From 79e9deb2436a4306ebc2cd8b400693d45df4eb8e Mon Sep 17 00:00:00 2001 From: axi92 Date: Mon, 8 Jun 2026 12:56:29 +0200 Subject: [PATCH 1/5] chore: bump claude-code-action to 1.0.140 v1 was a moving tag, now using pinned versions This does not changes the security because only the git sha is used, just to clarify what tag the sha is. --- .github/allowed-actions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/allowed-actions.json b/.github/allowed-actions.json index 410f2f4..8bcc859 100644 --- a/.github/allowed-actions.json +++ b/.github/allowed-actions.json @@ -3,7 +3,7 @@ { "repo": "amannn/action-semantic-pull-request", "sha": "48f256284bd46cdaab1048c3721360e808335d50", "version": "v6.1.1" }, { "repo": "aquasecurity/trivy-action", "sha": "ed142fd0673e97e23eac54620cfb913e5ce36c25", "version": "v0.36.0" }, { "repo": "axi92/flutter-action", "sha": "72633a794ba0b23276fa4fc465a6cacb758a90c5", "version": "" }, - { "repo": "anthropics/claude-code-action", "sha": "c3d45e8e941e1b2ad7b278c57482d9c5bf1f35b3", "version": "v1" }, + { "repo": "anthropics/claude-code-action", "sha": "fbda2eb1bdc90d319b8d853f5deb53bca199a7c1", "version": "v1.0.140" }, { "repo": "docker/build-push-action", "sha": "bcafcacb16a39f128d818304e6c9c0c18556b85f", "version": "v7.1.0" }, { "repo": "docker/login-action", "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121", "version": "v4.1.0" }, { "repo": "docker/metadata-action", "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf", "version": "v6.0.0" }, From 484dfbb49ea1149621a8e8dd1ec0a577efa44aaf Mon Sep 17 00:00:00 2001 From: axi92 Date: Mon, 8 Jun 2026 12:58:50 +0200 Subject: [PATCH 2/5] fix: wrong sha to version for flutter-action --- .github/allowed-actions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/allowed-actions.json b/.github/allowed-actions.json index 8bcc859..cf5a114 100644 --- a/.github/allowed-actions.json +++ b/.github/allowed-actions.json @@ -2,7 +2,7 @@ "include": [ { "repo": "amannn/action-semantic-pull-request", "sha": "48f256284bd46cdaab1048c3721360e808335d50", "version": "v6.1.1" }, { "repo": "aquasecurity/trivy-action", "sha": "ed142fd0673e97e23eac54620cfb913e5ce36c25", "version": "v0.36.0" }, - { "repo": "axi92/flutter-action", "sha": "72633a794ba0b23276fa4fc465a6cacb758a90c5", "version": "" }, + { "repo": "axi92/flutter-action", "sha": "1a449444c387b1966244ae4d4f8c696479add0b2", "version": "v2.23.0" }, { "repo": "anthropics/claude-code-action", "sha": "fbda2eb1bdc90d319b8d853f5deb53bca199a7c1", "version": "v1.0.140" }, { "repo": "docker/build-push-action", "sha": "bcafcacb16a39f128d818304e6c9c0c18556b85f", "version": "v7.1.0" }, { "repo": "docker/login-action", "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121", "version": "v4.1.0" }, From d04148c0b9ad390f10982f7ad977014c2ecd770a Mon Sep 17 00:00:00 2001 From: axi92 Date: Mon, 8 Jun 2026 13:07:06 +0200 Subject: [PATCH 3/5] chore: bump docker/build-push-action --- .github/allowed-actions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/allowed-actions.json b/.github/allowed-actions.json index cf5a114..a927bf0 100644 --- a/.github/allowed-actions.json +++ b/.github/allowed-actions.json @@ -4,7 +4,7 @@ { "repo": "aquasecurity/trivy-action", "sha": "ed142fd0673e97e23eac54620cfb913e5ce36c25", "version": "v0.36.0" }, { "repo": "axi92/flutter-action", "sha": "1a449444c387b1966244ae4d4f8c696479add0b2", "version": "v2.23.0" }, { "repo": "anthropics/claude-code-action", "sha": "fbda2eb1bdc90d319b8d853f5deb53bca199a7c1", "version": "v1.0.140" }, - { "repo": "docker/build-push-action", "sha": "bcafcacb16a39f128d818304e6c9c0c18556b85f", "version": "v7.1.0" }, + { "repo": "docker/build-push-action", "sha": "f9f3042f7e2789586610d6e8b85c8f03e5195baf", "version": "v7.2.0" }, { "repo": "docker/login-action", "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121", "version": "v4.1.0" }, { "repo": "docker/metadata-action", "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf", "version": "v6.0.0" }, { "repo": "docker/setup-buildx-action", "sha": "4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd", "version": "v4.0.0 " }, From 96ad92ad7c58019843e84c6c893b3b5ec99b0d86 Mon Sep 17 00:00:00 2001 From: axi92 Date: Mon, 8 Jun 2026 13:08:50 +0200 Subject: [PATCH 4/5] chore: bump remaining docker actions --- .github/allowed-actions.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/allowed-actions.json b/.github/allowed-actions.json index a927bf0..f38241a 100644 --- a/.github/allowed-actions.json +++ b/.github/allowed-actions.json @@ -5,9 +5,9 @@ { "repo": "axi92/flutter-action", "sha": "1a449444c387b1966244ae4d4f8c696479add0b2", "version": "v2.23.0" }, { "repo": "anthropics/claude-code-action", "sha": "fbda2eb1bdc90d319b8d853f5deb53bca199a7c1", "version": "v1.0.140" }, { "repo": "docker/build-push-action", "sha": "f9f3042f7e2789586610d6e8b85c8f03e5195baf", "version": "v7.2.0" }, - { "repo": "docker/login-action", "sha": "4907a6ddec9925e35a0a9e82d7399ccc52663121", "version": "v4.1.0" }, - { "repo": "docker/metadata-action", "sha": "030e881283bb7a6894de51c315a6bfe6a94e05cf", "version": "v6.0.0" }, - { "repo": "docker/setup-buildx-action", "sha": "4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd", "version": "v4.0.0 " }, + { "repo": "docker/login-action", "sha": "650006c6eb7dba73a995cc03b0b2d7f5ca915bee", "version": "v4.2.0" }, + { "repo": "docker/metadata-action", "sha": "80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9", "version": "v6.1.0" }, + { "repo": "docker/setup-buildx-action", "sha": "d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5", "version": "v4.1.0 " }, { "repo": "evva-sfw/workflows", "sha": "bc323490730128e914068868fe76a82726c26de6", "version": "" }, { "repo": "iarekylew00t/verified-bot-commit", "sha": "126a6a11889ab05bcff72ec2403c326cd249b84c", "version": "v2.3.0" }, { "repo": "irgaly/xcode-cache", "sha": "4141f139f00e335c6e1031fb93e667181f86146f", "version": "v1.9.2" }, From 08ff9d068092d7720bed2a511afdd1a2d48e4a01 Mon Sep 17 00:00:00 2001 From: axi92 Date: Mon, 8 Jun 2026 13:10:40 +0200 Subject: [PATCH 5/5] chore: bump verified-bot-commit --- .github/allowed-actions.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/allowed-actions.json b/.github/allowed-actions.json index f38241a..6e06549 100644 --- a/.github/allowed-actions.json +++ b/.github/allowed-actions.json @@ -9,7 +9,7 @@ { "repo": "docker/metadata-action", "sha": "80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9", "version": "v6.1.0" }, { "repo": "docker/setup-buildx-action", "sha": "d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5", "version": "v4.1.0 " }, { "repo": "evva-sfw/workflows", "sha": "bc323490730128e914068868fe76a82726c26de6", "version": "" }, - { "repo": "iarekylew00t/verified-bot-commit", "sha": "126a6a11889ab05bcff72ec2403c326cd249b84c", "version": "v2.3.0" }, + { "repo": "iarekylew00t/verified-bot-commit", "sha": "5b4e8852dc472093935b8debcb81459bb79f7986", "version": "v2.3.2" }, { "repo": "irgaly/xcode-cache", "sha": "4141f139f00e335c6e1031fb93e667181f86146f", "version": "v1.9.2" }, { "repo": "oven-sh/setup-bun", "sha": "0c5077e51419868618aeaa5fe8019c62421857d6", "version": "v2.2.0" }, { "repo": "sigstore/cosign-installer", "sha": "cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003", "version": "v4.1.1" },