diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dcd5ff0be898..ce2a0b47e387 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,16 +34,16 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 + uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: config-file: ./.github/codeql/config.yml languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 + uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/cross-platform-builds.yml b/.github/workflows/cross-platform-builds.yml index 99dfb8888478..3dfd670ca5f8 100644 --- a/.github/workflows/cross-platform-builds.yml +++ b/.github/workflows/cross-platform-builds.yml @@ -24,9 +24,9 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set Up Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: lts/* - name: Install Dependencies @@ -48,7 +48,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/cut-nightly.yml b/.github/workflows/cut-nightly.yml index ed53b5396a27..8edc19c80efc 100644 --- a/.github/workflows/cut-nightly.yml +++ b/.github/workflows/cut-nightly.yml @@ -25,12 +25,12 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 100 - name: Set Up Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: lts/* @@ -59,7 +59,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9d1f0a56fcdd..eb6facbc6e5e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,6 +22,6 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: 'Checkout Repository' - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 + uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 diff --git a/.github/workflows/moderator.yml b/.github/workflows/moderator.yml index 156d42906048..0555018e36b3 100644 --- a/.github/workflows/moderator.yml +++ b/.github/workflows/moderator.yml @@ -16,7 +16,7 @@ jobs: models: read contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: github/ai-moderator@v1 with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-tagger.yml b/.github/workflows/release-tagger.yml index f3cbce861173..d507dc64ff5a 100644 --- a/.github/workflows/release-tagger.yml +++ b/.github/workflows/release-tagger.yml @@ -30,10 +30,10 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: lts/* - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: bash ./.github/workflows/install_dependencies.sh - name: Run tagger run: | @@ -60,7 +60,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/request-validator-rollup.yml b/.github/workflows/request-validator-rollup.yml index 4d579f3243b0..d42abe516279 100644 --- a/.github/workflows/request-validator-rollup.yml +++ b/.github/workflows/request-validator-rollup.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bf3e7756d17c..6aa5d3ab0cc1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: 'Checkout code' - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: 'Upload artifact' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: results.sarif diff --git a/.github/workflows/status-page.yml b/.github/workflows/status-page.yml index 09a874e4c626..cce22b7c045f 100644 --- a/.github/workflows/status-page.yml +++ b/.github/workflows/status-page.yml @@ -18,10 +18,10 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: lts/* - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Add progress comment to cherry-pick issue for Stable and LTS if: github.event_name == 'issues' && github.event.action == 'opened' run: | @@ -56,7 +56,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Create issue on error uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 diff --git a/.github/workflows/update-session-issues.yml b/.github/workflows/update-session-issues.yml index e1b10b0e5a6a..fbf484ca4451 100644 --- a/.github/workflows/update-session-issues.yml +++ b/.github/workflows/update-session-issues.yml @@ -26,7 +26,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout Repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Update Session Issues run: | node ./build-system/common/update-session-issues diff --git a/extensions/amp-access/0.1/iframe-api/package.json b/extensions/amp-access/0.1/iframe-api/package.json index e04ee6c0ff5b..c92d6de76247 100644 --- a/extensions/amp-access/0.1/iframe-api/package.json +++ b/extensions/amp-access/0.1/iframe-api/package.json @@ -17,7 +17,7 @@ "babel-plugin-external-helpers": "6.22.0", "babel-preset-env": "1.7.0", "rollup": "4.59.0", - "@rollup/plugin-babel": "6.1.0", + "@rollup/plugin-babel": "7.0.0", "rollup-plugin-cleanup": "3.2.1" } } diff --git a/third_party/amp-toolbox-cache-url/package.json b/third_party/amp-toolbox-cache-url/package.json index 805478ef2ab3..814ee349d301 100644 --- a/third_party/amp-toolbox-cache-url/package.json +++ b/third_party/amp-toolbox-cache-url/package.json @@ -33,20 +33,20 @@ }, "devDependencies": { "@ampproject/rollup-plugin-closure-compiler": "0.27.0", - "eslint": "9.39.2", + "eslint": "10.4.0", "eslint-config-google": "0.14.0", - "jasmine": "5.13.0", + "jasmine": "6.2.0", "karma": "6.4.4", "karma-chrome-launcher": "3.2.0", "karma-jasmine": "5.1.0", - "npm-run-all2": "6.2.6", + "npm-run-all2": "9.0.0", "rollup": "4.55.1", "rollup-plugin-commonjs": "10.1.0", "rollup-plugin-filesize": "10.0.0", "rollup-plugin-ignore": "1.0.10", "rollup-plugin-json": "4.0.0", "rollup-plugin-node-builtins": "2.1.2", - "@rollup/plugin-node-resolve": "15.3.1", + "@rollup/plugin-node-resolve": "16.0.3", "rollup-plugin-serve": "3.0.0", "semver": "7.7.3" }