From 2d40a6ff4aa55de5efa89603c4126b548f293fd2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 17:25:52 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/actions/setup-node-pnpm/action.yml | 6 +++--- .github/workflows/cli-release.yml | 10 +++++----- .github/workflows/code-qa.yml | 18 +++++++++--------- .github/workflows/codeql.yml | 6 +++--- .github/workflows/e2e.yml | 2 +- .github/workflows/marketplace-publish.yml | 2 +- .github/workflows/nightly-publish.yml | 2 +- .github/workflows/release-validation.yml | 2 +- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/actions/setup-node-pnpm/action.yml b/.github/actions/setup-node-pnpm/action.yml index 8e1f84b7d8..8535881ee5 100644 --- a/.github/actions/setup-node-pnpm/action.yml +++ b/.github/actions/setup-node-pnpm/action.yml @@ -24,7 +24,7 @@ runs: using: "composite" steps: - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 with: version: ${{ inputs.pnpm-version }} - name: Get pnpm store directory @@ -32,14 +32,14 @@ runs: run: | echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - name: Setup pnpm cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ${{ env.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: ${{ inputs.node-version }} - name: Install dependencies diff --git a/.github/workflows/cli-release.yml b/.github/workflows/cli-release.yml index 20961a9f2d..78eb63dd7f 100644 --- a/.github/workflows/cli-release.yml +++ b/.github/workflows/cli-release.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 @@ -195,7 +195,7 @@ jobs: rm -rf "$VERIFY_DIR" - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: cli-${{ matrix.platform }} path: | @@ -213,7 +213,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Get version id: version @@ -227,7 +227,7 @@ jobs: echo "tag=cli-v$VERSION" >> $GITHUB_OUTPUT - name: Download all artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: path: artifacts @@ -373,7 +373,7 @@ jobs: steps: - name: Download all artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: path: artifacts diff --git a/.github/workflows/code-qa.yml b/.github/workflows/code-qa.yml index 73fcb02f4c..76abccf103 100644 --- a/.github/workflows/code-qa.yml +++ b/.github/workflows/code-qa.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm - name: Verify all translations are complete @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm - name: Run knip checks @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm - name: Lint @@ -58,12 +58,12 @@ jobs: upload-coverage: false steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm - name: Restore Turbo cache id: turbo-cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: .turbo/cache key: ${{ runner.os }}-turbo-${{ hashFiles('**/pnpm-lock.yaml') }}-${{ github.sha }} @@ -78,7 +78,7 @@ jobs: run: pnpm turbo run test:coverage:integration --filter="@roo-code/core" --log-order grouped --output-logs new-only - name: Save Turbo cache if: steps.turbo-cache.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: .turbo/cache key: ${{ steps.turbo-cache.outputs.cache-primary-key }} @@ -94,7 +94,7 @@ jobs: # See https://docs.codecov.com/docs/flags - name: Upload non-core coverage to Codecov if: matrix.upload-coverage - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 with: files: >- src/coverage/lcov.info, @@ -107,7 +107,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload core unit coverage to Codecov if: matrix.upload-coverage - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 with: files: packages/core/coverage/unit/lcov.info disable_search: true @@ -115,7 +115,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} - name: Upload core integration coverage to Codecov if: matrix.upload-coverage - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4 with: files: packages/core/coverage/integration/lcov.info disable_search: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b00f386143..2b8835d4ce 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,11 +43,11 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -75,6 +75,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index d4953f06df..e137965b68 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 30 steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm - name: Install xvfb diff --git a/.github/workflows/marketplace-publish.yml b/.github/workflows/marketplace-publish.yml index 1e0f7d7335..645409da4b 100644 --- a/.github/workflows/marketplace-publish.yml +++ b/.github/workflows/marketplace-publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm diff --git a/.github/workflows/nightly-publish.yml b/.github/workflows/nightly-publish.yml index 089ada4ee0..7c676b1614 100644 --- a/.github/workflows/nightly-publish.yml +++ b/.github/workflows/nightly-publish.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm diff --git a/.github/workflows/release-validation.yml b/.github/workflows/release-validation.yml index c49a870855..7d7ea410b3 100644 --- a/.github/workflows/release-validation.yml +++ b/.github/workflows/release-validation.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js and pnpm uses: ./.github/actions/setup-node-pnpm