217b74aaf 100644 --- a/.github/workflows/js-codeql.yml +++ b/.github/workflows/js-codeql.yml @@ -38,10 +38,10 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Initialize CodeQL - uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: languages: javascript - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: category: "/language:javascript" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 212fd4f74..edcadffbd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -66,6 +66,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: sarif_file: results.sarif