diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 704ba53..d38ed89 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: oven-sh/setup-bun@v2 - run: bun install --frozen-lockfile - run: bun run check @@ -27,7 +27,7 @@ jobs: e2e: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: oven-sh/setup-bun@v2 - run: bun install --frozen-lockfile - run: bunx playwright install --with-deps chromium firefox webkit diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d79cd85..8a08f87 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,7 +19,7 @@ jobs: # Actions pinned to commit SHAs (not moving major tags): this job holds # the OIDC token and runs the publish, so a tampered tag here is the one # that matters. Comments track the human-readable version. - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: