From b334ef98da0df3e0501e2f34328a5cc8c0817cf7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 9 May 2025 09:30:46 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/build-and-push-image.yml | 16 +++---- .github/workflows/build-and-push-package.yml | 4 +- .../continuous-integration-dotnet.yml | 10 ++--- .../continuous-integration-javascript.yml | 2 +- .../continuous-integration-terraform.yml | 14 +++---- .github/workflows/cypress-tests.yml | 8 ++-- .github/workflows/docker-build.yml | 6 +-- .github/workflows/docker-test.yml | 10 ++--- .github/workflows/performance-tests.yml | 6 +-- .github/workflows/security-tests.yml | 10 ++--- CypressTests/package-lock.json | 42 +++++++++---------- CypressTests/package.json | 10 ++--- 12 files changed, 69 insertions(+), 69 deletions(-) diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index cae963523..f2bc75b9c 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -27,7 +27,7 @@ jobs: image-name: ${{ steps.var.outputs.image-name }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - id: var run: | @@ -46,7 +46,7 @@ jobs: needs: [ set-env ] steps: - name: Validate Packages - uses: DFE-Digital/rsd-github-actions/.github/actions/validate-packages@v1.1.2 + uses: DFE-Digital/rsd-github-actions/.github/actions/validate-packages@9a7a6a7c9aa5914f76a1f34aee8dd2dcc00702bc # v1.1.2 with: environment: ${{ needs.set-env.outputs.environment }} @@ -55,7 +55,7 @@ jobs: needs: [ set-env, validate-packages ] permissions: packages: write - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build.yml@v4.1.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/build.yml@2669c85cf877ce3161b7d0edf36690106412c70b # v4.1.0 strategy: matrix: stage: [ @@ -81,7 +81,7 @@ jobs: needs: [ set-env, build ] permissions: id-token: write - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/import.yml@v4.1.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/import.yml@2669c85cf877ce3161b7d0edf36690106412c70b # v4.1.0 strategy: matrix: stage: [ @@ -108,7 +108,7 @@ jobs: needs: [ set-env, import ] permissions: id-token: write - uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/deploy.yml@v4.1.0 + uses: DFE-Digital/deploy-azure-container-apps-action/.github/workflows/deploy.yml@2669c85cf877ce3161b7d0edf36690106412c70b # v4.1.0 with: environment: ${{ needs.set-env.outputs.environment }} docker-image-name: ${{ needs.set-env.outputs.image-name }} @@ -126,7 +126,7 @@ jobs: needs: [ set-env, deploy ] runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.ref }} @@ -136,7 +136,7 @@ jobs: git push origin ${{ needs.set-env.outputs.release }} - name: Create release - uses: "actions/github-script@v7" + uses: "actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea" # v7 with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -155,7 +155,7 @@ jobs: } - name: Trigger Build and Push NuGet Package workflow - uses: "actions/github-script@v7" + uses: "actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea" # v7 if: needs.set-env.outputs.environment == 'production' with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/build-and-push-package.yml b/.github/workflows/build-and-push-package.yml index d155945a6..878d770ea 100644 --- a/.github/workflows/build-and-push-package.yml +++ b/.github/workflows/build-and-push-package.yml @@ -20,13 +20,13 @@ jobs: steps: - name: Check Out Tag - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.event.inputs.tag_name }} fetch-depth: 0 # Ensure full history and tags are available - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} diff --git a/.github/workflows/continuous-integration-dotnet.yml b/.github/workflows/continuous-integration-dotnet.yml index 958283d0a..a995f748c 100644 --- a/.github/workflows/continuous-integration-dotnet.yml +++ b/.github/workflows/continuous-integration-dotnet.yml @@ -18,13 +18,13 @@ jobs: packages: read contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.ref }} fetch-depth: 0 # Shallow clones disabled for a better relevancy of SC analysis - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -37,18 +37,18 @@ jobs: docker compose -f "docker-compose.yml" up -d --build db - name: Setup .NET - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Setup JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4 with: distribution: 'microsoft' java-version: ${{ env.JAVA_VERSION }} - name: Cache SonarCloud packages - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: ~\sonar\cache key: ${{ runner.os }}-sonar diff --git a/.github/workflows/continuous-integration-javascript.yml b/.github/workflows/continuous-integration-javascript.yml index 108aae000..f42b5696a 100644 --- a/.github/workflows/continuous-integration-javascript.yml +++ b/.github/workflows/continuous-integration-javascript.yml @@ -14,7 +14,7 @@ jobs: working-directory: CypressTests steps: - name: checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: lint cypress tests run: | diff --git a/.github/workflows/continuous-integration-terraform.yml b/.github/workflows/continuous-integration-terraform.yml index 15567deb1..31e2602e8 100644 --- a/.github/workflows/continuous-integration-terraform.yml +++ b/.github/workflows/continuous-integration-terraform.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Check for terraform version mismatch run: | @@ -28,7 +28,7 @@ jobs: fi - name: Validate Terraform docs - uses: terraform-docs/gh-actions@v1.3.0 + uses: terraform-docs/gh-actions@aeae0038ed47a547e0c0fca5c059d3335f48fb25 # v1.3.0 with: working-dir: terraform config-file: .terraform-docs.yml @@ -40,25 +40,25 @@ jobs: run: rm ./terraform/backend.tf - name: Run a Terraform init - uses: docker://hashicorp/terraform:1.9.8 + uses: docker://hashicorp/terraform:1.9.8@sha256:18f9986038bbaf02cf49db9c09261c778161c51dcc7fb7e355ae8938459428cd with: entrypoint: terraform args: -chdir=terraform init - name: Run a Terraform validate - uses: docker://hashicorp/terraform:1.9.8 + uses: docker://hashicorp/terraform:1.9.8@sha256:18f9986038bbaf02cf49db9c09261c778161c51dcc7fb7e355ae8938459428cd with: entrypoint: terraform args: -chdir=terraform validate - name: Run a Terraform format check - uses: docker://hashicorp/terraform:1.9.8 + uses: docker://hashicorp/terraform:1.9.8@sha256:18f9986038bbaf02cf49db9c09261c778161c51dcc7fb7e355ae8938459428cd with: entrypoint: terraform args: -chdir=terraform fmt -check=true -diff=true - name: Setup TFLint - uses: terraform-linters/setup-tflint@v4 + uses: terraform-linters/setup-tflint@90f302c255ef959cbfb4bd10581afecdb7ece3e6 # v4 with: tflint_version: v0.44.1 @@ -67,6 +67,6 @@ jobs: run: tflint -f compact - name: Run TFSec - uses: aquasecurity/tfsec-pr-commenter-action@v1.3.1 + uses: aquasecurity/tfsec-pr-commenter-action@7a44c5dcde5dfab737363e391800629e27b6376b # v1.3.1 with: github_token: ${{ github.token }} diff --git a/.github/workflows/cypress-tests.yml b/.github/workflows/cypress-tests.yml index 30abf287a..02663d83c 100644 --- a/.github/workflows/cypress-tests.yml +++ b/.github/workflows/cypress-tests.yml @@ -34,12 +34,12 @@ jobs: "edge" ] container: - image: cypress/browsers:22.14.0 + image: cypress/browsers:22.14.0@sha256:5fedacf2c6b1fab4f2d2d24a1cb2054af6d0103e0b163cd5064e523f45ca1a88 defaults: run: working-directory: CypressTests/ steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.ref }} @@ -54,7 +54,7 @@ jobs: - name: Upload screenshots if: ${{ failure() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: screenshots-${{ inputs.environment }}-${{ matrix.browser }} path: screenshots @@ -67,7 +67,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: reports-${{ inputs.environment }}-${{ matrix.browser }} path: CypressTests/cypress/reports/mocha diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 4651ef24d..f9b5995af 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -20,13 +20,13 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Build docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 with: build-args: CI=true file: './${{ matrix.image }}' diff --git a/.github/workflows/docker-test.yml b/.github/workflows/docker-test.yml index 672bb1dfa..0b6694185 100644 --- a/.github/workflows/docker-test.yml +++ b/.github/workflows/docker-test.yml @@ -20,13 +20,13 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Build docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 id: build with: file: './${{ matrix.image }}' @@ -42,7 +42,7 @@ jobs: run: docker save -o ${{ matrix.image }}-${{ matrix.stage }}.tar ${{ steps.build.outputs.imageid }} - name: Scan Docker image for CVEs - uses: aquasecurity/trivy-action@0.30.0 + uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0 with: input: ${{ matrix.image }}-${{ matrix.stage }}.tar format: 'sarif' @@ -53,7 +53,7 @@ jobs: github-pat: ${{ secrets.GITHUB_TOKEN }} - name: Upload scan results to GitHub Security - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3 if: always() with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/performance-tests.yml b/.github/workflows/performance-tests.yml index df2d36917..3d7c08dd7 100644 --- a/.github/workflows/performance-tests.yml +++ b/.github/workflows/performance-tests.yml @@ -17,10 +17,10 @@ jobs: working-directory: Dfe.Academies.Performance/scripts steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Run k6 test - uses: grafana/k6-action@v0.3.1 + uses: grafana/k6-action@e4714b734f2b0afaabeb7b4a69142745548ab9ec # v0.3.1 with: filename: suite.js env: @@ -29,7 +29,7 @@ jobs: - name: Upload report if: ${{ success() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: summary path: summary.html \ No newline at end of file diff --git a/.github/workflows/security-tests.yml b/.github/workflows/security-tests.yml index e1ce1070a..d77a99e4c 100644 --- a/.github/workflows/security-tests.yml +++ b/.github/workflows/security-tests.yml @@ -20,7 +20,7 @@ jobs: working-directory: CypressTests steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Create directory on runner run: | @@ -33,7 +33,7 @@ jobs: - name: Restore ZAP container from cache if exists id: cache-docker-zap - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: ~/ci/cache/docker/softwaresecurityproject key: cache-docker-zap-${{ env.ZAP_VERSION }} @@ -52,7 +52,7 @@ jobs: run: docker run --name zap_container --rm -d -v ${{ github.workspace }}/zapoutput/:/zap/wrk:rw -u zap -p ${{ env.ZAP_PORT }}:${{ env.ZAP_PORT }} -i softwaresecurityproject/zap-stable zap.sh -daemon -port ${{ env.ZAP_PORT }} -host 0.0.0.0 -config api.key=${{ secrets.ZAP_API_KEY }} -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config network.localServers.mainProxy.alpn.enabled=false -config network.localServers.mainProxy.address=0.0.0.0 - name: Set up NodeJS - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 18 @@ -79,13 +79,13 @@ jobs: - name: Azure login with SPN if: '!cancelled()' - uses: azure/login@v2 + uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2 with: creds: ${{ secrets.OWASP_AZ_CREDENTIALS }} - name: Push report to blob storage if: '!cancelled()' - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2 id: azure with: azcliversion: 2.49.0 diff --git a/CypressTests/package-lock.json b/CypressTests/package-lock.json index 85e9cedb0..f7045eb19 100644 --- a/CypressTests/package-lock.json +++ b/CypressTests/package-lock.json @@ -9,17 +9,17 @@ "version": "1.0.0", "license": "ISC", "devDependencies": { - "cypress": "^13.6.0", - "cypress-multi-reporters": "^2.0.5", - "cypress-plugin-api": "^2.11.1", - "cypress-slack-reporter": "^1.5.4", + "cypress": "13.17.0", + "cypress-multi-reporters": "2.0.5", + "cypress-plugin-api": "2.11.2", + "cypress-slack-reporter": "1.5.4", "eslint": "9.21.0", "eslint-plugin-cypress": "3.6.0", "mocha": "^11.1.0", "mochawesome": "^7.1.3", "mochawesome-merge": "^5.0.0", "mochawesome-report-generator": "^6.2.0", - "zaproxy": "^2.0.0-rc.2" + "zaproxy": "2.0.0-rc.6" } }, "node_modules/@babel/helper-string-parser": { @@ -1216,6 +1216,22 @@ "node": ">= 6" } }, + "node_modules/ci-info": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.2.0.tgz", + "integrity": "sha512-cYY9mypksY8NRqgDB1XD1RiJL338v/551niynFTGkZOO2LHuB2OmOYxDIe/ttN9AHwrqdum1360G3ald0W9kCg==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/clean-stack": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", @@ -1512,22 +1528,6 @@ "node": ">=18" } }, - "node_modules/cypress/node_modules/ci-info": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.2.0.tgz", - "integrity": "sha512-cYY9mypksY8NRqgDB1XD1RiJL338v/551niynFTGkZOO2LHuB2OmOYxDIe/ttN9AHwrqdum1360G3ald0W9kCg==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/sibiraj-s" - } - ], - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/dashdash": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", diff --git a/CypressTests/package.json b/CypressTests/package.json index 99dbb653e..e80e6179f 100644 --- a/CypressTests/package.json +++ b/CypressTests/package.json @@ -35,16 +35,16 @@ }, "homepage": "https://github.com/DFE-Digital/academies-api#readme", "devDependencies": { - "cypress": "^13.6.0", - "cypress-multi-reporters": "^2.0.5", - "cypress-plugin-api": "^2.11.1", - "cypress-slack-reporter": "^1.5.4", + "cypress": "13.17.0", + "cypress-multi-reporters": "2.0.5", + "cypress-plugin-api": "2.11.2", + "cypress-slack-reporter": "1.5.4", "eslint": "9.21.0", "eslint-plugin-cypress": "3.6.0", "mocha": "^11.1.0", "mochawesome": "^7.1.3", "mochawesome-merge": "^5.0.0", "mochawesome-report-generator": "^6.2.0", - "zaproxy": "^2.0.0-rc.2" + "zaproxy": "2.0.0-rc.6" } }