Merge pull request #718 from byllyfish/gha

Update Github actions.

.github/workflows/ci.yml

@@ -33,7 +33,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
  - name: Checkout
@@ -71,7 +71,7 @@ jobs:
  SHELLOUS_CHILDWATCHER_TYPE=default SHELLOUS_THREADSTRATEGY=1 coverage run --source shellous -m pytest
  - name: Upload Code Coverage
  if: (matrix.os == 'ubuntu-22.04' || matrix.os == 'macos-12') && matrix.python-version != '3.13-dev'
- uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
+ uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
  with:
  token: ${{ secrets.SHELLOUS_CODECOV_TOKEN }}
  verbose: true
@@ -148,7 +148,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 
@@ -189,7 +189,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 
@@ -219,7 +219,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
  - name: Checkout

.github/workflows/codeql.yml

@@ -41,7 +41,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 
@@ -50,7 +50,7 @@ jobs:
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
  with:
  languages: ${{ matrix.language }}
  # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
  # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
  # If this step fails, then you should remove it and run the build manually (see below)
  - name: Autobuild
- uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
 
  # ℹ️ Command-line programs to run using the OS shell.
  # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
  # ./location_of_script_within_repo/buildscript.sh
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
  with:
  category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 

.github/workflows/docs.yml

@@ -13,7 +13,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 
@@ -45,7 +45,7 @@ jobs:
  url: ${{ steps.deployment.outputs.page_url }}
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 

.github/workflows/publish.yml

@@ -15,7 +15,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
  - name: Checkout
@@ -43,7 +43,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
  - name: Download packages

.github/workflows/scorecards.yml

@@ -31,7 +31,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
  with:
  egress-policy: audit
 
@@ -71,6 +71,6 @@ jobs:
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
+ uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
  with:
  sarif_file: results.sarif