From 5b7579df6818fe54883c87054a029bb90f13d94d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 06:34:44 +0000 Subject: [PATCH] chore(deps): bump the github-actions group with 9 updates Bumps the github-actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4` | `5` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.4.0` | `2.8.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.28.0` | `0.36.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-dotnet` from 4 to 5 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/v4...v5) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) Updates `lycheeverse/lychee-action` from 2.4.0 to 2.8.0 - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](https://github.com/lycheeverse/lychee-action/compare/v2.4.0...v2.8.0) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `aquasecurity/trivy-action` from 0.28.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.28.0...v0.36.0) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-dotnet dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: lycheeverse/lychee-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 36 ++++++++++++++++++------------------ .github/workflows/codeql.yml | 8 ++++---- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a1ab6cb..c9c439c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install actionlint v1.7.7 run: | @@ -69,11 +69,11 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 - - uses: actions/setup-dotnet@v4 + - uses: actions/setup-dotnet@v5 with: global-json-file: global.json @@ -81,7 +81,7 @@ jobs: run: dotnet --version - name: Cache NuGet packages - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.nuget/packages key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props', 'global.json', 'nuget.config') }} @@ -110,7 +110,7 @@ jobs: - name: Upload test results and coverage if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dotnet-test-results path: TestResults/ @@ -137,11 +137,11 @@ jobs: run: working-directory: frontend steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version-file: frontend/.nvmrc cache: npm @@ -154,7 +154,7 @@ jobs: run: npm ci - name: ESLint cache - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: frontend/.eslintcache key: ${{ runner.os }}-eslint-${{ hashFiles('frontend/eslint.config.mjs', 'frontend/package-lock.json', 'frontend/tsconfig.json', 'frontend/tsconfig.app.json', 'frontend/tsconfig.node.json') }} @@ -177,11 +177,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version-file: frontend/.nvmrc @@ -191,7 +191,7 @@ jobs: - name: Проверка ссылок в Markdown (lychee) env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: lycheeverse/lychee-action@v2.4.0 + uses: lycheeverse/lychee-action@v2.8.0 with: args: --verbose --no-progress --exclude-mail --max-concurrency 6 --accept 200,206,429 --exclude '^https?://(127\.0\.0\.1|localhost)' README.md CONTRIBUTING.md SECURITY.md docs @@ -209,11 +209,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 1 - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@v4 - name: Validate Compose files run: | @@ -244,7 +244,7 @@ jobs: run: docker compose -f docker-compose.smoke.yml down -v --remove-orphans || true - name: Trivy — order-tracking-api:local - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: order-tracking-api:local scan-type: image @@ -253,7 +253,7 @@ jobs: format: table - name: Trivy — order-tracking-worker:local - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: order-tracking-worker:local scan-type: image @@ -262,7 +262,7 @@ jobs: format: table - name: Trivy — order-tracking-frontend:local - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: order-tracking-frontend:local scan-type: image @@ -271,7 +271,7 @@ jobs: format: table - name: Trivy — gate CRITICAL (образ api; job падает при CRITICAL CVE) - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: order-tracking-api:local scan-type: image @@ -297,7 +297,7 @@ jobs: contents: read pull-requests: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a52444c..21ca138 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,14 +28,14 @@ jobs: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: github/codeql-action/init@v3 + - uses: github/codeql-action/init@v4 with: languages: csharp queries: security-and-quality - - uses: actions/setup-dotnet@v4 + - uses: actions/setup-dotnet@v5 with: global-json-file: global.json @@ -46,7 +46,7 @@ jobs: dotnet restore OrderTracking.sln dotnet build OrderTracking.sln -c Release --no-restore /p:SkipNSwag=true - - uses: github/codeql-action/analyze@v3 + - uses: github/codeql-action/analyze@v4 - name: Job summary if: always()