From abd7b7aeba8b5a953a493bae8954cba620d28c9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 20 Mar 2026 02:59:50 +0000
Subject: [PATCH] ci: bump the github-actions group across 1 directory with 9
updates (#23345)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps the github-actions group with 10 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.40.0` |
`1.44.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `6.0.0` | `7.0.0` |
| [docker/login-action](https://github.com/docker/login-action) |
`3.7.0` | `4.0.0` |
| [actions/attest](https://github.com/actions/attest) | `3.2.0` |
`4.1.0` |
|
[tj-actions/changed-files](https://github.com/tj-actions/changed-files)
| `47.0.1` | `47.0.5` |
|
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
| `3.12.0` | `4.0.0` |
|
[linear/linear-release-action](https://github.com/linear/linear-release-action)
| `0.4.0` | `0.5.0` |
|
[benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch)
| `1.2.4` | `1.3.1` |
|
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action)
| `c1824fd6edce30d7ab345a9989de00bbd46ef284` |
`57a97c7e7821a5776cebc9bb87c984fa69cba8f1` |
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.14.2` | `2.16.0` |
Updates `crate-ci/typos` from 1.40.0 to 1.44.0
Release notes
Sourced from crate-ci/typos's
releases.
v1.44.0
[1.44.0] - 2026-02-27
Features
v1.43.5
[1.43.5] - 2026-02-16
Fixes
- (pypi) Hopefully fix the sdist build
v1.43.4
[1.43.4] - 2026-02-09
Fixes
v1.43.3
[1.43.3] - 2026-02-06
Fixes
- (action) Adjust how typos are reported to github
v1.43.2
[1.43.2] - 2026-02-05
Fixes
- Don't correct
certifi in Python
v1.43.1
[1.43.1] - 2026-02-03
Fixes
v1.43.0
[1.43.0] - 2026-02-02
Features
v1.42.3
... (truncated)
Changelog
Sourced from crate-ci/typos's
changelog.
Change Log
All notable changes to this project will be documented in this
file.
The format is based on Keep a
Changelog
and this project adheres to Semantic
Versioning.
[Unreleased] - ReleaseDate
[1.44.0] - 2026-02-27
Features
[1.43.5] - 2026-02-16
Fixes
- (pypi) Hopefully fix the sdist build
[1.43.4] - 2026-02-09
Fixes
[1.43.3] - 2026-02-06
Fixes
- (action) Adjust how typos are reported to github
[1.43.2] - 2026-02-05
Fixes
- Don't correct
certifi in Python
[1.43.1] - 2026-02-03
Fixes
[1.43.0] - 2026-02-02
Compatibility
... (truncated)
Commits
Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
Release notes
Sourced from actions/upload-artifact's
releases.
v7.0.0
v7 What's new
Direct Uploads
Adds support for uploading single files directly (unzipped). Callers
can set the new archive parameter to false to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The name parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.
ESM
To support new versions of the @actions/* packages,
we've upgraded the package to ESM.
What's Changed
New Contributors
Full Changelog: https://github.com/actions/upload-artifact/compare/v6...v7.0.0
Commits
Updates `docker/login-action` from 3.7.0 to 4.0.0
Release notes
Sourced from docker/login-action's
releases.
v4.0.0
Full Changelog: https://github.com/docker/login-action/compare/v3.7.0...v4.0.0
Commits
b45d80f
Merge pull request #929
from crazy-max/node24176cb9c
node 24 as default runtimecad8984
Merge pull request #920
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...92cbcb2
chore: update generated content5a2d6a7
build(deps): bump the aws-sdk-dependencies group with 2 updates44512b6
Merge pull request #928
from docker/dependabot/npm_and_yarn/docker/actions-to...28737a5
chore: update generated contentdac0793
build(deps): bump @docker/actions-toolkit from 0.76.0 to
0.77.062029f3
Merge pull request #919
from docker/dependabot/npm_and_yarn/actions/core-3.0.008c8f06
chore: update generated content- Additional commits viewable in compare
view
Updates `actions/attest` from 3.2.0 to 4.1.0
Release notes
Sourced from actions/attest's
releases.
v4.1.0
What's Changed
Full Changelog: https://github.com/actions/attest/compare/v4.0.0...v4.1.0
v4.0.0
All of the capabilities of actions/attest-build-provenance,
and actions/attest-sbom
have now been folded into actions/attest.
What's Changed
Full Changelog: https://github.com/actions/attest/compare/v3.2.0...v4.0.0
Commits
Updates `tj-actions/changed-files` from 47.0.1 to 47.0.5
Release notes
Sourced from tj-actions/changed-files's
releases.
v47.0.5
What's Changed
Full Changelog: https://github.com/tj-actions/changed-files/compare/v47.0.4...v47.0.5
v47.0.4
What's Changed
Full Changelog: https://github.com/tj-actions/changed-files/compare/v47.0.3...v47.0.4
v47.0.3
What's Changed
Full Changelog: https://github.com/tj-actions/changed-files/compare/v47.0.2...v47.0.3
v47.0.2
What's Changed
... (truncated)
Changelog
Sourced from tj-actions/changed-files's
changelog.
Changelog
47.0.5
- (2026-03-03)
🔄 Update
- Updated README.md (#2805)
Co-authored-by: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
(35dace0)
- (github-actions[bot])
- Updated README.md (#2803)
Co-authored-by: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb)
- (github-actions[bot])
⚙️ Miscellaneous Tasks
- deps-dev: Bump
@types/node from
25.3.2 to 25.3.3 (#2814)
(22103cc)
- (dependabot[bot])
- deps: Bump github/codeql-action from 4.32.4 to
4.32.5 (#2815)
(6c02e90)
- (dependabot[bot])
- deps-dev: Bump eslint-plugin-prettier from 5.5.4 to
5.5.5 (#2764)
(05f9457)
- (dependabot[bot])
- deps: Bump lodash and
@types/lodash
(#2807)
(52ed872)
- (dependabot[bot])
- deps: Bump peter-evans/create-pull-request from
8.0.0 to 8.1.0 (#2774)
(1cc5746)
- (dependabot[bot])
- deps-dev: Bump prettier from 3.7.4 to 3.8.1 (#2775)
(de2962f)
- (dependabot[bot])
- deps: Bump github/codeql-action from 4.32.2 to
4.32.4 (#2806)
(37e96cc)
- (dependabot[bot])
- deps-dev: Bump eslint-plugin-jest from 29.12.1 to
29.15.0 (#2799)
(2180b0f)
- (dependabot[bot])
- deps: Bump actions/upload-artifact from 6.0.0 to
7.0.0 (#2809)
(cf021c1)
- (dependabot[bot])
- deps: Bump actions/download-artifact from 7.0.0 to
8.0.0 (#2810)
(b54ac6f)
- (dependabot[bot])
- deps-dev: Bump
@types/node from
25.2.2 to 25.3.2 (#2811)
(0f2a510)
- (dependabot[bot])
⬆️ Upgrades
- Upgraded to v47.0.4 (#2802)
Co-authored-by: github-actions[bot]
<41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Tonye Jack jtonye@ymail.com (b7ac303)
- (github-actions[bot])
47.0.4
- (2026-02-17)
🔄 Update
- Release-tagger action to version 6.0.6 (#2801)
(7dee1b0)
- (Tonye Jack)
47.0.3
- (2026-02-17)
🔄 Update
- Release-tagger action to version 6.0.0 (#2800)
(28b28f6)
- (Tonye Jack)
⚙️ Miscellaneous Tasks
- deps: Bump github/codeql-action from 4.31.10 to
4.32.2 (#2790)
(875e6e5)
- (dependabot[bot])
... (truncated)
Commits
22103cc
chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3
(#2814)6c02e90
chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#2815)05f9457
chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764)52ed872
chore(deps): bump lodash and @types/lodash (#2807)1cc5746
chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0
(#2774)de2962f
chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (#2775)37e96cc
chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#2806)2180b0f
chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799)cf021c1
chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809)b54ac6f
chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810)- Additional commits viewable in compare
view
Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0
Release notes
Sourced from docker/setup-buildx-action's
releases.
v4.0.0
Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0
Commits
4d04d5d
Merge pull request #485
from docker/dependabot/npm_and_yarn/docker/actions-to...cd74e05
chore: update generated contenteee38ec
build(deps): bump @docker/actions-toolkit from 0.77.0 to
0.79.07a83f65
Merge pull request #484
from docker/dependabot/github_actions/docker/setup-qe...a5aa967
Merge pull request #464
from crazy-max/rm-deprecatede73d53f
build(deps): bump docker/setup-qemu-action from 3 to 428a438e
Merge pull request #483
from crazy-max/node24034e9d3
chore: update generated contentb4664d8
remove deprecated inputs/outputsa8257de
node 24 as default runtime- Additional commits viewable in compare
view
Updates `linear/linear-release-action` from 0.4.0 to 0.5.0
Release notes
Sourced from linear/linear-release-action's
releases.
v0.5.0
What's Changed
Full Changelog: https://github.com/linear/linear-release-action/compare/v0.4.0...v0.5.0
Commits
5cbaabc
Make latest the default cli version7fb27ce
Add support for release_version, same as the CLI (#9)fbf0176
Ensure name is properly used when creating scheduled release (#8)- See full diff in compare
view
Updates `benc-uk/workflow-dispatch` from 1.2.4 to 1.3.1
Release notes
Sourced from benc-uk/workflow-dispatch's
releases.
v1.3.1
Features
- New
sync-status input — when used with
wait-for-completion, mirrors the triggered workflow's
conclusion (failure/cancelled) back to this action's status (#84)
- Alternate
ref default for PRs —
automatically uses github.head_ref when running in a pull
request context, avoiding refs/pull/.../merge errors (#79)
Bug Fixes
- Safer JSON input parsing — invalid
inputs JSON now logs an error instead of throwing an
unhandled exception (#84)
- Improved timeout handling — timeout now sets a
distinct
timed_out status and emits a warning instead of
silently breaking (#84)
- Improved warning message formatting for workflow
run timeout
Internal Changes & Chores
- Replaced
console.log calls with core.info
for proper Actions log integration (#84)
- Removed stale
ref/inputs parameters from
the workflow list API call (#84)
- Expanded CI test matrix from 3 sequential steps to 9 parallel test
jobs covering workflow lookup, output assertions, wait-for-completion,
sync-status, and error handling (#84)
- Added CI path filters to skip docs-only changes (#84)
- Changed echo-3 test fixture from
workflow_call to
workflow_dispatch with deterministic failure (#84)
- Removed unused
.vscode/settings.json (#84)
- Added
.github/copilot-instructions.md (#84)
- General project chores
Documentation Updates
- No documentation updates in this release
Commits
7a02764
Improvements: sync-status, error handling, CI test coverage & path
filters (#84)3162154
Use alternate ref default for PRs (#79)4085c97
project chores6fd6de2
Improve warning message formatting for workflow run timeouta54f9d1
2026 refresh (#83)- See full diff in compare
view
Updates `aquasecurity/trivy-action` from
c1824fd6edce30d7ab345a9989de00bbd46ef284 to
57a97c7e7821a5776cebc9bb87c984fa69cba8f1
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.14.2` | `2.16.0` |
Commits
57a97c7
chore(deps): Update trivy to v0.69.3 (#519)97e0b38
chore: bump Trivy version to v0.69.2 in test workflow and README (#515)4c61e63
chore: bump default Trivy version to v0.69.2 (#513)1bd0625
Merge pull request #508
from nikpivkin/feat/pass-yaml-ignore-filebce3086
remove unused init-cache target5a9fbb1
supress progress bar when download db1615450
update trivyignores input descriptiondf85774
add comment about fd356c8dae
remove unused variablee368e32
ci(test): add zizmor security linter for GitHub Actions (#502)- Additional commits viewable in compare
view
|
[step-security/harden-runner](https://github.com/step-security/harden-runner)
| `2.14.2` | `2.16.0` |
Most Recent Ignore Conditions Applied to This Pull
Request
| Dependency Name | Ignore Conditions |
| --- | --- |
| crate-ci/typos | [>= 1.30.a, < 1.31] |
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
---------
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Atif Ali
---
.github/workflows/ci.yaml | 66 +++++++++++------------
.github/workflows/deploy.yaml | 8 +--
.github/workflows/docker-base.yaml | 4 +-
.github/workflows/docs-ci.yaml | 2 +-
.github/workflows/dogfood.yaml | 8 +--
.github/workflows/linear-release.yaml | 2 +-
.github/workflows/nightly-gauntlet.yaml | 2 +-
.github/workflows/pr-auto-assign.yaml | 2 +-
.github/workflows/pr-cleanup.yaml | 2 +-
.github/workflows/pr-deploy.yaml | 12 ++---
.github/workflows/release-validation.yaml | 4 +-
.github/workflows/release.yaml | 18 +++----
.github/workflows/scorecard.yml | 4 +-
.github/workflows/security.yaml | 8 +--
.github/workflows/stale.yaml | 6 +--
.github/workflows/typos.toml | 2 +
.github/workflows/weekly-docs.yaml | 2 +-
coderd/provisionerjobs.go | 6 +--
coderd/workspaces.go | 2 +-
docs/admin/security/audit-logs.md | 2 +-
20 files changed, 82 insertions(+), 80 deletions(-)
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index bc08008491..2d2ab298e5 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -35,7 +35,7 @@ jobs:
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -157,7 +157,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -191,7 +191,7 @@ jobs:
# Check for any typos
- name: Check for typos
- uses: crate-ci/typos@2d0ce569feab1f8752f1dde43cc2f2aa53236e06 # v1.40.0
+ uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0
with:
config: .github/workflows/typos.toml
@@ -247,7 +247,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -272,7 +272,7 @@ jobs:
if: ${{ !cancelled() }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -327,7 +327,7 @@ jobs:
timeout-minutes: 20
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -379,7 +379,7 @@ jobs:
- windows-2022
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -537,7 +537,7 @@ jobs:
embedded-pg-cache: ${{ steps.embedded-pg-cache.outputs.embedded-pg-cache }}
- name: Upload failed test db dumps
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: failed-test-db-dump-${{matrix.os}}
path: "**/*.test.sql"
@@ -575,7 +575,7 @@ jobs:
timeout-minutes: 25
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -637,7 +637,7 @@ jobs:
timeout-minutes: 25
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -709,7 +709,7 @@ jobs:
timeout-minutes: 20
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -736,7 +736,7 @@ jobs:
timeout-minutes: 20
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -769,7 +769,7 @@ jobs:
name: ${{ matrix.variant.name }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -818,7 +818,7 @@ jobs:
- name: Upload Playwright Failed Tests
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: failed-test-videos${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/test-results/**/*.webm
@@ -826,7 +826,7 @@ jobs:
- name: Upload debug log
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coderd-debug-logs${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/e2e/test-results/debug.log
@@ -834,7 +834,7 @@ jobs:
- name: Upload pprof dumps
if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: debug-pprof-dumps${{ matrix.variant.premium && '-premium' || '' }}
path: ./site/test-results/**/debug-pprof-*.txt
@@ -849,7 +849,7 @@ jobs:
if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -930,7 +930,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -1005,7 +1005,7 @@ jobs:
if: always()
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -1043,7 +1043,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -1097,7 +1097,7 @@ jobs:
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -1108,7 +1108,7 @@ jobs:
persist-credentials: false
- name: GHCR Login
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -1319,7 +1319,7 @@ jobs:
id: attest_main
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: "ghcr.io/coder/coder-preview:main"
predicate-type: "https://slsa.dev/provenance/v1"
@@ -1356,7 +1356,7 @@ jobs:
id: attest_latest
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: "ghcr.io/coder/coder-preview:latest"
predicate-type: "https://slsa.dev/provenance/v1"
@@ -1393,7 +1393,7 @@ jobs:
id: attest_version
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: "ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}"
predicate-type: "https://slsa.dev/provenance/v1"
@@ -1457,7 +1457,7 @@ jobs:
- name: Upload build artifact (coder-linux-amd64.tar.gz)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-amd64.tar.gz
path: ./build/*_linux_amd64.tar.gz
@@ -1465,7 +1465,7 @@ jobs:
- name: Upload build artifact (coder-linux-amd64.deb)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-amd64.deb
path: ./build/*_linux_amd64.deb
@@ -1473,7 +1473,7 @@ jobs:
- name: Upload build artifact (coder-linux-arm64.tar.gz)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-arm64.tar.gz
path: ./build/*_linux_arm64.tar.gz
@@ -1481,7 +1481,7 @@ jobs:
- name: Upload build artifact (coder-linux-arm64.deb)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-arm64.deb
path: ./build/*_linux_arm64.deb
@@ -1489,7 +1489,7 @@ jobs:
- name: Upload build artifact (coder-linux-armv7.tar.gz)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-armv7.tar.gz
path: ./build/*_linux_armv7.tar.gz
@@ -1497,7 +1497,7 @@ jobs:
- name: Upload build artifact (coder-linux-armv7.deb)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-linux-armv7.deb
path: ./build/*_linux_armv7.deb
@@ -1505,7 +1505,7 @@ jobs:
- name: Upload build artifact (coder-windows-amd64.zip)
if: github.ref == 'refs/heads/main'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: coder-windows-amd64.zip
path: ./build/*_windows_amd64.zip
@@ -1543,7 +1543,7 @@ jobs:
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 17fd48748c..af2cf0dd79 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -36,7 +36,7 @@ jobs:
verdict: ${{ steps.check.outputs.verdict }} # DEPLOY or NOOP
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -65,7 +65,7 @@ jobs:
packages: write # to retag image as dogfood
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -76,7 +76,7 @@ jobs:
persist-credentials: false
- name: GHCR Login
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -142,7 +142,7 @@ jobs:
needs: deploy
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml
index c30f443551..64e76cd86a 100644
--- a/.github/workflows/docker-base.yaml
+++ b/.github/workflows/docker-base.yaml
@@ -38,7 +38,7 @@ jobs:
if: github.repository_owner == 'coder'
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -48,7 +48,7 @@ jobs:
persist-credentials: false
- name: Docker login
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/docs-ci.yaml b/.github/workflows/docs-ci.yaml
index b3d13bc53b..7d07749345 100644
--- a/.github/workflows/docs-ci.yaml
+++ b/.github/workflows/docs-ci.yaml
@@ -30,7 +30,7 @@ jobs:
- name: Setup Node
uses: ./.github/actions/setup-node
- - uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v45.0.7
+ - uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v45.0.7
id: changed-files
with:
files: |
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index aa3770a293..54c3661d2c 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -26,7 +26,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -78,11 +78,11 @@ jobs:
uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+ uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
@@ -125,7 +125,7 @@ jobs:
id-token: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/linear-release.yaml b/.github/workflows/linear-release.yaml
index 85ac81b557..46768e77c7 100644
--- a/.github/workflows/linear-release.yaml
+++ b/.github/workflows/linear-release.yaml
@@ -52,7 +52,7 @@ jobs:
- name: Complete release
id: complete
- uses: linear/linear-release-action@f64cdc603e6eb7a7ef934bc5492ae929f88c8d1a # v0
+ uses: linear/linear-release-action@5cbaabc187ceb63eee9d446e62e68e5c29a03ae8 # v0
with:
access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
command: complete
diff --git a/.github/workflows/nightly-gauntlet.yaml b/.github/workflows/nightly-gauntlet.yaml
index 50a47712bb..a1fe398433 100644
--- a/.github/workflows/nightly-gauntlet.yaml
+++ b/.github/workflows/nightly-gauntlet.yaml
@@ -28,7 +28,7 @@ jobs:
- windows-2022
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/pr-auto-assign.yaml b/.github/workflows/pr-auto-assign.yaml
index e08108cb6c..ac8122669c 100644
--- a/.github/workflows/pr-auto-assign.yaml
+++ b/.github/workflows/pr-auto-assign.yaml
@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index d355746761..54d1a31fe4 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -19,7 +19,7 @@ jobs:
packages: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 31da4aedf3..4c8e5d3dc2 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -39,7 +39,7 @@ jobs:
PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -76,7 +76,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -184,7 +184,7 @@ jobs:
pull-requests: write # needed for commenting on PRs
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -228,7 +228,7 @@ jobs:
CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -248,7 +248,7 @@ jobs:
uses: ./.github/actions/setup-sqlc
- name: GHCR Login
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -288,7 +288,7 @@ jobs:
PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/release-validation.yaml b/.github/workflows/release-validation.yaml
index d82bbbfcd7..90c8cfc03d 100644
--- a/.github/workflows/release-validation.yaml
+++ b/.github/workflows/release-validation.yaml
@@ -14,12 +14,12 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Run Schmoder CI
- uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc # v1.2.4
+ uses: benc-uk/workflow-dispatch@7a027648b88c2413826b6ddd6c76114894dc5ec4 # v1.3.1
with:
workflow: ci.yaml
repo: coder/schmoder
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cd78d91c15..467d1262d3 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -80,7 +80,7 @@ jobs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -155,7 +155,7 @@ jobs:
cat "$CODER_RELEASE_NOTES_FILE"
- name: Docker Login
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+ uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -358,7 +358,7 @@ jobs:
id: attest_base
if: ${{ !inputs.dry_run && steps.image-base-tag.outputs.tag != '' }}
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ${{ steps.image-base-tag.outputs.tag }}
predicate-type: "https://slsa.dev/provenance/v1"
@@ -474,7 +474,7 @@ jobs:
id: attest_main
if: ${{ !inputs.dry_run }}
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ${{ steps.build_docker.outputs.multiarch_image }}
predicate-type: "https://slsa.dev/provenance/v1"
@@ -518,7 +518,7 @@ jobs:
id: attest_latest
if: ${{ !inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true' }}
continue-on-error: true
- uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
+ uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
with:
subject-name: ${{ steps.latest_tag.outputs.tag }}
predicate-type: "https://slsa.dev/provenance/v1"
@@ -665,7 +665,7 @@ jobs:
- name: Upload artifacts to actions (if dry-run)
if: ${{ inputs.dry_run }}
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: release-artifacts
path: |
@@ -681,7 +681,7 @@ jobs:
- name: Upload latest sbom artifact to actions (if dry-run)
if: inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true'
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: latest-sbom-artifact
path: ./coder_latest_sbom.spdx.json
@@ -704,7 +704,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -780,7 +780,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 1c7f145f48..a424252040 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -20,7 +20,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -39,7 +39,7 @@ jobs:
# Upload the results as artifacts.
- name: "Upload artifact"
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: SARIF file
path: results.sarif
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index da8a39b593..02b4f2fa61 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -27,7 +27,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -69,7 +69,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -146,7 +146,7 @@ jobs:
echo "image=$(cat "$image_job")" >> "$GITHUB_OUTPUT"
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
+ uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.34.0
with:
image-ref: ${{ steps.build.outputs.image }}
format: sarif
@@ -160,7 +160,7 @@ jobs:
category: "Trivy"
- name: Upload Trivy scan results as an artifact
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: trivy
path: trivy-results.sarif
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index ba88ca918a..8637f4d264 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -18,7 +18,7 @@ jobs:
pull-requests: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -96,7 +96,7 @@ jobs:
contents: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
@@ -120,7 +120,7 @@ jobs:
actions: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/.github/workflows/typos.toml b/.github/workflows/typos.toml
index 0aaf7c2547..011115e500 100644
--- a/.github/workflows/typos.toml
+++ b/.github/workflows/typos.toml
@@ -29,6 +29,8 @@ EDE = "EDE"
HELO = "HELO"
LKE = "LKE"
byt = "byt"
+cpy = "cpy"
+Cpy = "Cpy"
typ = "typ"
# file extensions used in seti icon theme
styl = "styl"
diff --git a/.github/workflows/weekly-docs.yaml b/.github/workflows/weekly-docs.yaml
index 5c1aada579..4a6b4aaea8 100644
--- a/.github/workflows/weekly-docs.yaml
+++ b/.github/workflows/weekly-docs.yaml
@@ -21,7 +21,7 @@ jobs:
pull-requests: write # required to post PR review comments by the action
steps:
- name: Harden Runner
- uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+ uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
diff --git a/coderd/provisionerjobs.go b/coderd/provisionerjobs.go
index a710a96286..15886dbf50 100644
--- a/coderd/provisionerjobs.go
+++ b/coderd/provisionerjobs.go
@@ -587,7 +587,7 @@ func (f *logFollower) follow() {
f.logger.Error(f.ctx, "failed to query logs", slog.Error(err))
err = f.conn.Close(websocket.StatusInternalError, err.Error())
if err != nil {
- f.logger.Warn(f.ctx, "failed to close webscoket", slog.Error(err))
+ f.logger.Warn(f.ctx, "failed to close websocket", slog.Error(err))
}
}
return
@@ -614,7 +614,7 @@ func (f *logFollower) follow() {
f.logger.Error(f.ctx, "dropped or corrupted notification", slog.Error(err))
err = f.conn.Close(websocket.StatusInternalError, err.Error())
if err != nil {
- f.logger.Warn(f.ctx, "failed to close webscoket", slog.Error(err))
+ f.logger.Warn(f.ctx, "failed to close websocket", slog.Error(err))
}
return
case <-f.ctx.Done():
@@ -634,7 +634,7 @@ func (f *logFollower) follow() {
f.logger.Error(f.ctx, "failed to query logs", slog.Error(err))
err = f.conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("%s", err.Error()))
if err != nil {
- f.logger.Warn(f.ctx, "failed to close webscoket", slog.Error(err))
+ f.logger.Warn(f.ctx, "failed to close websocket", slog.Error(err))
}
}
return
diff --git a/coderd/workspaces.go b/coderd/workspaces.go
index e13f6380c1..cbc8585106 100644
--- a/coderd/workspaces.go
+++ b/coderd/workspaces.go
@@ -1502,7 +1502,7 @@ func (api *API) putWorkspaceDormant(rw http.ResponseWriter, r *http.Request) {
return
}
- // TODO: This is a strange error since it occurs after the mutatation.
+ // TODO: This is a strange error since it occurs after the mutation.
// An example of why we should join in fields to prevent this forbidden error
// from being sent, when the action did succeed.
if len(data.templates) == 0 {
diff --git a/docs/admin/security/audit-logs.md b/docs/admin/security/audit-logs.md
index a0e745be60..9337d84623 100644
--- a/docs/admin/security/audit-logs.md
+++ b/docs/admin/security/audit-logs.md
@@ -172,7 +172,7 @@ and in accordance with your compliance requirements.
You may choose to run a `VACUUM` or `VACUUM FULL` operation on the audit logs table to reclaim disk space. If you choose to run the `FULL` operation, consider the following when doing so:
-- **Run during a planned mainteance window** to ensure ample time for the operation to complete and minimize impact to users
+- **Run during a planned maintenance window** to ensure ample time for the operation to complete and minimize impact to users
- **Stop all running instances of `coderd`** to prevent connection errors while the table is locked. The actual steps for this will depend on your particular deployment setup. For example, if your `coderd` deployment is running on Kubernetes:
```bash