diff --git a/.github/actions/build-suews/action.yml b/.github/actions/build-suews/action.yml index 7c21085e8..93125169f 100644 --- a/.github/actions/build-suews/action.yml +++ b/.github/actions/build-suews/action.yml @@ -97,7 +97,7 @@ runs: git diff pyproject.toml || true - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: 3.12 @@ -120,7 +120,7 @@ runs: run: mkdir -p .cargo-cache .rust-target-cache - name: Cache Rust/Cargo dependencies - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | .cargo-cache @@ -244,7 +244,7 @@ runs: MACOSX_DEPLOYMENT_TARGET: '15.0' - name: Upload wheels - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: ${{ inputs.python }}-${{ inputs.buildplat_name }}-${{ inputs.buildplat_arch }}${{ inputs.wheel_name_suffix }} path: ./wheelhouse/*.whl diff --git a/.github/workflows/build-publish_to_pypi.yml b/.github/workflows/build-publish_to_pypi.yml index bbf3a6130..06afefe39 100644 --- a/.github/workflows/build-publish_to_pypi.yml +++ b/.github/workflows/build-publish_to_pypi.yml @@ -131,7 +131,7 @@ jobs: outputs: on-master: ${{ steps.check.outputs.on-master }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 persist-credentials: false @@ -153,7 +153,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 persist-credentials: false @@ -207,7 +207,7 @@ jobs: site-files: ${{ steps.filter.outputs.site_files }} pyproject-files: ${{ steps.filter.outputs.pyproject_files }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false @@ -296,7 +296,7 @@ jobs: umep_python: ${{ steps.set-matrix.outputs.umep_python }} test_tier: ${{ steps.set-matrix.outputs.test_tier }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts sparse-checkout-cone-mode: false @@ -339,7 +339,7 @@ jobs: pull-requests: write issues: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts sparse-checkout-cone-mode: false @@ -423,7 +423,7 @@ jobs: if: always() && (github.event_name == 'pull_request' || github.event_name == 'merge_group') needs: [build_wheels, build_umep, detect-changes] steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: sparse-checkout: .github/scripts sparse-checkout-cone-mode: false @@ -463,7 +463,7 @@ jobs: steps: - name: Download all wheels for TestPyPI - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: dist/ merge-multiple: true @@ -500,7 +500,7 @@ jobs: steps: - name: Download all wheels (standard + QGIS3 UMEP) - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: dist/ merge-multiple: true @@ -522,7 +522,7 @@ jobs: contents: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/build-wheels-reusable.yml b/.github/workflows/build-wheels-reusable.yml index ac53af4f4..8d4079607 100644 --- a/.github/workflows/build-wheels-reusable.yml +++ b/.github/workflows/build-wheels-reusable.yml @@ -50,7 +50,7 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 submodules: recursive diff --git a/.github/workflows/cibuildwheel-debug.yml b/.github/workflows/cibuildwheel-debug.yml index 3276dadc4..7c8498555 100644 --- a/.github/workflows/cibuildwheel-debug.yml +++ b/.github/workflows/cibuildwheel-debug.yml @@ -179,13 +179,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 persist-credentials: false - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: 3.12 @@ -450,7 +450,7 @@ jobs: - name: Upload debug artifacts if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: debug-${{ inputs.python_version || 'cp311' }}-${{ inputs.platform_arch || 'macos-latest-arm64' }}-${{ github.run_number }} path: debug-artifacts/ @@ -458,7 +458,7 @@ jobs: - name: Upload built wheels if: steps.build.outcome == 'success' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: wheel-${{ inputs.python_version || 'cp311' }}-${{ inputs.platform_arch || 'macos-latest-arm64' }} path: ./wheelhouse/*.whl diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml index 086e4f017..dff1a9f1e 100644 --- a/.github/workflows/claude-code-review.yml +++ b/.github/workflows/claude-code-review.yml @@ -80,7 +80,7 @@ jobs: - name: Checkout repository if: steps.skip-check.outputs.skip != 'true' && steps.auth-check.outputs.authorized == 'true' - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 ref: refs/pull/${{ inputs.pr_number }}/merge diff --git a/.github/workflows/claude-dispatch.yml b/.github/workflows/claude-dispatch.yml index a0e18f525..f9191fff1 100644 --- a/.github/workflows/claude-dispatch.yml +++ b/.github/workflows/claude-dispatch.yml @@ -19,7 +19,7 @@ jobs: id-token: write steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 6d64d268f..b21d5e049 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -70,7 +70,7 @@ jobs: - name: Checkout repository if: steps.auth-check.outputs.authorized == 'true' - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index e71aedf0e..0cec8623b 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -22,11 +22,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.13' diff --git a/.github/workflows/docs-sync.yml b/.github/workflows/docs-sync.yml index 1cb1861a6..9cfed5665 100644 --- a/.github/workflows/docs-sync.yml +++ b/.github/workflows/docs-sync.yml @@ -39,7 +39,7 @@ jobs: # ------------------------------------------------------------------ # 1. Checkout full history (needed for merge + change detection) # ------------------------------------------------------------------ - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 fetch-tags: true @@ -201,7 +201,7 @@ jobs: - name: Set up Python if: steps.detect.outputs.docs_changed == 'true' - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: "3.13" diff --git a/.github/workflows/pages-deploy.yml b/.github/workflows/pages-deploy.yml index 169c7233d..95fbec9a4 100644 --- a/.github/workflows/pages-deploy.yml +++ b/.github/workflows/pages-deploy.yml @@ -52,13 +52,13 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 # Required for sphinx-last-updated-by-git persist-credentials: false - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.13' @@ -157,15 +157,15 @@ jobs: echo "is_fork=false" >> $GITHUB_OUTPUT fi - - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 + - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6 if: steps.fork-check.outputs.is_fork != 'true' - - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3 + - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 if: steps.fork-check.outputs.is_fork != 'true' with: path: _site - - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 + - uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5 if: steps.fork-check.outputs.is_fork != 'true' id: deployment diff --git a/.github/workflows/test-detect-changes.yml b/.github/workflows/test-detect-changes.yml index 81bd97b32..0213dc7e2 100644 --- a/.github/workflows/test-detect-changes.yml +++ b/.github/workflows/test-detect-changes.yml @@ -50,7 +50,7 @@ jobs: docs-changed: ${{ steps.filter.outputs.docs }} site-changed: ${{ steps.filter.outputs.site }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/validate-claude-md.yml b/.github/workflows/validate-claude-md.yml index e8d897e38..79f7d42fb 100644 --- a/.github/workflows/validate-claude-md.yml +++ b/.github/workflows/validate-claude-md.yml @@ -21,13 +21,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 2 # Need previous commit for comparison persist-credentials: false - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.x' @@ -93,7 +93,7 @@ jobs: - name: Create snapshot on failure if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: claude-md-snapshot-${{ github.sha }} path: | diff --git a/.github/workflows/workflow-security.yml b/.github/workflows/workflow-security.yml index 7db185f43..19e6ebd63 100644 --- a/.github/workflows/workflow-security.yml +++ b/.github/workflows/workflow-security.yml @@ -26,7 +26,7 @@ jobs: name: Enforce SHA-pinned actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest continue-on-error: true steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false