From 0970168a48c789c913133f98c2a796cceeacdfc8 Mon Sep 17 00:00:00 2001 From: Boshen Date: Fri, 13 Dec 2024 19:45:48 +0800 Subject: [PATCH] chore(deps): pin dependencies (#7837) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/clone-submodules/action.yml | 8 +-- .github/actions/pnpm/action.yml | 4 +- .github/workflows/autofix.yml | 10 ++-- .github/workflows/benchmark.yml | 30 +++++----- .github/workflows/bloat.yml | 4 +- .github/workflows/cargo-llvm-lines.yml | 6 +- .github/workflows/ci.yml | 58 +++++++++---------- .github/workflows/ci_security.yml | 6 +- .github/workflows/ci_vscode.yml | 8 +-- .github/workflows/codecov.yml | 12 ++-- .github/workflows/deny.yml | 4 +- .github/workflows/link-check.yml | 4 +- .github/workflows/lint-rules.yml | 4 +- .github/workflows/miri.yml | 4 +- .github/workflows/pr.yml | 8 +-- .github/workflows/prepare_release_crates.yml | 8 +-- .github/workflows/prepare_release_oxlint.yml | 6 +- .github/workflows/release_crates.yml | 4 +- .github/workflows/release_napi_parser.yml | 14 ++--- .github/workflows/release_napi_transform.yml | 14 ++--- .github/workflows/release_oxlint.yml | 16 ++--- .github/workflows/release_types.yml | 6 +- .github/workflows/release_vscode.yml | 12 ++-- .github/workflows/release_wasm.yml | 8 +-- .../workflows/reusable_prepare_release.yml | 6 +- 25 files changed, 132 insertions(+), 132 deletions(-) diff --git a/.github/actions/clone-submodules/action.yml b/.github/actions/clone-submodules/action.yml index 339bb9ac79408..48d4656c8dc1d 100644 --- a/.github/actions/clone-submodules/action.yml +++ b/.github/actions/clone-submodules/action.yml @@ -5,28 +5,28 @@ description: Clone submodules runs: using: composite steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: tc39/test262 path: tasks/coverage/test262 ref: dc0082c5ea347e5ecb585c1d7ebf4555aa429528 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: babel/babel path: tasks/coverage/babel ref: 54a8389fa31ce4fd18b0335b05832dc1ad3cc21f - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: microsoft/TypeScript path: tasks/coverage/typescript ref: d85767abfd83880cea17cea70f9913e9c4496dcc - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: show-progress: false repository: prettier/prettier diff --git a/.github/actions/pnpm/action.yml b/.github/actions/pnpm/action.yml index 1c205c745024e..955d17b996880 100644 --- a/.github/actions/pnpm/action.yml +++ b/.github/actions/pnpm/action.yml @@ -3,9 +3,9 @@ name: pnpm runs: using: composite steps: - - uses: pnpm/action-setup@v4.0.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: .node-version registry-url: "https://registry.npmjs.org" diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index a3786e5014fd9..4b4eb45dde126 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -15,9 +15,9 @@ jobs: autofix: runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: restore-cache: false tools: just,cargo-shear@1,dprint @@ -25,21 +25,21 @@ jobs: - name: Restore dprint plugin cache id: cache-restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: dprint-autofix-ci-${{ runner.os }}-${{ hashFiles('dprint.json') }} path: ~/.cache/dprint - run: just fmt - - uses: autofix-ci/action@v1.3.1 + - uses: autofix-ci/action@2891949f3779a1cafafae1523058501de3d4e944 # v1.3.1 with: fail-fast: false - name: Save dprint plugin cache if: ${{ github.ref_name == 'main' }} id: cache-save - uses: actions/cache/save@v4 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: ${{ steps.cache-restore.outputs.cache-primary-key }} path: ~/.cache/dprint diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 7e66fc4ff280f..2281ec1cf17b2 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -64,9 +64,9 @@ jobs: steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: benchmark-${{ matrix.component }} save-cache: ${{ github.ref_name == 'main' }} @@ -91,7 +91,7 @@ jobs: rm target/codspeed/oxc_benchmark/*.d - name: Run benchmark - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@513a19673a831f139e8717bf45ead67e47f00044 # v3 timeout-minutes: 30 with: # Dummy token for tokenless runs, to suppress logging hash of metadata JSON (see `upload.mjs`) @@ -100,7 +100,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: result-${{ matrix.component }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` @@ -115,9 +115,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: benchmark-linter save-cache: ${{ github.ref_name == 'main' }} @@ -133,7 +133,7 @@ jobs: rm target/codspeed/oxc_benchmark/*.d - name: Upload Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: benchmark-linter @@ -154,10 +154,10 @@ jobs: steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: benchmark-linter path: ./target/codspeed/oxc_benchmark @@ -168,7 +168,7 @@ jobs: chmod +x ./target/codspeed/oxc_benchmark/* - name: Install codspeed - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-codspeed @@ -182,7 +182,7 @@ jobs: run: node capture.mjs & - name: Run benchmark - uses: CodSpeedHQ/action@v3 + uses: CodSpeedHQ/action@513a19673a831f139e8717bf45ead67e47f00044 # v3 timeout-minutes: 30 env: FIXTURE: ${{ matrix.fixture }} @@ -193,7 +193,7 @@ jobs: run: cargo codspeed run - name: Upload bench data artefact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: result-linter${{ matrix.fixture }} path: ${{ env.DATA_DIR }} # env.DATA_DIR from `capture.mjs` @@ -278,7 +278,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm @@ -287,7 +287,7 @@ jobs: run: node create_temp_dir.mjs - name: Download artefacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true pattern: result-* @@ -300,7 +300,7 @@ jobs: run: node upload.mjs - name: Delete temporary artefacts - uses: geekyeggo/delete-artifact@v5 + uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5 with: name: | result-* diff --git a/.github/workflows/bloat.yml b/.github/workflows/bloat.yml index d5f9fadb48f64..c852e53147f1c 100644 --- a/.github/workflows/bloat.yml +++ b/.github/workflows/bloat.yml @@ -14,9 +14,9 @@ jobs: name: Cargo Bloat runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: warm tools: cargo-bloat diff --git a/.github/workflows/cargo-llvm-lines.yml b/.github/workflows/cargo-llvm-lines.yml index 7cba5084ae9fa..235ab6af154c8 100644 --- a/.github/workflows/cargo-llvm-lines.yml +++ b/.github/workflows/cargo-llvm-lines.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 - name: Install cargo-llvm-lines - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-llvm-lines diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 39a63a5a8e037..552a168fbde12 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,8 +35,8 @@ jobs: - os: macos-latest runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: # warm cache factory for all other CI jobs # cache `target` directory to avoid download crates @@ -51,11 +51,11 @@ jobs: if: ${{ github.ref_name == 'main' }} runs-on: windows-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 # Unsung heros of the internet, who led me here to speed up window's slowness: # https://github.com/actions/cache/issues/752#issuecomment-1847036770 # https://github.com/astral-sh/uv/blob/502e04200d52de30d3159894833b3db4f0d6644d/.github/workflows/ci.yml#L158 - - uses: samypr100/setup-dev-drive@v3 + - uses: samypr100/setup-dev-drive@d3f2420389ae9ea6e91dd178779e122c42352047 # v3 with: workspace-copy: true drive-size: 8GB @@ -77,7 +77,7 @@ jobs: rustup show git restore . - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2 with: workspaces: ${{ env.DEV_DRIVE_WORKSPACE }} save-if: ${{ github.ref_name == 'main' }} @@ -106,13 +106,13 @@ jobs: # Insta is not able to run on wasmtime, omit the packages that depend on it TEST_FLAGS: "-p oxc_ast -p oxc_cfg -p oxc_regular_expression -- --nocapture" steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: wasi save-cache: ${{ github.ref_name == 'main' }} - run: rustup target add wasm32-wasip1-threads - - uses: bytecodealliance/actions/wasmtime/setup@v1.1.0 + - uses: bytecodealliance/actions/wasmtime/setup@d742827944dcb656569399571a8a45261b5089f6 # v1.1.0 - run: cargo test --target wasm32-wasip1-threads ${TEST_FLAGS} - run: git diff --exit-code # Must commit everything @@ -120,9 +120,9 @@ jobs: name: Check wasm32-unknown-unknown runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: wasm save-cache: ${{ github.ref_name == 'main' }} @@ -146,7 +146,7 @@ jobs: name: Spell Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: crate-ci/typos@d1c850b2b5d502763520c25fb4a6a1128ad99bd9 # v1.28.3 with: files: . @@ -155,8 +155,8 @@ jobs: name: Clippy runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: save-cache: ${{ github.ref_name == 'main' }} cache-key: clippy @@ -176,8 +176,8 @@ jobs: name: Doc runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: warm components: rust-docs @@ -187,9 +187,9 @@ jobs: name: Conformance runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | @@ -213,7 +213,7 @@ jobs: - uses: ./.github/actions/pnpm if: steps.filter.outputs.src == 'true' - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 if: steps.filter.outputs.src == 'true' with: cache-key: conformance @@ -234,9 +234,9 @@ jobs: name: Minification Size runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | @@ -246,7 +246,7 @@ jobs: - 'crates/oxc_codegen/**' - 'tasks/minsize/**' - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 if: steps.filter.outputs.src == 'true' with: cache-key: minsize @@ -262,14 +262,14 @@ jobs: name: AST Changes runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: ".github/.generated_ast_watch_list.yml" - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 if: steps.filter.outputs.src == 'true' with: components: rustfmt @@ -279,7 +279,7 @@ jobs: - name: Restore dprint plugin cache id: cache-restore - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: dprint-autofix-ci-${{ runner.os }}-${{ hashFiles('dprint.json') }} path: ~/.cache/dprint @@ -294,7 +294,7 @@ jobs: - name: Save dprint plugin cache if: ${{ github.ref_name == 'main' }} id: cache-save - uses: actions/cache/save@v4 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: key: ${{ steps.cache-restore.outputs.cache-primary-key }} path: ~/.cache/dprint @@ -303,14 +303,14 @@ jobs: name: Test NAPI runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: dorny/paths-filter@v3 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter with: filters: | src: - '!crates/oxc_linter/**' - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 if: steps.filter.outputs.src == 'true' with: cache-key: warm diff --git a/.github/workflows/ci_security.yml b/.github/workflows/ci_security.yml index bb81dde1151ec..a6e8fcd031027 100644 --- a/.github/workflows/ci_security.yml +++ b/.github/workflows/ci_security.yml @@ -21,12 +21,12 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v4 + uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif @@ -34,7 +34,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/ci_vscode.yml b/.github/workflows/ci_vscode.yml index a35496f1a36e5..226c77d54635f 100644 --- a/.github/workflows/ci_vscode.yml +++ b/.github/workflows/ci_vscode.yml @@ -28,7 +28,7 @@ jobs: name: Compile runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Compile VSCode @@ -39,7 +39,7 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Lint VSCode @@ -50,7 +50,7 @@ jobs: name: Type-Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Type-Check VSCode @@ -61,7 +61,7 @@ jobs: name: Test runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Test VSCode diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 6934341c53cd3..70578bfbd62ef 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -21,12 +21,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Clone submodules uses: ./.github/actions/clone-submodules - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: codecov save-cache: ${{ github.ref_name == 'main' }} @@ -40,7 +40,7 @@ jobs: run: cargo codecov --lcov --output-path lcov.info - name: Upload Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: codecov path: lcov.info @@ -56,17 +56,17 @@ jobs: steps: - name: Checkout if: env.CODECOV_TOKEN - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download coverage file if: env.CODECOV_TOKEN - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: codecov - name: Upload to codecov.io if: env.CODECOV_TOKEN - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml index 758a32ab33989..339091b27223c 100644 --- a/.github/workflows/deny.yml +++ b/.github/workflows/deny.yml @@ -25,9 +25,9 @@ jobs: name: Cargo Deny runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: restore-cache: false tools: cargo-deny diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index 77dfa7da8da32..fd12a133c4938 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -26,10 +26,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check Links - uses: lycheeverse/lychee-action@v2.1.0 + uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0 with: # For parameter description, see https://github.com/lycheeverse/lychee#commandline-parameters # Accept 429 for now due to GitHub rate limit. diff --git a/.github/workflows/lint-rules.yml b/.github/workflows/lint-rules.yml index 0318ded351482..0ede1a32f4fae 100644 --- a/.github/workflows/lint-rules.yml +++ b/.github/workflows/lint-rules.yml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Branch - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version-file: .node-version diff --git a/.github/workflows/miri.yml b/.github/workflows/miri.yml index 2154c1b5454eb..c90f6763327d1 100644 --- a/.github/workflows/miri.yml +++ b/.github/workflows/miri.yml @@ -30,9 +30,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: taiki-e/checkout-action@v1.3.1 + uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: miri save-cache: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 8dcc01b9dc49d..c9b429bff8f86 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -16,13 +16,13 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 - name: Validate PR title id: pr-title - uses: amannn/action-semantic-pull-request@v5 + uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -78,7 +78,7 @@ jobs: echo "CATEGORY=$CATEGORY" >> $GITHUB_OUTPUT - name: Add category label - uses: actions-ecosystem/action-add-labels@v1.1.0 + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 if: ${{ steps.get-category.outputs.CATEGORY != '' }} with: labels: ${{ steps.get-category.outputs.CATEGORY }} diff --git a/.github/workflows/prepare_release_crates.yml b/.github/workflows/prepare_release_crates.yml index 7c3664a8cfe0d..6b0b10c232418 100644 --- a/.github/workflows/prepare_release_crates.yml +++ b/.github/workflows/prepare_release_crates.yml @@ -12,8 +12,8 @@ jobs: name: Check runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 - - uses: oxc-project/setup-rust@v1.0.0 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: warm tools: cargo-release-oxc @@ -34,9 +34,9 @@ jobs: name: Trigger Monitor Oxc runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: peter-evans/create-or-update-comment@v4 + - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 id: comment with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/prepare_release_oxlint.yml b/.github/workflows/prepare_release_oxlint.yml index 032e5b8488eff..e7ee42d27c6d9 100644 --- a/.github/workflows/prepare_release_oxlint.yml +++ b/.github/workflows/prepare_release_oxlint.yml @@ -27,9 +27,9 @@ jobs: pull-requests: write contents: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - - uses: peter-evans/create-or-update-comment@v4 + - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4 id: comment with: token: ${{ secrets.GITHUB_TOKEN }} @@ -51,7 +51,7 @@ jobs: permissions: actions: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: benc-uk/workflow-dispatch@v1.3.1 with: repo: oxc-project/oxc-project.github.io diff --git a/.github/workflows/release_crates.yml b/.github/workflows/release_crates.yml index 8c3019881a7f8..03ea2ef52ce96 100644 --- a/.github/workflows/release_crates.yml +++ b/.github/workflows/release_crates.yml @@ -20,12 +20,12 @@ jobs: contents: write actions: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.PAT }} # required for git tag push persist-credentials: false - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: warm tools: cargo-release-oxc diff --git a/.github/workflows/release_napi_parser.yml b/.github/workflows/release_napi_parser.yml index b4f118b57ef59..e7af230253271 100644 --- a/.github/workflows/release_napi_parser.yml +++ b/.github/workflows/release_napi_parser.yml @@ -23,7 +23,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -88,7 +88,7 @@ jobs: name: Package ${{ matrix.target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 ### install musl dependencies ### # @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/parser/parser.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -170,12 +170,12 @@ jobs: needs: - build steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true diff --git a/.github/workflows/release_napi_transform.yml b/.github/workflows/release_napi_transform.yml index 940c7b7626ff9..5023c814005fd 100644 --- a/.github/workflows/release_napi_transform.yml +++ b/.github/workflows/release_napi_transform.yml @@ -23,7 +23,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -88,7 +88,7 @@ jobs: name: Package ${{ matrix.target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 ### install musl dependencies ### @@ -99,7 +99,7 @@ jobs: - name: Install cargo-zigbuild if: ${{ contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cargo-zigbuild @@ -107,7 +107,7 @@ jobs: - name: Install cross if: ${{ !contains(matrix.target, 'musl') }} - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -154,7 +154,7 @@ jobs: run: tar czf ${{ matrix.code-target }}.tar.gz napi/transform/transform.${{ matrix.code-target }}.node - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -170,12 +170,12 @@ jobs: needs: - build steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true diff --git a/.github/workflows/release_oxlint.yml b/.github/workflows/release_oxlint.yml index 9e03f91d3f200..af2e5514ee01e 100644 --- a/.github/workflows/release_oxlint.yml +++ b/.github/workflows/release_oxlint.yml @@ -20,7 +20,7 @@ jobs: version_changed: ${{ steps.version.outputs.changed }} version: ${{ steps.version.outputs.version }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes uses: EndBug/version-check@v2.46.8 @@ -83,10 +83,10 @@ jobs: env: OXC_VERSION: ${{ needs.check.outputs.version }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Install cross - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -135,7 +135,7 @@ jobs: tar czf $OXLS_BIN_NAME.tar.gz $OXLS_BIN_NAME - name: Upload Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: if-no-files-found: error name: binaries-${{ matrix.code-target }} @@ -151,12 +151,12 @@ jobs: contents: write # for softprops/action-gh-release@v1.3.1 id-token: write # for `pnpm publish --provenance` steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # for changelog persist-credentials: false - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: restore-cache: false tools: cargo-release-oxc @@ -172,7 +172,7 @@ jobs: echo EOF } >> $GITHUB_OUTPUT - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true @@ -244,7 +244,7 @@ jobs: name: Update eslint-plugin-oxlint runs-on: ubuntu-latest steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: benc-uk/workflow-dispatch@v1.3.1 with: repo: oxc-project/eslint-plugin-oxlint diff --git a/.github/workflows/release_types.yml b/.github/workflows/release_types.yml index 8b7d431b4a5db..5ad880f9231ec 100644 --- a/.github/workflows/release_types.yml +++ b/.github/workflows/release_types.yml @@ -20,10 +20,10 @@ jobs: version: ${{ steps.version.outputs.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes - uses: EndBug/version-check@v2 + uses: EndBug/version-check@36ff30f37c7deabe56a30caa043d127be658c425 # v2 id: version with: static-checking: localIsNew @@ -46,7 +46,7 @@ jobs: permissions: id-token: write # for `pnpm publish --provenance` steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm diff --git a/.github/workflows/release_vscode.yml b/.github/workflows/release_vscode.yml index f938653204fbd..b24e998234c16 100644 --- a/.github/workflows/release_vscode.yml +++ b/.github/workflows/release_vscode.yml @@ -25,7 +25,7 @@ jobs: version: ${{ env.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check vscode version changes uses: EndBug/version-check@v2.46.8 @@ -72,7 +72,7 @@ jobs: name: Package ${{ matrix.code-target }} runs-on: ${{ matrix.os }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm @@ -81,7 +81,7 @@ jobs: run: pnpm run compile - name: Install cross - uses: taiki-e/install-action@v2.46.8 + uses: taiki-e/install-action@8c39981484df4e7ba41af8e8e078ac546d5e1b11 # v2.46.8 with: tool: cross @@ -117,7 +117,7 @@ jobs: pnpm exec vsce package -o "../../oxc_language_server-${{ matrix.code-target }}.vsix" --target ${{ matrix.code-target }} - name: Upload VSCode extension artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: packages-${{ matrix.code-target }} path: ./oxc_language_server-${{ matrix.code-target }}.vsix @@ -131,10 +131,10 @@ jobs: permissions: contents: write steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Download extension artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: merge-multiple: true path: editors/vscode diff --git a/.github/workflows/release_wasm.yml b/.github/workflows/release_wasm.yml index 1ffe8188410c3..0ba55c4a3edee 100644 --- a/.github/workflows/release_wasm.yml +++ b/.github/workflows/release_wasm.yml @@ -20,10 +20,10 @@ jobs: version: ${{ steps.version.outputs.version }} version_changed: ${{ steps.version.outputs.changed }} steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - name: Check version changes - uses: EndBug/version-check@v2 + uses: EndBug/version-check@36ff30f37c7deabe56a30caa043d127be658c425 # v2 id: version with: static-checking: localIsNew @@ -46,11 +46,11 @@ jobs: permissions: id-token: write # for `pnpm publish --provenance` steps: - - uses: taiki-e/checkout-action@v1.3.1 + - uses: taiki-e/checkout-action@b13d20b7cda4e2f325ef19895128f7ff735c0b3d # v1.3.1 - uses: ./.github/actions/pnpm - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: "wasm" tools: wasm-pack diff --git a/.github/workflows/reusable_prepare_release.yml b/.github/workflows/reusable_prepare_release.yml index 11a0d60006396..dbe89727ccfd2 100644 --- a/.github/workflows/reusable_prepare_release.yml +++ b/.github/workflows/reusable_prepare_release.yml @@ -24,12 +24,12 @@ jobs: pull-request-number: ${{ steps.pr.outputs.pull-request-number }} version: ${{ steps.run.outputs.VERSION }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 persist-credentials: false - - uses: oxc-project/setup-rust@v1.0.0 + - uses: oxc-project/setup-rust@cd82e1efec7fef815e2c23d296756f31c7cdc03d # v1.0.0 with: cache-key: warm tools: cargo-release-oxc @@ -51,7 +51,7 @@ jobs: # update `Cargo.lock` - run: cargo check - - uses: peter-evans/create-pull-request@v7 + - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7 id: pr with: # bot account with PAT required for triggering workflow runs