From 85af25fb1ca987b0ae93df3fdb0eb20173d39b3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Mar 2026 10:33:56 +0000 Subject: [PATCH 1/2] Bump flatted from 3.3.3 to 3.4.2 in /docker/hello-world-sandbox Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2. - [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docker/hello-world-sandbox/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/hello-world-sandbox/package-lock.json b/docker/hello-world-sandbox/package-lock.json index 7aa52160..373c513e 100644 --- a/docker/hello-world-sandbox/package-lock.json +++ b/docker/hello-world-sandbox/package-lock.json @@ -934,9 +934,9 @@ } }, "node_modules/flatted": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz", - "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz", + "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==", "dev": true, "license": "ISC" }, From a648d57141ee9296e125bfe081b9449ac3ffecbe Mon Sep 17 00:00:00 2001 From: Sathiyakumar Ganesan Date: Mon, 23 Mar 2026 11:17:43 +0000 Subject: [PATCH 2/2] update github actions changes --- .github/workflows/apigee-release-pipeline.yml | 4 ++-- .github/workflows/continous-integration-workflow.yaml | 6 +++--- .github/workflows/sbom.yml | 8 ++++---- .github/workflows/spec-release-pipeline.yml | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/apigee-release-pipeline.yml b/.github/workflows/apigee-release-pipeline.yml index e62a17e3..9ae2473d 100644 --- a/.github/workflows/apigee-release-pipeline.yml +++ b/.github/workflows/apigee-release-pipeline.yml @@ -17,7 +17,7 @@ jobs: PROXYGEN_API_NAME: hello-world steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 with: fetch-depth: 0 @@ -102,7 +102,7 @@ jobs: run: pip install poetry - name: Cache poetry packages - uses: actions/cache@v3 + uses: actions/cache@v5 with: path: ~/.cache/pypoetry key: ${{ runner.os }}-build-cache-poetry-packages-${{ hashFiles('**/poetry.lock') }} diff --git a/.github/workflows/continous-integration-workflow.yaml b/.github/workflows/continous-integration-workflow.yaml index ead87ab5..f92d5027 100644 --- a/.github/workflows/continous-integration-workflow.yaml +++ b/.github/workflows/continous-integration-workflow.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 with: fetch-depth: 0 # This causes all history to be fetched, which is required for calculate-version to function @@ -32,13 +32,13 @@ jobs: run: pip install poetry - name: Cache poetry packages - uses: actions/cache@v3 + uses: actions/cache@v5 with: path: ~/.cache/pypoetry key: ${{ runner.os }}-build-cache-poetry-packages-${{ hashFiles('**/poetry.lock') }} - name: Cache node modules - uses: actions/cache@v3 + uses: actions/cache@v5 with: path: ~/.npm key: ${{ runner.os }}-build-cache-npm-packages-${{ hashFiles('**/package-lock.json') }} diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 7b57a5db..e580d284 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -34,7 +34,7 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd - - uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6 + - uses: terraform-linters/setup-tflint@4cb9feea73331a35b422df102992a03a44a3bb33 name: Setup TFLint - name: Set architecture variable @@ -69,7 +69,7 @@ jobs: python .github/scripts/sbom_json_to_csv.py sbom.json SBOM_${REPO_NAME}.csv - name: Upload SBOM CSV as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-csv path: SBOM_${{ github.event.repository.name }}.csv @@ -92,7 +92,7 @@ jobs: - name: Upload Vulnerability Report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: grype-report path: grype-report-${{ github.event.repository.name }}.csv @@ -104,7 +104,7 @@ jobs: python .github/scripts/sbom_packages_to_csv.py sbom.json $REPO_NAME - name: Upload Package Inventory CSV - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: sbom-packages path: sbom-packages-${{ github.event.repository.name }}.csv \ No newline at end of file diff --git a/.github/workflows/spec-release-pipeline.yml b/.github/workflows/spec-release-pipeline.yml index 0cb2a86b..4ef5907f 100644 --- a/.github/workflows/spec-release-pipeline.yml +++ b/.github/workflows/spec-release-pipeline.yml @@ -17,7 +17,7 @@ jobs: PROXYGEN_API_NAME: hello-world steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 with: fetch-depth: 0