From b5f466305e1521655769cfa0575edd021e2eb6c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 04:20:12 +0000 Subject: [PATCH] Bump the github-actions group with 4 updates Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [ossf/scorecard-action](https://github.com/ossf/scorecard-action), [github/codeql-action](https://github.com/github/codeql-action) and [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/checkout` from 3.1.0 to 4.1.1 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v4.1.1) Updates `ossf/scorecard-action` from 2.1.2 to 2.3.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...0864cf19026789058feabb7e87baa5f140aac736) Updates `github/codeql-action` from 2.2.4 to 2.22.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...305f6546310b9203e892c28c1484e82977f4f63d) Updates `actions/setup-python` from 3 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/clang-format-check.yml | 2 +- .github/workflows/codespell.yml | 2 +- .github/workflows/cve.yml | 4 ++-- .github/workflows/h5py.yml | 2 +- .github/workflows/hdfeos5.yml | 2 +- .github/workflows/intel-auto.yml | 2 +- .github/workflows/intel-cmake.yml | 4 ++-- .github/workflows/linux-auto-aocc-ompi.yml | 2 +- .github/workflows/main-auto-par.yml | 4 ++-- .github/workflows/main-auto-spc.yml | 16 ++++++++-------- .github/workflows/main-auto.yml | 4 ++-- .github/workflows/main-cmake.yml | 4 ++-- .github/workflows/netcdf.yml | 4 ++-- .github/workflows/nvhpc-auto.yml | 2 +- .github/workflows/nvhpc-cmake.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 6 +++--- .github/workflows/tarball.yml | 2 +- .github/workflows/vol_adios2.yml | 4 ++-- .github/workflows/vol_async.yml | 4 ++-- .github/workflows/vol_cache.yml | 4 ++-- .github/workflows/vol_ext_passthru.yml | 4 ++-- .github/workflows/vol_log.yml | 4 ++-- .github/workflows/vol_rest.yml | 6 +++--- 24 files changed, 46 insertions(+), 46 deletions(-) diff --git a/.github/workflows/clang-format-check.yml b/.github/workflows/clang-format-check.yml index cde27c1bd29..c96e78d7076 100644 --- a/.github/workflows/clang-format-check.yml +++ b/.github/workflows/clang-format-check.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, 'skip-ci')" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Run clang-format style check for C and Java code uses: DoozyX/clang-format-lint-action@v0.13 with: diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index fba4b12b3aa..cb68361aa0c 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -10,7 +10,7 @@ jobs: name: Check for spelling errors runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - uses: codespell-project/actions-codespell@master with: skip: ./.github/workflows/codespell.yml,./bin/trace,./hl/tools/h5watch/h5watch.c,./tools/test/h5jam/tellub.c,./config/sanitizer/LICENSE,./config/sanitizer/sanitizers.cmake,./tools/test/h5repack/testfiles/*.dat,./test/API/driver,./configure,./bin/ltmain.sh,./bin/depcomp,./bin/config.guess,./bin/config.sub,./autom4te.cache,./m4/libtool.m4,./c++/src/*.html,./HDF5Examples/depcomp diff --git a/.github/workflows/cve.yml b/.github/workflows/cve.yml index 372518ade12..b0564d84247 100644 --- a/.github/workflows/cve.yml +++ b/.github/workflows/cve.yml @@ -27,7 +27,7 @@ jobs: name: CVE regression runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Autotools Dependencies (Linux) run: | @@ -40,7 +40,7 @@ jobs: make sudo make install - name: Checkout CVE test repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/cve_hdf5 path: cve_hdf5 diff --git a/.github/workflows/h5py.yml b/.github/workflows/h5py.yml index 316a71d99b1..cf29c7e2166 100644 --- a/.github/workflows/h5py.yml +++ b/.github/workflows/h5py.yml @@ -17,7 +17,7 @@ jobs: compiler: gcc version: 13 - name: Checkout Spack - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: spack/spack path: ./spack diff --git a/.github/workflows/hdfeos5.yml b/.github/workflows/hdfeos5.yml index dad262d426f..19692b75196 100644 --- a/.github/workflows/hdfeos5.yml +++ b/.github/workflows/hdfeos5.yml @@ -27,7 +27,7 @@ jobs: name: Build hdfeos5 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Autotools Dependencies (Linux) run: | diff --git a/.github/workflows/intel-auto.yml b/.github/workflows/intel-auto.yml index d63262f28a1..7bd457cc8a9 100644 --- a/.github/workflows/intel-auto.yml +++ b/.github/workflows/intel-auto.yml @@ -16,7 +16,7 @@ jobs: name: "Intel ${{ inputs.build_mode }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Dependencies run: | diff --git a/.github/workflows/intel-cmake.yml b/.github/workflows/intel-cmake.yml index 94dc6cf41e6..47f16a54c52 100644 --- a/.github/workflows/intel-cmake.yml +++ b/.github/workflows/intel-cmake.yml @@ -19,7 +19,7 @@ jobs: name: "ubuntu-oneapi ${{ inputs.build_mode }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 # Only CMake need ninja-build, but we just install it unilaterally # libssl, etc. are needed for the ros3 VFD @@ -77,7 +77,7 @@ jobs: name: "windows-oneapi ${{ inputs.build_mode }}" runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Dependencies (Windows) run: choco install ninja diff --git a/.github/workflows/linux-auto-aocc-ompi.yml b/.github/workflows/linux-auto-aocc-ompi.yml index c3700142e7a..68f94dd521f 100644 --- a/.github/workflows/linux-auto-aocc-ompi.yml +++ b/.github/workflows/linux-auto-aocc-ompi.yml @@ -26,7 +26,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install System dependencies run: | diff --git a/.github/workflows/main-auto-par.yml b/.github/workflows/main-auto-par.yml index 790b20ae3fe..70cf4bdb667 100644 --- a/.github/workflows/main-auto-par.yml +++ b/.github/workflows/main-auto-par.yml @@ -40,7 +40,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -98,7 +98,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure diff --git a/.github/workflows/main-auto-spc.yml b/.github/workflows/main-auto-spc.yml index 825a6ded4c2..3a7f72d4fbe 100644 --- a/.github/workflows/main-auto-spc.yml +++ b/.github/workflows/main-auto-spc.yml @@ -43,7 +43,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -104,7 +104,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -165,7 +165,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -226,7 +226,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -287,7 +287,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -348,7 +348,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -409,7 +409,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -470,7 +470,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure diff --git a/.github/workflows/main-auto.yml b/.github/workflows/main-auto.yml index 3ad03990c5e..57b1c3d8fd6 100644 --- a/.github/workflows/main-auto.yml +++ b/.github/workflows/main-auto.yml @@ -49,7 +49,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure @@ -153,7 +153,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # AUTOTOOLS CONFIGURE - name: Autotools Configure diff --git a/.github/workflows/main-cmake.yml b/.github/workflows/main-cmake.yml index 18d4a39584c..7669bd96caa 100644 --- a/.github/workflows/main-cmake.yml +++ b/.github/workflows/main-cmake.yml @@ -163,7 +163,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # # CMAKE CONFIGURE @@ -281,7 +281,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 # CMAKE CONFIGURE - name: CMake Configure diff --git a/.github/workflows/netcdf.yml b/.github/workflows/netcdf.yml index 0ea61373539..f34be419d2a 100644 --- a/.github/workflows/netcdf.yml +++ b/.github/workflows/netcdf.yml @@ -31,7 +31,7 @@ jobs: sudo apt update sudo apt install -y libaec-dev zlib1g-dev automake autoconf libcurl4-openssl-dev libjpeg-dev wget curl bzip2 m4 flex bison cmake libzip-dev doxygen openssl libtool libtool-bin - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 - name: Install HDF5 run: | ./autogen.sh @@ -39,7 +39,7 @@ jobs: make -j sudo make install -j - name: Checkout netCDF - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: unidata/netcdf-c path: netcdf-c diff --git a/.github/workflows/nvhpc-auto.yml b/.github/workflows/nvhpc-auto.yml index 0b6f64af0e9..158a8614cb2 100644 --- a/.github/workflows/nvhpc-auto.yml +++ b/.github/workflows/nvhpc-auto.yml @@ -16,7 +16,7 @@ jobs: name: "nvhpc ${{ inputs.build_mode }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Dependencies run: | diff --git a/.github/workflows/nvhpc-cmake.yml b/.github/workflows/nvhpc-cmake.yml index 1b0dbebc19e..b81446c2d0f 100644 --- a/.github/workflows/nvhpc-cmake.yml +++ b/.github/workflows/nvhpc-cmake.yml @@ -16,7 +16,7 @@ jobs: name: "nvhpc ${{ inputs.build_mode }}" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.1 - name: Install Linux dependencies shell: bash diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8774331d570..2c2eeef8dd8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,7 +50,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: path: hdfsrc diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7825a5cee46..9d8e4564025 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@305f6546310b9203e892c28c1484e82977f4f63d # v2.22.10 with: sarif_file: results.sarif diff --git a/.github/workflows/tarball.yml b/.github/workflows/tarball.yml index 5ee0f495a98..5a083059fda 100644 --- a/.github/workflows/tarball.yml +++ b/.github/workflows/tarball.yml @@ -83,7 +83,7 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Get Sources - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: path: hdfsrc diff --git a/.github/workflows/vol_adios2.yml b/.github/workflows/vol_adios2.yml index 35fde5e3dc2..5349a73adef 100644 --- a/.github/workflows/vol_adios2.yml +++ b/.github/workflows/vol_adios2.yml @@ -26,7 +26,7 @@ jobs: sudo apt-get install automake autoconf libtool libtool-bin libopenmpi-dev - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 @@ -73,7 +73,7 @@ jobs: - if: ${{ steps.cache-adios2.outputs.cache-hit != 'true' }} name: Checkout ADIOS2 (${{ env.ADIOS2_COMMIT_SHORT }}) - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: ornladios/ADIOS2 ref: ${{ env.ADIOS2_COMMIT }} diff --git a/.github/workflows/vol_async.yml b/.github/workflows/vol_async.yml index bb4c3a18953..b53786475c3 100644 --- a/.github/workflows/vol_async.yml +++ b/.github/workflows/vol_async.yml @@ -22,13 +22,13 @@ jobs: sudo apt-get install automake autoconf libtool libtool-bin libopenmpi-dev - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 - name: Checkout Argobots - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: pmodels/argobots path: abt diff --git a/.github/workflows/vol_cache.yml b/.github/workflows/vol_cache.yml index 1a8c40cfdf2..98eac4492b1 100644 --- a/.github/workflows/vol_cache.yml +++ b/.github/workflows/vol_cache.yml @@ -35,13 +35,13 @@ jobs: sudo apt-get install automake autoconf libtool libtool-bin libopenmpi-dev - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 - name: Checkout Argobots - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: pmodels/argobots path: abt diff --git a/.github/workflows/vol_ext_passthru.yml b/.github/workflows/vol_ext_passthru.yml index 337130bc263..ec774d6be4d 100644 --- a/.github/workflows/vol_ext_passthru.yml +++ b/.github/workflows/vol_ext_passthru.yml @@ -22,13 +22,13 @@ jobs: sudo apt-get install automake autoconf libtool libtool-bin libopenmpi-dev - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 - name: Checkout vol-external-passthrough - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: hpc-io/vol-external-passthrough path: vol-external-passthrough diff --git a/.github/workflows/vol_log.yml b/.github/workflows/vol_log.yml index 0a355782eef..c5665474b32 100644 --- a/.github/workflows/vol_log.yml +++ b/.github/workflows/vol_log.yml @@ -23,7 +23,7 @@ jobs: #mpich - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 @@ -56,7 +56,7 @@ jobs: echo "PATH=${{ runner.workspace }}/hdf5_build/bin:${PATH}" >> $GITHUB_ENV - name: Checkout Log-based VOL - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: DataLib-ECP/vol-log-based path: vol-log-based diff --git a/.github/workflows/vol_rest.yml b/.github/workflows/vol_rest.yml index 188e80dca79..6d466783f2d 100644 --- a/.github/workflows/vol_rest.yml +++ b/.github/workflows/vol_rest.yml @@ -42,7 +42,7 @@ jobs: sudo apt-get install automake autoconf libtool libtool-bin libcurl4-openssl-dev libyajl-dev - name: Checkout HDF5 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hdf5 path: hdf5 @@ -78,12 +78,12 @@ jobs: echo "LD_LIBRARY_PATH=${{ github.workspace }}/hdf5/build/bin" >> $GITHUB_ENV - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Checkout HSDS - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.1 with: repository: HDFGroup/hsds path: ${{github.workspace}}/hsds