From 16f847fd7dd70c189b8dfe941ae084efe7a7cd9d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 17:58:45 +0200 Subject: [PATCH] chore(deps): pin dependencies (#3319) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/benchmark.yml | 28 +++++++++--------- .github/workflows/changesets.yml | 4 +-- .github/workflows/ci.yml | 42 +++++++++++++-------------- .github/workflows/codeql-analysis.yml | 8 ++--- .github/workflows/contributors.yml | 6 ++-- .github/workflows/docker-publish.yml | 4 +-- .github/workflows/website.yml | 16 +++++----- 7 files changed, 54 insertions(+), 54 deletions(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 85a7a2ee4..b8ec31a59 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -18,8 +18,8 @@ jobs: name: Prepare build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16.x - name: install pnpm @@ -33,7 +33,7 @@ jobs: - name: install dependencies run: pnpm install - name: Cache .pnpm-store - uses: actions/cache@v3 + uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -44,7 +44,7 @@ jobs: - name: tar packages run: | tar -czvf ${{ github.workspace }}/pkg.tar.gz -C ${{ github.workspace }}/packages . - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3 with: name: verdaccio-artifact path: pkg.tar.gz @@ -65,11 +65,11 @@ jobs: name: Benchmark autocannon runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16.x - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3 with: name: verdaccio-artifact - name: untar packages @@ -77,7 +77,7 @@ jobs: - name: install pnpm # require fixed version run: sudo npm i pnpm@latest-6 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -90,7 +90,7 @@ jobs: shell: bash env: DEBUG: metrics* - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3 with: name: verdaccio-metrics-api path: ./api-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json @@ -126,11 +126,11 @@ jobs: name: Benchmark hyperfine runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16.x - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3 with: name: verdaccio-artifact - name: untar packages @@ -138,7 +138,7 @@ jobs: - name: install pnpm # require fixed version run: sudo npm i pnpm@latest-6 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -156,7 +156,7 @@ jobs: shell: bash - name: rename run: mv ./hyper-results.json ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3 with: name: verdaccio-metrics path: ./hyper-results-${{matrix.verdaccioVersion}}-${{matrix.benchmark}}.json diff --git a/.github/workflows/changesets.yml b/.github/workflows/changesets.yml index 77ab5de5c..d96f58505 100644 --- a/.github/workflows/changesets.yml +++ b/.github/workflows/changesets.yml @@ -20,12 +20,12 @@ jobs: if: github.ref == 'refs/heads/master' && github.repository == 'verdaccio/verdaccio' steps: - name: checkout code repository - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: fetch-depth: 0 - name: setup node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 14 registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a34421738..2430850f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,9 +25,9 @@ jobs: ports: - 4873:4873 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Use Node 16 - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm @@ -39,7 +39,7 @@ jobs: - name: Install run: pnpm recursive install --frozen-lockfile --registry http://localhost:4873 - name: Cache .pnpm-store - uses: actions/cache@v3 + uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -50,14 +50,14 @@ jobs: name: Lint needs: prepare steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Use Node 16 - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -70,14 +70,14 @@ jobs: name: Format needs: prepare steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Use Node 16 - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -95,14 +95,14 @@ jobs: name: ${{ matrix.os }} / Node ${{ matrix.node_version }} runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Use Node ${{ matrix.node_version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: ${{ matrix.node_version }} - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -117,13 +117,13 @@ jobs: runs-on: ubuntu-latest name: UI Test E2E Node 16 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -140,13 +140,13 @@ jobs: runs-on: ubuntu-latest name: CLI Test E2E Node 16 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} @@ -165,13 +165,13 @@ jobs: name: synchronize translations if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch' steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Install pnpm run: npm i pnpm@6.32.15 -g - - uses: actions/cache@v3 + - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: ~/.pnpm-store key: pnpm-${{ hashFiles('pnpm-lock.yaml') }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 649c75c4e..358743e12 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. @@ -34,7 +34,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@7fee4ca032ac341c12486c4c06822c5221c76533 # tag=v2 # Override language selection by uncommenting this and choosing your languages # with: @@ -42,7 +42,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@7fee4ca032ac341c12486c4c06822c5221c76533 # tag=v2 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -56,4 +56,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@7fee4ca032ac341c12486c4c06822c5221c76533 # tag=v2 diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 8d2169d8e..9f88b72f7 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -15,11 +15,11 @@ jobs: name: Run script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 with: persist-credentials: false fetch-depth: 0 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 17.x - name: install pnpm @@ -39,7 +39,7 @@ jobs: - name: format run: pnpm format - name: Commit & Push changes - uses: actions-js/push@v1.3 + uses: actions-js/push@a52398fac807b0c1e5f1492c969b477c8560a0ba # tag=v1.3 with: github_token: ${{ secrets.TOKEN_VERDACCIOBOT_GITHUB }} message: "chore: updated contributors list" diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 9884e44a0..5dbe0490c 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -19,8 +19,8 @@ jobs: docker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: docker/setup-qemu-action@v1 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # tag=v1 - uses: docker/setup-buildx-action@v1 with: driver-opts: network=host diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index d8250d634..e3c852cde 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -16,15 +16,15 @@ jobs: env: NODE_OPTIONS: --max_old_space_size=4096 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 - name: Use Node 16 - uses: actions/setup-node@v3 + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3 with: node-version: 16 - name: Cache pnpm modules - uses: actions/cache@v3 + uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 env: cache-name: cache-pnpm-modules with: @@ -33,7 +33,7 @@ jobs: restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}-${{ matrix.node-version }}- - - uses: pnpm/action-setup@v2.2.2 + - uses: pnpm/action-setup@10693b3829bf86eb2572aef5f3571dcf5ca9287d # tag=v2.2.2 with: version: 6.32.15 run_install: | @@ -42,7 +42,7 @@ jobs: - name: Build Plugins run: pnpm build --filter "docusaurus-plugin-contributors" - name: Cache Docusaurus Build - uses: actions/cache@v3 + uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # tag=v3 with: path: website/node_modules/.cache/webpack key: cache/webpack-${{github.ref}}-${{ hashFiles('**/pnpm-lock.yaml') }} @@ -91,7 +91,7 @@ jobs: - name: Audit preview URL with Lighthouse if: github.repository == 'verdaccio/verdaccio' id: lighthouse_audit - uses: treosh/lighthouse-ci-action@9.3.0 + uses: treosh/lighthouse-ci-action@b4dfae3eb959c5226e2c5c6afd563d493188bfaf # tag=9.3.0 with: urls: | ${{ steps.netlify_preview.outputs.preview-url }} @@ -100,7 +100,7 @@ jobs: - name: Format lighthouse score id: format_lighthouse_score - uses: actions/github-script@v6 + uses: actions/github-script@d50f485531ba88479582bc2da03ff424389af5c1 # tag=v6 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | @@ -125,7 +125,7 @@ jobs: - name: Add comment to PR if: github.repository == 'verdaccio/verdaccio' id: comment_to_pr - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443 # tag=v2 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} number: ${{ github.event.issue.number }}