This is an automated email from the ASF dual-hosted git repository.
garydgregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-ognl.git
The following commit(s) were added to refs/heads/master by this push:
new 09b985d Bump GH CI actions
09b985d is described below
commit 09b985dca887c0f70974b80bec03707d36c0ba5a
Author: Gary Gregory <[email protected]>
AuthorDate: Sat Jul 11 15:22:12 2026 -0400
Bump GH CI actions
---
.github/workflows/codeql-analysis.yml | 10 +++++-----
.github/workflows/coverage.yml | 4 ++--
.github/workflows/scorecards-analysis.yml | 4 ++--
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
index deef8ab..16a3165 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,10 +44,10 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+ - uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 #v6.1.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -56,7 +56,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9
# v2.21.9
+ uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9
# v4.37.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a
config file.
@@ -67,7 +67,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually
(see below)
- name: Autobuild
- uses:
github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 #
v2.21.9
+ uses:
github/codeql-action/autobuild@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 #
v4.37.0
# âšī¸ Command-line programs to run using the OS shell.
# đ https://git.io/JvXDl
@@ -81,4 +81,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses:
github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9
+ uses:
github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index fe6b26e..1ac08b8 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -34,10 +34,10 @@ jobs:
java: [ 8 ]
steps:
- - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+ - uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 #v6.1.0
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
diff --git a/.github/workflows/scorecards-analysis.yml
b/.github/workflows/scorecards-analysis.yml
index f05bf1d..032b18f 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -43,7 +43,7 @@ jobs:
steps:
- name: "Checkout code"
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #
v4.1.0
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #
v7.0.0
with:
persist-credentials: false
@@ -67,6 +67,6 @@ jobs:
retention-days: 5
- name: "Upload to code-scanning"
- uses:
github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 #
v2.21.9
+ uses:
github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 #
v4.37.0
with:
sarif_file: results.sarif