Bump the github-actions group with 10 updates

.github/workflows/audit.yml

@@ -20,7 +20,7 @@ jobs:
  checks: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -32,7 +32,7 @@ jobs:
  static.rust-lang.org:443
  index.crates.io:443
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
  - uses: actions-rs/audit-check@35b7b53b1e25b55642157ac01b4adceb5b9ebef3
  with:
@@ -50,7 +50,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -63,7 +63,7 @@ jobs:
  static.rust-lang.org:443
  index.crates.io:443
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- - uses: EmbarkStudios/cargo-deny-action@a50c7d5f86370e02fae8472c398f15a36e517bb8
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+ - uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5
  with:
  command: check ${{ matrix.checks }}

.github/workflows/benchmark pullrequest.yml

@@ -32,11 +32,11 @@ jobs:
  - 5432:5432
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  with:
  set-safe-directory: true
  - run: rustup default nightly

.github/workflows/benchmark.yml

@@ -32,11 +32,11 @@ jobs:
  - 5432:5432
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  with:
  set-safe-directory: true
  - run: rustup default nightly

.github/workflows/docker-image.yml

@@ -15,7 +15,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -35,19 +35,19 @@ jobs:
  static.rust-lang.org:443
  index.crates.io:443
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  - name: Log in to Docker Hub
- uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
+ uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
  with:
  username: ${{ secrets.DOCKERHUB_USERNAME }}
  password: ${{ secrets.DOCKERHUB_PASSWORD }}
  - name: Extract metadata (tags, labels) for Docker
  id: meta
- uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
+ uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
  with:
  images: mtrnord/erooster
  - name: Build and push
- uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825
+ uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
  with:
  context: .
  push: true

.github/workflows/rust-clippy.yml

@@ -20,7 +20,7 @@ jobs:
  security-events: write
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -35,7 +35,7 @@ jobs:
  index.crates.io:443
 
  - name: Checkout code
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
  - name: Install Rust toolchain
  uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
@@ -57,7 +57,7 @@ jobs:
  continue-on-error: true
 
  - name: Upload analysis results to GitHub
- uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716
+ uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80
  with:
  sarif_file: rust-clippy-results.sarif
  wait-for-processing: true

.github/workflows/scorecards.yml

@@ -25,7 +25,7 @@ jobs:
 
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -46,12 +46,12 @@ jobs:
  index.crates.io:443
 
  - name: "Checkout code"
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.0.0
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v3.0.0
  with:
  persist-credentials: false
 
  - name: "Run analysis"
- uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # tag=v2.2.0
+ uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # tag=v2.3.1
  with:
  results_file: results.sarif
  results_format: sarif
@@ -70,14 +70,14 @@ jobs:
  # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
  # format to the repository Actions tab.
  - name: "Upload artifact"
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # tag=v3.1.2
+ uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # tag=v3.1.3
  with:
  name: SARIF file
  path: results.sarif
  retention-days: 5
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # tag=v1.0.26
+ uses: github/codeql-action/upload-sarif@49abf0ba24d0b7953cb586944e918a0b92074c80 # tag=v1.0.26
  with:
  sarif_file: results.sarif

.github/workflows/spell-check.yml

@@ -16,7 +16,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -25,9 +25,9 @@ jobs:
  env:
  USER: runner
  - name: Checkout Actions Repository
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v2
 
  - name: Check spelling
- uses: crate-ci/typos@0863e64406a6d8f990ba7a1dd8f5a4683dd61194 # master
+ uses: crate-ci/typos@c004e98018d8621614d1ca516eed8ca2d04b365a # master
  with:
  config: ${{github.workspace}}/_typos.toml

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -25,7 +25,7 @@ jobs:
  static.crates.io:443
  static.rust-lang.org:443
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
  with:
  profile: minimal
@@ -63,11 +63,11 @@ jobs:
  - 5432:5432
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  - name: Install Rust
  run: rustup toolchain install nightly --component llvm-tools-preview
  - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
@@ -105,7 +105,7 @@ jobs:
  cargo +nightly llvm-cov report --html
  env:
  RUST_BACKTRACE: "1"
- - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+ - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
  with:
  name: coverage-report
  path: target/llvm-cov/html/
@@ -126,7 +126,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423
  with:
  egress-policy: block
  allowed-endpoints: >
@@ -140,7 +140,7 @@ jobs:
  index.crates.io:443
  static.crates.io:443
 
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
  with:
  profile: minimal