CI: update dependencies

- debian:bookworm-slim Docker digest to c00d13c
- github/codeql-action digest to ea9e4e3
- fsfe/reuse-action action to v5
- awslabs/aws-lc to v1.39.0

Closes #15555
Closes #15556
Closes #15579
Closes #15594

diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml
index 1a8d6116b1d965a8cd86271e7aab2728eb72e0b3..02c864b9bdc17675c256b833f64ee940d4135215 100644 (file)
--- a/.github/workflows/checksrc.yml
+++ b/.github/workflows/checksrc.yml
@@ -84,7 +84,7 @@ jobs:
         name: checkout
 
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4
+        uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5
 
   miscchecks:
     runs-on: ubuntu-24.04

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6ffb63f75ba8d3b4e992dc10b508d8707e82359f..6ea8e7049eebc877325ca2422b27aeecf03acbae 100644 (file)
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -51,7 +51,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3
+        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3
         with:
           languages: cpp
           queries: security-extended
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3
+        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #    make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3
+        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 88b4b1bde518e9f0b1854763027c823a173f9fc6..f16914be8ea6298b6cb623293c0a3760b037a350 100644 (file)
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -48,7 +48,7 @@ env:
   # renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com
   msh3-version: 0.6.0
   # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
-  awslc-version: 1.38.0
+  awslc-version: 1.39.0
   # handled in renovate.json
   openssl-version: 3.4.0
   # handled in renovate.json

diff --git a/Dockerfile b/Dockerfile
index 3f9ea1ba3ea97003ef16a5f65ebe16ecac0fd72a..6f78b0e48f8f9ae45eb6e73b64b0330e832aacb5 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,7 +24,7 @@
 #   $ ./scripts/maketgz 8.7.1
 
 # To update, get the latest digest e.g. from https://hub.docker.com/_/debian/tags
-FROM debian:bookworm-slim@sha256:d83056144b2dd301730d2739635c8cbdeaaae20d6887146434184f8c060f03ce
+FROM debian:bookworm-slim@sha256:c00d13c9aa5d1acfa44e5ababbb8d1f5ac53fa94bc2f993070ccea2dcaf5aa64
 
 RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends \
     build-essential make autoconf automake libtool git perl zip zlib1g-dev gawk && \