diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 841500f7..70a7e179 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: disable-sudo: true egress-policy: block @@ -43,11 +43,11 @@ jobs: uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support languages: java @@ -65,6 +65,6 @@ jobs: (cd function-maven-plugin && mvn install) - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: category: ${{ matrix.working-directory }} diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index 091a77a4..25daf54b 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -19,7 +19,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: disable-sudo: true egress-policy: block @@ -32,16 +32,16 @@ jobs: repo.maven.apache.org:443 storage.googleapis.com:443 - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: ${{ matrix.java }} distribution: temurin - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: '1.26' diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 2c88f621..923c31e9 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -13,16 +13,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: disable-sudo: true egress-policy: block allowed-endpoints: > github.com:443 repo.maven.apache.org:443 - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: 17.x distribution: temurin @@ -38,13 +38,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # v2 minimum required + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # v2 minimum required - name: Set up JDK - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: 21.x distribution: temurin diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ba1d718d..2e5bd84e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: disable-sudo: true egress-policy: block @@ -45,7 +45,7 @@ jobs: *.github.com:443 - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index fd3ffc97..8c103ec6 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -18,7 +18,7 @@ jobs: ] steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: disable-sudo: true egress-policy: block @@ -27,9 +27,9 @@ jobs: repo.maven.apache.org:443 api.adoptium.net:443 *.githubusercontent.com:443 - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: ${{ matrix.java }} distribution: temurin diff --git a/function-maven-plugin/pom.xml b/function-maven-plugin/pom.xml index 6dca952c..0c65d262 100644 --- a/function-maven-plugin/pom.xml +++ b/function-maven-plugin/pom.xml @@ -56,13 +56,13 @@ org.apache.maven maven-plugin-api - 3.9.14 + 3.9.16 provided org.apache.maven maven-core - 3.9.14 + 3.9.16 provided @@ -164,7 +164,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.10.0 + 0.11.0 true sonatype-central-portal diff --git a/functions-framework-api/pom.xml b/functions-framework-api/pom.xml index 250d5c2b..ae46a8bd 100644 --- a/functions-framework-api/pom.xml +++ b/functions-framework-api/pom.xml @@ -70,7 +70,7 @@ io.cloudevents cloudevents-api - 4.0.2 + 4.1.1 @@ -197,7 +197,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.10.0 + 0.11.0 true sonatype-central-portal diff --git a/invoker/conformance/pom.xml b/invoker/conformance/pom.xml index 331f08d1..ee33e41b 100644 --- a/invoker/conformance/pom.xml +++ b/invoker/conformance/pom.xml @@ -28,22 +28,22 @@ com.google.cloud.functions functions-framework-api - 2.0.0 + 2.0.1 com.google.code.gson gson - 2.13.2 + 2.14.0 io.cloudevents cloudevents-core - 4.0.1 + 4.1.1 io.cloudevents cloudevents-json-jackson - 4.0.1 + 4.1.1 @@ -53,7 +53,7 @@ com.google.cloud.functions function-maven-plugin - 1.0.0 + 1.0.1 diff --git a/invoker/core/pom.xml b/invoker/core/pom.xml index cd8984ba..31872f88 100644 --- a/invoker/core/pom.xml +++ b/invoker/core/pom.xml @@ -23,8 +23,8 @@ 5.3.2 17 17 - 4.0.1 - 12.1.8 + 4.1.1 + 12.1.10 @@ -46,7 +46,7 @@ com.google.cloud.functions functions-framework-api - 2.0.0 + 2.0.1 io.cloudevents @@ -66,7 +66,7 @@ com.google.code.gson gson - 2.13.2 + 2.14.0 com.ryanharter.auto.value @@ -100,7 +100,7 @@ org.slf4j slf4j-jdk14 - 2.0.17 + 2.0.18 com.beust diff --git a/invoker/pom.xml b/invoker/pom.xml index 33cf5383..87d37acc 100644 --- a/invoker/pom.xml +++ b/invoker/pom.xml @@ -130,7 +130,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.10.0 + 0.11.0 true sonatype-central-portal diff --git a/invoker/testfunction/pom.xml b/invoker/testfunction/pom.xml index 541eb9a8..b7184232 100644 --- a/invoker/testfunction/pom.xml +++ b/invoker/testfunction/pom.xml @@ -20,7 +20,7 @@ com.google.cloud.functions functions-framework-api - 2.0.0 + 2.0.1