openimsdk · dependabot · May 7, 2024
@@ -27,7 +27,7 @@ jobs:
  issues: write
  steps:
  - name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  - name: Assign the issue
  run: |

@@ -29,7 +29,7 @@ jobs:
  if: github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true
  steps:
  - name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  fetch-depth: 0
 

@@ -27,7 +27,7 @@ jobs:
  steps:
 
  - name: Invite user to join our group
- uses: peter-evans/create-or-update-comment@v3
+ uses: peter-evans/create-or-update-comment@v4
  with:
  token: ${{ secrets.BOT_GITHUB_TOKEN }}
  issue-number: ${{ github.event.issue.number }}

@@ -26,7 +26,7 @@ jobs:
  if: startsWith(github.event.comment.body, '/create tag')
  steps:
  - name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  - name: Validate version number and get comment
  id: validate

@@ -32,16 +32,16 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 
 # docker.io/openim/openim-chat:latest
  - name: Extract metadata (tags, labels) for Docker
  id: meta
- uses: docker/metadata-action@v4.6.0
+ uses: docker/metadata-action@v5.5.1
  with:
  images: openim/openim-chat
  # generate Docker tags based on the following events/attributes
@@ -57,13 +57,13 @@ jobs:
  type=sha
 
  - name: Log in to Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
 
  - name: Build and push Docker image
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
  with:
  context: .
  # linux/ppc64le,linux/s390x
@@ -76,15 +76,15 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 # registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-chat:latest
  - name: Extract metadata (tags, labels) for Docker
  id: meta2
- uses: docker/metadata-action@v4.6.0
+ uses: docker/metadata-action@v5.5.1
  with:
  images: registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-chat
  tags: |
@@ -99,14 +99,14 @@ jobs:
  type=sha
 
  - name: Log in to AliYun Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  registry: registry.cn-hangzhou.aliyuncs.com
  username: ${{ secrets.ALIREGISTRY_USERNAME }}
  password: ${{ secrets.ALIREGISTRY_TOKEN }}
 
  - name: Build and push Docker image
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
  with:
  context: .
  # linux/ppc64le,linux/s390x
@@ -119,15 +119,15 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 # ghcr.io/openimsdk/openim-chat:latest
  - name: Extract metadata (tags, labels) for Docker
  id: meta3
- uses: docker/metadata-action@v4.6.0
+ uses: docker/metadata-action@v5.5.1
  with:
  images: ghcr.io/openimsdk/openim-chat
  tags: |
@@ -142,14 +142,14 @@ jobs:
  type=sha
 
  - name: Log in to GitHub Container Registry
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  registry: ghcr.io
  username: ${{ github.repository_owner }}
  password: ${{ secrets.GITHUB_TOKEN }}
 
  - name: Build and push Docker image
- uses: docker/build-push-action@v4
+ uses: docker/build-push-action@v5
  with:
  context: .
  # linux/ppc64le,linux/s390x

@@ -52,7 +52,7 @@ jobs:
 
  steps:
  - name: Set up Go ${{ matrix.go_version }}
- uses: actions/setup-go@v4
+ uses: actions/setup-go@v5
  with:
  go-version: ${{ matrix.go_version }}
  id: go

@@ -41,10 +41,10 @@ jobs:
  runs-on: ubuntu-20.04
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  - name: Setup Golang with cache
- uses: magnetikonline/action-golang-cache@v4
+ uses: magnetikonline/action-golang-cache@v5
  with:
  go-version: ${{ env.GO_VERSION }}
 
@@ -56,4 +56,4 @@ jobs:
  continue-on-error: true
 
  - name: Upload Coverage to Codecov
- uses: codecov/codecov-action@v3
+ uses: codecov/codecov-action@v4
@@ -41,7 +41,7 @@ jobs:
  steps:
  - name: "CLA Assistant"
  if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
- uses: contributor-assistant/github-action@v2.3.0
+ uses: contributor-assistant/github-action@v2.4.0
  env:
  GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
  PERSONAL_ACCESS_TOKEN: ${{ secrets.REDBOT_GITHUB_TOKEN }}

@@ -47,19 +47,19 @@ jobs:
 
  steps:
  - name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
  # Override language selection by uncommenting this and choosing your languages
  # with:
  # languages: go, javascript, csharp, python, cpp, java, ruby
 
  # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
  # If this step fails, then you should remove it and run the build manually (see below).
  - name: Autobuild
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@v3
 
  # ℹ️ Command-line programs to run using the OS shell.
  # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,4 +73,4 @@ jobs:
  # make release
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
@@ -13,6 +13,6 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: 'Checkout Repository'
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: 'Dependency Review'
- uses: actions/dependency-review-action@v3
+ uses: actions/dependency-review-action@v4
@@ -37,7 +37,7 @@ jobs:
  GO111MODULE: on
  steps:
  - name: Check out code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  - name: Run Gosec Security Scanner
  uses: securego/gosec@master
  with:

@@ -25,7 +25,7 @@ jobs:
  issues: write
  steps:
  - name: Add comment
- uses: peter-evans/create-or-update-comment@v3
+ uses: peter-evans/create-or-update-comment@v4
  with:
  issue-number: ${{ github.event.issue.number }}
  token: ${{ secrets.BOT_GITHUB_TOKEN }}

@@ -7,7 +7,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Checkout Repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v4
 
  - name: Code Language Detector
  uses: kubecub/comment-lang-detector@v1.0.0
@@ -30,7 +30,7 @@ jobs:
  action:
  runs-on: ubuntu-latest
  steps:
- - uses: dessant/lock-threads@v4
+ - uses: dessant/lock-threads@v5
  with:
  github-token: ${{ secrets.BOT_GITHUB_TOKEN }}
  issue-inactive-days: '365'

@@ -29,7 +29,7 @@ jobs:
  move-assigned-card:
  runs-on: ubuntu-latest
  steps:
- - uses: alex-page/github-project-automation-plus@v0.8.3
+ - uses: alex-page/github-project-automation-plus@v0.9.0
  with:
  project: OpenIM-V3.1
  column: In Progress

@@ -32,7 +32,7 @@ jobs:
  DOCKER_CLI_EXPERIMENTAL: "enabled"
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  fetch-depth: 0
 
@@ -44,51 +44,51 @@ jobs:
  mkdir -p $HOME/.cache/snapcraft/download
  mkdir -p $HOME/.cache/snapcraft/stage-packages
 
- - uses: actions/setup-go@v4
+ - uses: actions/setup-go@v5
  with:
  go-version: stable
 
  - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
+ uses: docker/setup-qemu-action@v3
 
  - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ uses: docker/setup-buildx-action@v3
 
  - name: Login to Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  username: ${{ secrets.DOCKER_USERNAME }}
  password: ${{ secrets.DOCKER_PASSWORD }}
 
  - name: Login to GitHub Container Registry
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  registry: ghcr.io
  username: ${{ github.repository_owner }}
  password: ${{ secrets.GITHUB_TOKEN }}
 
  - name: Log in to AliYun Docker Hub
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
  with:
  registry: registry.cn-hangzhou.aliyuncs.com
  username: ${{ secrets.ALIREGISTRY_USERNAME }}
  password: ${{ secrets.ALIREGISTRY_TOKEN }}
 
  - name: set action env cache
- uses: actions/cache@v3
+ uses: actions/cache@v4
  with:
  path: |
  ./_output/dist/*.deb
  ./_output/dist/*.rpm
  ./_output/dist/*.apk
  key: ${{ github.ref }}
 
- - uses: sigstore/cosign-installer@v3.1.1
- - uses: anchore/sbom-action/download-syft@v0.14.3
- - uses: crazy-max/ghaction-upx@v2
+ - uses: sigstore/cosign-installer@v3.5.0
+ - uses: anchore/sbom-action/download-syft@v0.15.11
+ - uses: crazy-max/ghaction-upx@v3
  with:
  install-only: true
- - uses: cachix/install-nix-action@v22
+ - uses: cachix/install-nix-action@v26
  with:
  github_access_token: ${{ secrets.GITHUB_TOKEN }}
  # - name: snapcraft-login
@@ -97,7 +97,7 @@ jobs:
  # More assembly might be required: Docker logins, GPG, etc. It all depends
  # on your needs.
 
- - uses: goreleaser/goreleaser-action@v4
+ - uses: goreleaser/goreleaser-action@v5
  with:
  # either 'goreleaser' (default) or 'goreleaser-pro':
  distribution: goreleaser

@@ -41,7 +41,7 @@ jobs:
 
  steps:
  - name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
 
  # - name: Install latest Bash (macOS only)
  # if: runner.os == 'macOS'

@@ -32,7 +32,7 @@ jobs:
  pull-requests: write
 
  steps:
- - uses: actions/stale@v8
+ - uses: actions/stale@v9
  with:
  repo-token: ${{ secrets.BOT_GITHUB_TOKEN }}
  days-before-stale: 60