Bump actions in workflow files (#89)

* Bump actions in workflow files actions/checkout@v3 to 4 github/codeql-action/init@v2 to 3 github/codeql-action/autobuild@v2 to 3 github/codeql-action/analyze@v2 to 3 * Create dependabot.yml github-actions
skills · Apr 7, 2024 · e9a138f · e9a138f
1 parent e975b5d
commit e9a138f
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -22,15 +22,15 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/jarvis-code.yml b/.github/workflows/jarvis-code.yml
@@ -23,11 +23,11 @@ jobs:
       contents: read
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check GitHub Status
         # Source of GitHub Action in line 30: 
         # https://github.com/dduzgun-security/secure-code-game-action
         uses: dduzgun-security/secure-code-game-action@dc70b85ad674f6e93657401f3933622870372093 # v1.0
         with:
           who-to-greet: "Jarvis, obviously ..."
-          get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"
+          get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"
diff --git a/.github/workflows/jarvis-hack.yml b/.github/workflows/jarvis-hack.yml
@@ -14,11 +14,11 @@ jobs:
       contents: read
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Check for insecure actions
         run: |
           if grep -q "uses: dduzgun-security/secure-code-game-action@" $GITHUB_WORKSPACE/.github/workflows/jarvis-code.yml; then
             echo "Insecure action detected. Please remove it from your workflow."
             exit 1
-          fi
+          fi