diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ef1c713e..22e1ed03 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -28,7 +28,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
@@ -43,11 +43,11 @@ jobs:
uploads.github.com:443
- name: Checkout repository
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
+ uses: github/codeql-action/init@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
with:
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
languages: java
@@ -65,6 +65,6 @@ jobs:
(cd function-maven-plugin && mvn install)
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
+ uses: github/codeql-action/analyze@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
with:
category: ${{ matrix.working-directory }}
diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml
index cbc4fb6b..6bd999cb 100644
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@@ -19,7 +19,7 @@ jobs:
]
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
@@ -32,16 +32,16 @@ jobs:
repo.maven.apache.org:443
storage.googleapis.com:443
- - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+ uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: ${{ matrix.java }}
distribution: temurin
- name: Setup Go
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version: '1.25'
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index b492004f..0f4ba069 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -13,16 +13,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
repo.maven.apache.org:443
- - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Set up JDK
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+ uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: 17.x
distribution: temurin
@@ -38,13 +38,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # v2 minimum required
+ - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 # v2 minimum required
- name: Set up JDK
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+ uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: 21.x
distribution: temurin
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 1fab1ae1..dcfb0deb 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -26,7 +26,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
@@ -45,7 +45,7 @@ jobs:
*.github.com:443
- name: "Checkout code"
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
persist-credentials: false
@@ -62,6 +62,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@5d5cd550d3e189c569da8f16ea8de2d821c9bf7a # v3.31.2
+ uses: github/codeql-action/upload-sarif@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
with:
sarif_file: results.sarif
diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml
index 0468a01f..4620290a 100644
--- a/.github/workflows/unit.yaml
+++ b/.github/workflows/unit.yaml
@@ -18,7 +18,7 @@ jobs:
]
steps:
- name: Harden Runner
- uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+ uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
disable-sudo: true
egress-policy: block
@@ -27,9 +27,9 @@ jobs:
repo.maven.apache.org:443
api.adoptium.net:443
*.githubusercontent.com:443
- - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+ - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
- name: Set up JDK ${{ matrix.java }}
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+ uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
with:
java-version: ${{ matrix.java }}
distribution: temurin
diff --git a/function-maven-plugin/pom.xml b/function-maven-plugin/pom.xml
index 2278ae09..982e9f46 100644
--- a/function-maven-plugin/pom.xml
+++ b/function-maven-plugin/pom.xml
@@ -56,13 +56,13 @@
org.apache.maven
maven-plugin-api
- 3.9.11
+ 3.9.12
provided
org.apache.maven
maven-core
- 3.9.11
+ 3.9.12
provided
@@ -81,7 +81,7 @@
com.google.cloud.tools
appengine-maven-plugin
- 2.8.4
+ 2.8.6
jar
diff --git a/functions-framework-api/pom.xml b/functions-framework-api/pom.xml
index 09f65352..07549100 100644
--- a/functions-framework-api/pom.xml
+++ b/functions-framework-api/pom.xml
@@ -104,7 +104,7 @@
org.apache.maven.plugins
maven-release-plugin
- 3.1.1
+ 3.3.1
default
diff --git a/invoker/core/pom.xml b/invoker/core/pom.xml
index 4ab569b2..9d8a1e8c 100644
--- a/invoker/core/pom.xml
+++ b/invoker/core/pom.xml
@@ -24,7 +24,7 @@
17
17
4.0.1
- 12.1.3
+ 12.1.5
@@ -83,13 +83,13 @@
com.google.auto.value
auto-value
- 1.11.0
+ 1.11.1
provided
com.google.auto.value
auto-value-annotations
- 1.11.0
+ 1.11.1
provided
@@ -119,7 +119,7 @@
org.mockito
mockito-core
- 5.20.0
+ 5.21.0
test
@@ -163,7 +163,7 @@
com.google.auto.value
auto-value
- 1.11.0
+ 1.11.1
com.ryanharter.auto.value
@@ -175,7 +175,7 @@
maven-jar-plugin
- 3.4.2
+ 3.5.0
diff --git a/invoker/testfunction/pom.xml b/invoker/testfunction/pom.xml
index 994c4326..94e88ff6 100644
--- a/invoker/testfunction/pom.xml
+++ b/invoker/testfunction/pom.xml
@@ -45,7 +45,7 @@
maven-jar-plugin
- 3.4.2
+ 3.5.0