From c352db634eafb2f2269f2cf469a6cbec6d797206 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Jul 2026 12:36:54 +0000 Subject: [PATCH] refactor(deps): update all dependencies --- .github/workflows/docker-build.yml | 20 ++++++++++---------- .github/workflows/release.yml | 2 +- .github/workflows/security.yml | 4 ++-- .pre-commit-config.yaml | 8 ++++---- Dockerfile | 2 +- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 06609c4..739d191 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Install cosign uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Docker meta id: meta - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 + uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6 with: # list of Docker images to use as base name for tags images: | @@ -47,17 +47,17 @@ jobs: type=sha,format=long type=raw,value=latest,enable={{is_default_branch}} - name: Set up QEMU - uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4 + uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4 - name: Login to Docker Hub - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4 if: github.event_name != 'pull_request' with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4 if: github.event_name != 'pull_request' with: registry: ghcr.io @@ -66,7 +66,7 @@ jobs: - name: Get Git commit timestamps run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV - name: Build Testimage - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7 env: SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }} with: @@ -77,7 +77,7 @@ jobs: - name: Run small selftest on build container image run: docker run -v "./tests/selftest.sh:/selftest.sh" "${{ env.TEST_TAG }}" ./selftest.sh - name: Build and push - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7 id: docker-build env: SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }} @@ -103,7 +103,7 @@ jobs: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@bfa4b33a029b9aa80ddb784b45574c30e072c59e # master + uses: aquasecurity/trivy-action@c07df6fec6fa692e6fd1200d50aaa1fdd66f03c8 # master if: ${{ github.event_name != 'pull_request' }} with: image-ref: "ghcr.io/anotherstranger/borg-server:sha-${{ github.sha }}" @@ -111,7 +111,7 @@ jobs: output: "trivy-results.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 if: ${{ github.event_name != 'pull_request' }} with: sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a3a341..bc9682b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 - name: Setup Node.js diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 5205974..e52ebc0 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: @@ -26,6 +26,6 @@ jobs: output: 'trivy-results-fs.sarif' severity: 'CRITICAL,HIGH,MEDIUM' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4 with: sarif_file: 'trivy-results-fs.sarif' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 38b35d1..66feeac 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -8,7 +8,7 @@ repos: - id: end-of-file-fixer - id: check-added-large-files - repo: https://github.com/commitizen-tools/commitizen - rev: v4.16.3 + rev: v4.16.4 hooks: - id: commitizen stages: @@ -24,14 +24,14 @@ repos: - -t - warning - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.48.0 + rev: v0.49.0 hooks: - id: markdownlint-fix args: - "-i" - "CHANGELOG.md" - repo: https://github.com/renovatebot/pre-commit-hooks - rev: 43.205.2 + rev: 43.249.4 hooks: - id: renovate-config-validator - repo: https://github.com/google/yamlfmt.git @@ -39,6 +39,6 @@ repos: hooks: - id: yamlfmt - repo: https://github.com/biomejs/pre-commit - rev: v2.4.16 + rev: v2.5.1 hooks: - id: biome-format diff --git a/Dockerfile b/Dockerfile index a470935..1caa61e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ ARG LIBFFI_VERSION="3.5.2-r0" # renovate: datasource=repology depName=alpine_3_23/linux-headers versioning=loose ARG LINUX_HEADERS_VERSION="6.16.12-r0" -FROM python:3.14.5-alpine3.23@sha256:5a824eb82cc75361f98611f3cfc5091ea33f10a6ccea4d4ebdabbc523b9a1614 AS base +FROM python:3.14.6-alpine3.24@sha256:26730869004e2b9c4b9ad09cab8625e81d256d1ce97e72df5520e806b1709f92 AS base ################################################################################ # BUILD BORGBACKUP FROM SOURCE USING PIP #