From 09e8cc7fdff22ddc250537f4081c36e591409d9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 09:54:10 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 11 updates Bumps the github-actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.2.0` | `5.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify) | `2.3.3` | `2.4.0` | | [SamKirkland/FTP-Deploy-Action](https://github.com/samkirkland/ftp-deploy-action) | `4.3.6` | `4.4.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` | | [skymatic/workflows/.github/workflows/run-dependency-check.yml](https://github.com/skymatic/workflows) | `3.0.3` | `3.1.0` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` | Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `actions/setup-java` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/be666c2fcd27ec809703dec50e508c2fdc7f6654...ad2b38190b15e4d6bdf0c97fb4fca8412226d287) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `softprops/action-gh-release` from 2.5.0 to 3.0.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2.5.0...718ea10b132b3b2eba29c1007bb80653f286566b) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v8...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `rtCamp/action-slack-notify` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/rtcamp/action-slack-notify/releases) - [Commits](https://github.com/rtcamp/action-slack-notify/compare/e31e87e03dd19038e411e38ae27cbad084a90661...33ca3be66c6f378fe1610fd1d5258632dbed5e58) Updates `SamKirkland/FTP-Deploy-Action` from 4.3.6 to 4.4.0 - [Release notes](https://github.com/samkirkland/ftp-deploy-action/releases) - [Commits](https://github.com/samkirkland/ftp-deploy-action/compare/a51268f67f6605236975928ae28b0f7e9971d50a...110f9186c050f71550953127052e77650219c287) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `skymatic/workflows/.github/workflows/run-dependency-check.yml` from 3.0.3 to 3.1.0 - [Release notes](https://github.com/skymatic/workflows/releases) - [Commits](https://github.com/skymatic/workflows/compare/957d3c2c08c56855fdac41e5afb9a7aca8c30dd9...8356563bf7b8d1c8d693f75ca487e8f57573cec9) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3) Updates `actions/stale` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: rtCamp/action-slack-notify dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: SamKirkland/FTP-Deploy-Action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: skymatic/workflows/.github/workflows/run-dependency-check.yml dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/appimage.yml | 10 +++++----- .github/workflows/aur-bin.yml | 4 ++-- .github/workflows/av-whitelist.yml | 4 ++-- .github/workflows/build.yml | 6 +++--- .github/workflows/check-jdk-updates.yml | 4 ++-- .github/workflows/debian.yml | 6 +++--- .github/workflows/dependency-check.yml | 2 +- .github/workflows/dl-stats.yml | 2 +- .github/workflows/draft-release.yml | 10 +++++----- .github/workflows/error-db.yml | 2 +- .github/workflows/get-version.yml | 4 ++-- .github/workflows/linux-flatpak.yml | 16 ++++++++-------- .github/workflows/linux-makepkg.yml | 10 +++++----- .github/workflows/mac-dmg-x64.yml | 8 ++++---- .github/workflows/mac-dmg.yml | 8 ++++---- .github/workflows/no-response.yml | 2 +- .github/workflows/post-publish.yml | 6 +++--- .github/workflows/pullrequest.yml | 4 ++-- .github/workflows/release-check.yml | 6 +++--- .github/workflows/stale.yml | 2 +- .github/workflows/win-exe.yml | 14 +++++++------- 21 files changed, 65 insertions(+), 65 deletions(-) diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml index b41229e81..b2d391eb9 100644 --- a/.github/workflows/appimage.yml +++ b/.github/workflows/appimage.yml @@ -75,9 +75,9 @@ jobs: openjfx-sha: 'c3408f818693cce09e59829a8e862a82c7695fdfcd585c41cfd527f5fc3fe646' appimagetool-sha: 'f0837e7448a0c1e4e650a93bb3e85802546e60654ef287576f46c71c126a9158' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -210,7 +210,7 @@ jobs: gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: appimage-${{ matrix.arch }} path: | @@ -220,7 +220,7 @@ jobs: if-no-files-found: error - name: Publish AppImage on GitHub Releases if: inputs.upload-to-draft - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true fail_on_unmatched_files: true @@ -240,7 +240,7 @@ jobs: aarch64-sha256sum: ${{ steps.sha256sum.outputs.aarch64-sha256sum }} steps: - name: Download AppImage artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: appimage-* path: appimage-artifacts diff --git a/.github/workflows/aur-bin.yml b/.github/workflows/aur-bin.yml index 36865aa26..f6f00a93e 100644 --- a/.github/workflows/aur-bin.yml +++ b/.github/workflows/aur-bin.yml @@ -33,7 +33,7 @@ jobs: pacman-key --populate archlinux pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl pacman-contrib - name: Checkout cryptomator/aur-bin - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: 'cryptomator/aur-bin' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} @@ -102,7 +102,7 @@ jobs: DIST_VERSION: ${{ steps.pkgrel.outputs.dist-version }} GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml index 7577662da..a609fc033 100644 --- a/.github/workflows/av-whitelist.yml +++ b/.github/workflows/av-whitelist.yml @@ -51,7 +51,7 @@ jobs: - name: Download file run: curl --silent --fail-with-body --proto "=https" -L "${INPUT_URL}" -o "${{steps.extractName.outputs.fileName}}" - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: ${{ steps.extractName.outputs.fileName }} path: ${{ steps.extractName.outputs.fileName }} @@ -68,7 +68,7 @@ jobs: name: ${{ needs.download-file.outputs.fileName }} path: upload - name: Upload to Kaspersky - uses: SamKirkland/FTP-Deploy-Action@a51268f67f6605236975928ae28b0f7e9971d50a # v4.6.3 + uses: SamKirkland/FTP-Deploy-Action@110f9186c050f71550953127052e77650219c287 # v4.6.3 with: protocol: ftps server: allowlist.kaspersky-labs.com diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7a766c424..6e0345816 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,14 +22,14 @@ jobs: name: Compile and Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} cache: 'maven' - name: Cache SonarCloud packages - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml index 0b0c30db7..d721bf1ad 100644 --- a/.github/workflows/check-jdk-updates.yml +++ b/.github/workflows/check-jdk-updates.yml @@ -26,7 +26,7 @@ jobs: run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,2) >> "$env:GITHUB_ENV" shell: pwsh - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }} - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: java-version: ${{ env.JDK_MAJOR_VERSION}} distribution: ${{ env.JDK_VENDOR }} @@ -70,7 +70,7 @@ jobs: } - name: Notify if: steps.determine.outputs.UPDATE_AVAILABLE == 'true' - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_USERNAME: 'Cryptobot' diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 3599456d2..ea3bac825 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -45,7 +45,7 @@ jobs: env: INPUT_PPAVER: ${{ inputs.ppaver }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - id: deb-version name: Determine deb-version run: | @@ -63,7 +63,7 @@ jobs: env: DEB_BUILD_DEPENDS: ${{ env.DEB_BUILD_DEPENDS }} - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -146,7 +146,7 @@ jobs: run: | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: linux-deb-package path: | diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 49dee5b9c..7677d802d 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -7,7 +7,7 @@ on: jobs: check-dependencies: - uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@957d3c2c08c56855fdac41e5afb9a7aca8c30dd9 # v3.0.3 + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@8356563bf7b8d1c8d693f75ca487e8f57573cec9 # v3.1.0 with: runner-os: 'ubuntu-latest' java-distribution: 'temurin' diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml index bfc53db3c..3c9c0b107 100644 --- a/.github/workflows/dl-stats.yml +++ b/.github/workflows/dl-stats.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Get download count of latest releases id: get-stats - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const query = `query($owner:String!, $name:String!) { diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 50157ada8..427e7d276 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -25,14 +25,14 @@ jobs: needs: get-version if: needs.get-version.outputs.versionType != 'unknown' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Check the git tag is signed run: git cat-file -p "${GITHUB_REF_NAME}" | grep "BEGIN SSH SIGNATURE" - name: Check the git tag is on release or main branch run: git branch -r --contains "${GITHUB_REF_NAME}" | grep -E '^\s*origin/(main|release/.*)\s*$' - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -42,7 +42,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any - name: Draft a release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true discussion_category_name: releases @@ -60,7 +60,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Publish asc on GitHub Releases - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true fail_on_unmatched_files: true @@ -112,7 +112,7 @@ jobs: SEMVER: ${{ needs.get-version.outputs.semVerStr }} GH_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Compute source tarball SHA256 id: src-sha256 run: | diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml index 5c2ffebe8..7e27c89ed 100644 --- a/.github/workflows/error-db.yml +++ b/.github/workflows/error-db.yml @@ -14,7 +14,7 @@ jobs: - name: Query Discussion Data if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted' id: query-data - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const query = `query ($owner: String!, $name: String!, $discussionNumber: Int!) { diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml index 1ef97f30e..7d519f33c 100644 --- a/.github/workflows/get-version.yml +++ b/.github/workflows/get-version.yml @@ -39,11 +39,11 @@ jobs: revNum: ${{ steps.versions.outputs.revNum }} type: ${{ steps.versions.outputs.type}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} diff --git a/.github/workflows/linux-flatpak.yml b/.github/workflows/linux-flatpak.yml index 83afbed39..eb8a17978 100644 --- a/.github/workflows/linux-flatpak.yml +++ b/.github/workflows/linux-flatpak.yml @@ -49,16 +49,16 @@ jobs: env: SRC_GIT_SHA: ${{ inputs.src-tag || github.sha}} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: flathub/org.cryptomator.Cryptomator submodules: true - name: Checkout build script - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: build-scripts - name: Checkout app source - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: cryptomator ref: ${{ env.SRC_GIT_SHA }} @@ -77,7 +77,7 @@ jobs: commit: ${{ env.SRC_GIT_SHA }} - name: Copy build script for upload run: cp org.cryptomator.Cryptomator.yaml org.cryptomator.Cryptomator.${{matrix.variant.arch}}.yaml - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: archive: false if-no-files-found: error @@ -129,7 +129,7 @@ jobs: EOF done < maven-dependency-files-javafx.txt ) > javafx-maven-dependencies-${{ matrix.variant.arch }}.yaml - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: maven-sources-${{ matrix.variant.arch }} if-no-files-found: error @@ -176,7 +176,7 @@ jobs: fi env: SRC_TAG: ${{ inputs.src-tag }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: flathub/org.cryptomator.Cryptomator submodules: true #TODO: Update submodule! @@ -184,7 +184,7 @@ jobs: - name: Checkout release branch run: | git checkout -b release/${{ needs.get-version.outputs.semVerStr }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: cryptomator - name: Download source tarball and compute checksum @@ -250,7 +250,7 @@ jobs: env: GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 if: github.event_name == 'release' env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} diff --git a/.github/workflows/linux-makepkg.yml b/.github/workflows/linux-makepkg.yml index 7f195c7db..dfb6ff425 100644 --- a/.github/workflows/linux-makepkg.yml +++ b/.github/workflows/linux-makepkg.yml @@ -44,7 +44,7 @@ jobs: pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: path: cryptomator - name: Create build user @@ -69,13 +69,13 @@ jobs: sudo -u builder env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" makepkg --syncdeps --cleanbuild --noconfirm --log - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: arch-package if-no-files-found: error path: | ${{ env.PKGDEST }}/*.pkg.tar.zst - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: pkgbuild-file if-no-files-found: error @@ -108,7 +108,7 @@ jobs: env: TAG: ${{ needs.get-version.outputs.semVerStr || github.event.release.tag_name }} - name: Checkout cryptomator/aur repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: 'cryptomator/aur' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} @@ -188,7 +188,7 @@ jobs: GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification if: github.event_name == 'release' - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml index 3265584e8..fadf7252d 100644 --- a/.github/workflows/mac-dmg-x64.yml +++ b/.github/workflows/mac-dmg-x64.yml @@ -79,9 +79,9 @@ jobs: openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_osx-x64_bin-jmods.zip' openjfx-sha: '0b4d8463f03901b7425d94628e4116b7078abb8dd540fbec415266fac20bda5c' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -303,7 +303,7 @@ jobs: run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: dmg-${{ matrix.output-suffix }} path: | @@ -312,7 +312,7 @@ jobs: if-no-files-found: error - name: Publish dmg on GitHub Releases if: inputs.upload-to-draft - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true fail_on_unmatched_files: true diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index a0be907be..45e2ed59c 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -77,9 +77,9 @@ jobs: openjfx-url: 'https://download2.gluonhq.com/openjfx/25.0.2/openjfx-25.0.2_osx-aarch64_bin-jmods.zip' openjfx-sha: '4cd258001c75af7047005c5c891e2400ed11d24fbb09412324c0cbaf8b503c5a' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -302,7 +302,7 @@ jobs: run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db continue-on-error: true - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: dmg-${{ matrix.output-suffix }} path: | @@ -311,7 +311,7 @@ jobs: if-no-files-found: error - name: Publish dmg on GitHub Releases if: inputs.upload-to-draft - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true fail_on_unmatched_files: true diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml index 6cf906950..8a4caeb87 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/no-response.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 with: days-before-stale: 14 days-before-close: 0 diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml index e27820520..4835b8061 100644 --- a/.github/workflows/post-publish.yml +++ b/.github/workflows/post-publish.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-slim steps: - name: Notify about DEB build - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' @@ -21,7 +21,7 @@ jobs: SLACK_FOOTER: '' MSG_MINIMAL: true - name: Notify about latest-version update - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' @@ -105,7 +105,7 @@ jobs: runs-on: ubuntu-slim steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + uses: rtCamp/action-slack-notify@33ca3be66c6f378fe1610fd1d5258632dbed5e58 # v2.4.0 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 7c38a3413..ac62a8ed4 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -16,8 +16,8 @@ jobs: name: Compile and Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index 0531cf897..ebffa1716 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -19,9 +19,9 @@ jobs: name: Validate commits pushed to release/hotfix branch to fulfill release requirements runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ env.JAVA_DIST }} java-version: ${{ env.JAVA_VERSION }} @@ -50,7 +50,7 @@ jobs: exit 1 fi - name: Cache NVD DB - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: ~/.m2/repository/org/owasp/dependency-check-data/ key: dependency-check-${{ github.run_id }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ed6406551..f44307060 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 with: days-before-stale: 365 days-before-close: 90 diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 1e095e1a8..afaec70f5 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -86,9 +86,9 @@ jobs: java-version: '26.0.1+8' java-package: 'jdk' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ matrix.java-dist }} java-version: ${{ matrix.java-version }} @@ -316,7 +316,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: msi-${{ matrix.arch }} path: | @@ -340,7 +340,7 @@ jobs: java-version: '24.0.1+9' java-package: 'jdk' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install wix and extensions run: | dotnet tool install --global wix --version ${WIX_VERSION} @@ -356,7 +356,7 @@ jobs: - name: Strip version info from msi file name run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi - name: Setup Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0 with: distribution: ${{ matrix.java-dist }} java-version: ${{ matrix.java-version }} @@ -449,7 +449,7 @@ jobs: GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - name: Upload artifacts - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: exe-${{ matrix.executable-suffix }} path: | @@ -469,7 +469,7 @@ jobs: merge-multiple: true - name: Publish installers on GitHub Releases id: publish - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: draft: true fail_on_unmatched_files: true