From 3e48090912392b7176a43fb42b9f60a2e906fd69 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 11:51:39 +0000 Subject: [PATCH] ci(deps): bump the actions group with 9 updates Bumps the actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [actions/setup-java](https://github.com/actions/setup-java) | `4` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `9` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.88.0` | `3.95.3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `actions/setup-java` from 4 to 5 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v4...v5) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) Updates `actions/github-script` from 7 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v9) Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `trufflesecurity/trufflehog` from 3.88.0 to 3.95.3 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](https://github.com/trufflesecurity/trufflehog/compare/v3.88.0...v3.95.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-java dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 22 ++++++------- .github/workflows/fuzz.yml | 26 ++++++++-------- .github/workflows/release.yml | 38 +++++++++++------------ .github/workflows/security.yml | 28 ++++++++--------- .github/workflows/wamr-upstream-watch.yml | 2 +- 5 files changed, 58 insertions(+), 58 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9062e1e..c307e41 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,7 +40,7 @@ jobs: lib: wamr4j_native.dll runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -53,7 +53,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y cmake - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -70,7 +70,7 @@ jobs: cd wamr4j-native cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wamr4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -82,15 +82,15 @@ jobs: name: Code Quality runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '22' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} @@ -146,22 +146,22 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wamr4j-native/src/main/resources/META-INF/native/${{ matrix.platform }}/ @@ -207,7 +207,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: test-results-${{ matrix.platform }}-java${{ matrix.java }} path: '**/target/surefire-reports/' diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index fb0fe07..b1a270e 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -44,7 +44,7 @@ jobs: name: Rust Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -66,7 +66,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-smoke path: wamr4j-native/fuzz/artifacts/ @@ -78,11 +78,11 @@ jobs: name: Java Fuzz Smoke Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '17' @@ -113,7 +113,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes-smoke path: wamr4j-tests/fuzz/**/hs_err_*.log @@ -134,7 +134,7 @@ jobs: - error_message - ffi_roundtrip steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -146,7 +146,7 @@ jobs: sudo apt-get update && sudo apt-get install -y cmake - name: Cache fuzz corpus - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: wamr4j-native/fuzz/corpus/${{ matrix.target }} key: fuzz-corpus-${{ matrix.target }}-${{ github.sha }} @@ -178,14 +178,14 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-crashes-${{ matrix.target }} path: wamr4j-native/fuzz/artifacts/${{ matrix.target }}/ if-no-files-found: ignore - name: Upload updated corpus - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: fuzz-corpus-${{ matrix.target }} path: wamr4j-native/fuzz/corpus/${{ matrix.target }}/ @@ -197,11 +197,11 @@ jobs: name: Java Fuzz Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: '17' @@ -241,7 +241,7 @@ jobs: - name: Upload crash artifacts if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: java-fuzz-crashes path: wamr4j-tests/fuzz/**/hs_err_*.log @@ -256,7 +256,7 @@ jobs: issues: write steps: - name: Create issue for crashes - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const today = new Date().toISOString().split('T')[0]; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b91ed53..919303e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,7 @@ jobs: lib: wamr4j_native.dll runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: recursive @@ -48,7 +48,7 @@ jobs: run: sudo apt-get update && sudo apt-get install -y cmake - name: Cache Cargo - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.cargo/registry @@ -65,7 +65,7 @@ jobs: cd wamr4j-native cargo build --release --target ${{ matrix.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: native-${{ matrix.platform }} path: wamr4j-native/.cargo-target/${{ matrix.target }}/release/${{ matrix.lib }} @@ -106,22 +106,22 @@ jobs: java: '23' runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: ${{ matrix.java }} distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-test-${{ matrix.java }}-${{ hashFiles('**/pom.xml') }} restore-keys: m2-test- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-${{ matrix.platform }} path: wamr4j-native/src/main/resources/META-INF/native/${{ matrix.platform }}/ @@ -167,22 +167,22 @@ jobs: needs: build-native runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '17' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-quality-${{ hashFiles('**/pom.xml') }} restore-keys: m2-quality- - name: Download native library - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/linux-x86_64/ @@ -215,9 +215,9 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' @@ -253,7 +253,7 @@ jobs: echo "All required secrets are configured" - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-publish-${{ hashFiles('**/pom.xml') }} @@ -261,22 +261,22 @@ jobs: # Download all native libraries into resource directories - name: Download linux-x86_64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/linux-x86_64/ - name: Download linux-aarch64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-linux-aarch64 path: wamr4j-native/src/main/resources/META-INF/native/linux-aarch64/ - name: Download darwin-aarch64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-darwin-aarch64 path: wamr4j-native/src/main/resources/META-INF/native/darwin-aarch64/ - name: Download windows-x86_64 - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: native-windows-x86_64 path: wamr4j-native/src/main/resources/META-INF/native/windows-x86_64/ @@ -365,7 +365,7 @@ jobs: done - name: Create GitHub Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@v3 with: generate_release_notes: true files: | diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 091eb9d..e5758da 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -19,7 +19,7 @@ jobs: name: Cargo Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: dtolnay/rust-toolchain@stable @@ -35,15 +35,15 @@ jobs: name: OWASP Dependency Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' - name: Cache Maven - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.m2/repository key: m2-security-${{ hashFiles('**/pom.xml') }} @@ -59,7 +59,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: dependency-check-report path: '**/target/dependency-check-report.html' @@ -72,15 +72,15 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '23' distribution: 'temurin' - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: java @@ -88,19 +88,19 @@ jobs: run: ./mvnw compile -B -pl wamr4j,wamr4j-jni,wamr4j-panama -P skip-native -DskipTests -am - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 # Secret scanning secret-scan: name: Secret Scanning runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Run TruffleHog - uses: trufflesecurity/trufflehog@v3.88.0 + uses: trufflesecurity/trufflehog@v3.95.3 with: path: ./ base: ${{ github.event.pull_request.base.sha || 'HEAD~1' }} @@ -112,9 +112,9 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: java-version: '21' distribution: 'temurin' @@ -122,7 +122,7 @@ jobs: - name: Generate SBOM run: ./mvnw org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -B -pl '!wamr4j-native' - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: sbom path: target/bom.xml diff --git a/.github/workflows/wamr-upstream-watch.yml b/.github/workflows/wamr-upstream-watch.yml index ef606e0..1f26158 100644 --- a/.github/workflows/wamr-upstream-watch.yml +++ b/.github/workflows/wamr-upstream-watch.yml @@ -14,7 +14,7 @@ jobs: name: Check upstream WAMR release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Compare versions and manage tracking issue env: