miracum · chgl · Jan 10, 2024 · Jan 10, 2024
diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml
@@ -18,7 +18,7 @@ jobs:
       pages: write
     steps:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+      - uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0
         with:
           python-version: 3.x
       - run: pip install mkdocs-material==9.*

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -81,7 +81,7 @@ jobs:
             MODULE_NAME=${{ inputs.module-name }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         with:
           image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }}
           severity: "CRITICAL"
@@ -90,7 +90,7 @@ jobs:
           timeout: 15m
 
       - name: Save Trivy vulnerability attestation
-        uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         with:
           image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }}
           exit-code: "0"
@@ -167,7 +167,7 @@ jobs:
           path: /tmp
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
       - name: Sign image
         run: |

diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml
@@ -18,15 +18,15 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0
+        uses: lycheeverse/lychee-action@c3089c702fbb949e3f7a8122be0c33c017904f9b # v1.9.1
         with:
           args: "--config=.lychee.toml ."
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
 
       - name: Look for an existing issue
         id: last-issue
-        uses: micalevisk/last-issue-action@305829d9728f47beb0029417167a0af890edfd6e # v2.1.0
+        uses: micalevisk/last-issue-action@0d40124cc99ac8601c2516007f0c98ef3d27537b # v2.3.0
         with:
           state: open
           labels: link-check

diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml
@@ -10,7 +10,7 @@ permissions: read-all
 jobs:
   lint:
     runs-on: ubuntu-22.04
-    container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143
+    container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64
     steps:
       - name: Add workspace as safe directory
         run: |

diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml
@@ -14,7 +14,7 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-22.04
     steps:
-      - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0
+      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -40,7 +40,7 @@ jobs:
         id: ml
         # You can override MegaLinter flavor used to have faster performances
         # More info at https://oxsecurity.github.io/megalinter/flavors/
-        uses: oxsecurity/megalinter@b48455a119cc28045eee8f1e9d0a542a85e71f4f # v7.5.0
+        uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0
         env:
           # All available variables are described in documentation
           # https://oxsecurity.github.io/megalinter/configuration/

diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
@@ -14,7 +14,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # v3.7.12
+      - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13
         with:
           token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }}
           release-type: simple

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -35,7 +35,7 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
       - name: Add helm repos and update deps
         run: |
@@ -101,7 +101,7 @@ jobs:
   publish-kyverno-policies:
     name: publish kyverno policies
     runs-on: ubuntu-22.04
-    container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143
+    container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64
     continue-on-error: true
     steps:
       - name: Checkout

diff --git a/.github/workflows/reset-chart-changelog-annotations.yaml b/.github/workflows/reset-chart-changelog-annotations.yaml
@@ -16,7 +16,7 @@ jobs:
   reset-commit-and-push:
     name: reset changelog annotations, commit, and push
     runs-on: ubuntu-22.04
-    container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143
+    container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64
     permissions:
       contents: write
     steps:

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/validate-fhir-resources.yaml b/.github/workflows/validate-fhir-resources.yaml
@@ -12,7 +12,7 @@ jobs:
   validate-fhir-resource:
     name: Validate FHIR resources
     runs-on: ubuntu-22.04
-    container: ghcr.io/miracum/ig-build-tools:v2.0.9@sha256:da4a32b4a33a7de616a5066e4ce249045a739ea53cb9ac9feb6fa0a97634cd0c
+    container: ghcr.io/miracum/ig-build-tools:v2.0.16@sha256:a0bf140a7a7e2698b78eef2e9e186e7196fc725ee019182ca1275113c4b547f9
     steps:
       - name: Checkout code
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml
@@ -18,7 +18,7 @@ jobs:
   yamllint:
     runs-on: ubuntu-22.04
     # contains yamllint
-    container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143
+    container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64
     steps:
       - name: Checkout
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0