From ca71a0e4d385fab9ebc62145b9189c52cb7c989c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 Jul 2026 04:32:06 +0000 Subject: [PATCH] build(deps): update actions --- .github/actions/build-java-layer/action.yml | 2 +- .github/actions/build-nodejs-layer/action.yml | 2 +- .github/workflows/ci-java.yml | 2 +- .github/workflows/ci-nodejs.yml | 2 +- .github/workflows/close-stale.yaml | 2 +- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/integration-test.yml | 6 +++--- .github/workflows/layer-publish.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- 9 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/actions/build-java-layer/action.yml b/.github/actions/build-java-layer/action.yml index e2d64608ef..7365da2e3d 100644 --- a/.github/actions/build-java-layer/action.yml +++ b/.github/actions/build-java-layer/action.yml @@ -18,7 +18,7 @@ outputs: runs: using: composite steps: - - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 + - uses: actions/setup-java@0f481fcb613427c0f801b606911222b5b6f3083a # v5.5.0 with: distribution: corretto java-version: 17 diff --git a/.github/actions/build-nodejs-layer/action.yml b/.github/actions/build-nodejs-layer/action.yml index 5f449989ec..230fb34beb 100644 --- a/.github/actions/build-nodejs-layer/action.yml +++ b/.github/actions/build-nodejs-layer/action.yml @@ -12,7 +12,7 @@ outputs: runs: using: composite steps: - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + - uses: actions/setup-node@249970729cb0ef3589644e2896645e5dc5ba9c38 # v6.5.0 with: node-version-file: 'nodejs/.nvmrc' diff --git a/.github/workflows/ci-java.yml b/.github/workflows/ci-java.yml index 61bce309d9..edf9bb4a41 100644 --- a/.github/workflows/ci-java.yml +++ b/.github/workflows/ci-java.yml @@ -25,7 +25,7 @@ jobs: steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 + - uses: actions/setup-java@0f481fcb613427c0f801b606911222b5b6f3083a # v5.5.0 with: distribution: corretto java-version: 17 diff --git a/.github/workflows/ci-nodejs.yml b/.github/workflows/ci-nodejs.yml index 915c334061..819bd50c0e 100644 --- a/.github/workflows/ci-nodejs.yml +++ b/.github/workflows/ci-nodejs.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + - uses: actions/setup-node@249970729cb0ef3589644e2896645e5dc5ba9c38 # v6.5.0 with: node-version-file: 'nodejs/.nvmrc' - uses: actions/cache@caa296126883cff596d87d8935842f9db880ef25 # v5.1.0 diff --git a/.github/workflows/close-stale.yaml b/.github/workflows/close-stale.yaml index 238d7346f4..e9932de848 100644 --- a/.github/workflows/close-stale.yaml +++ b/.github/workflows/close-stale.yaml @@ -13,7 +13,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 + - uses: actions/stale@1e223db275d687790206a7acac4d1a11bd6fe629 # v10.4.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue was marked stale. It will be closed in 30 days without additional activity.' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a77ccafeeb..eee1569a16 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,7 +68,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.36.2 + uses: github/codeql-action/init@02c5e83432fe5497fd85b873b6c9f16a8578e1d9 # v3.37.0 with: languages: ${{ matrix.target.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -82,7 +82,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.36.2 + uses: github/codeql-action/autobuild@02c5e83432fe5497fd85b873b6c9f16a8578e1d9 # v3.37.0 with: working-directory: ${{ matrix.target.directory }} # There are no array literals in GHA that is why we need to use fromJson. @@ -99,7 +99,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Set up Java - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 + uses: actions/setup-java@0f481fcb613427c0f801b606911222b5b6f3083a # v5.5.0 with: distribution: corretto java-version: '17' @@ -128,6 +128,6 @@ jobs: if: ${{ matrix.target.language == 'csharp' }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.36.2 + uses: github/codeql-action/analyze@02c5e83432fe5497fd85b873b6c9f16a8578e1d9 # v3.37.0 with: category: "/language:${{matrix.target.language}}" diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 4fe535cb67..25edf51aeb 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -100,7 +100,7 @@ jobs: steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + - uses: actions/setup-node@249970729cb0ef3589644e2896645e5dc5ba9c38 # v6.5.0 with: node-version-file: 'integration-tests/.nvmrc' @@ -114,14 +114,14 @@ jobs: name: opentelemetry-${{ matrix.language }}-layer.zip path: artifacts/ - - uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1 + - uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2 with: role-to-assume: ${{ secrets.INTEGRATION_TEST_ROLE_ARN }} role-duration-seconds: 1200 aws-region: us-east-1 - if: ${{ startsWith(matrix.language, 'java') }} - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 + uses: actions/setup-java@0f481fcb613427c0f801b606911222b5b6f3083a # v5.5.0 with: distribution: corretto java-version: 17 diff --git a/.github/workflows/layer-publish.yml b/.github/workflows/layer-publish.yml index 4515f12bb0..c6928e7e9f 100644 --- a/.github/workflows/layer-publish.yml +++ b/.github/workflows/layer-publish.yml @@ -94,7 +94,7 @@ jobs: with: name: ${{ inputs.artifact-name }} - - uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1 + - uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2 with: role-to-assume: ${{ inputs.role-arn || secrets.OTEL_LAMBDA_LAYER_PUBLISH_ROLE_ARN || secrets.PROD_LAMBDA_ROLE_ARN }} role-duration-seconds: 1200 diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 966954aa94..812b6d1b55 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd903d2e4f5405488e5ef1422510ee31c8b32357 # v3.36.2 + uses: github/codeql-action/upload-sarif@02c5e83432fe5497fd85b873b6c9f16a8578e1d9 # v3.37.0 with: sarif_file: results.sarif