⬆️🔒 Update requests and CI workflow versions (#88)

evaline-ju · web-flow · commit a9d65b641eab · 2026-04-07T15:34:31.000-06:00
* ⬆️🔒 Upgrade requests lower bound

Signed-off-by: Evaline Ju &lt;69598118+evaline-ju@users.noreply.github.com&gt;

* 🐛 Update versioning comments

Signed-off-by: Evaline Ju &lt;69598118+evaline-ju@users.noreply.github.com&gt;

* 📌 Pin to sha for workflow use

Signed-off-by: Evaline Ju &lt;69598118+evaline-ju@users.noreply.github.com&gt;

* ⏪ Revert incorrect version updates

Signed-off-by: Evaline Ju &lt;69598118+evaline-ju@users.noreply.github.com&gt;

---------

Signed-off-by: Evaline Ju &lt;69598118+evaline-ju@users.noreply.github.com&gt;
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Install uv
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v6
+        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8
 
       - name: Build protobufs
         run: USE_HTTPS=true ./proto-build.sh
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -56,7 +56,7 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13  # v4
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
         with:
           sarif_file: scorecard.sarif
 
diff --git a/.github/workflows/security-scans.yaml b/.github/workflows/security-scans.yaml
@@ -305,16 +305,16 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13  # v3
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
         with:
           languages: python
           queries: security-extended
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13  # v3
+        uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13  # v3
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
         with:
           category: "/language:python"
 
diff --git a/.github/workflows/self-assign.yml b/.github/workflows/self-assign.yml
@@ -17,6 +17,6 @@ permissions:
 
 jobs:
   self-assign:
-    uses: kagenti/.github/.github/workflows/self-assign-reusable.yml@main
+    uses: kagenti/.github/.github/workflows/self-assign-reusable.yml@679a2cd1cfde7eed742cf76e9f6608eb91cf1bdd  # main
     secrets:
       ISSUE_ASSIGN_TOKEN: ${{ secrets.ISSUE_ASSIGN_TOKEN }}
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
@@ -18,4 +18,4 @@ permissions:
 
 jobs:
   stale:
-    uses: kagenti/.github/.github/workflows/stale.yaml@main
+    uses: kagenti/.github/.github/workflows/stale.yaml@679a2cd1cfde7eed742cf76e9f6608eb91cf1bdd  # main
diff --git a/plugins/examples/nemocheck/pyproject.toml b/plugins/examples/nemocheck/pyproject.toml
@@ -46,7 +46,7 @@ authors = [
 dependencies = [
     "cpex==0.1.0.dev10",
     "mcp>=1.16.0",
-    "requests>=2.32.5",
+    "requests>=2.33.0",
 ]
 
 # URLs
diff --git a/plugins/examples/nemocheck/uv.lock b/plugins/examples/nemocheck/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ authors = [`
`46`	`46`	`dependencies = [`
`47`	`47`	`"cpex==0.1.0.dev10",`
`48`	`48`	`"mcp>=1.16.0",`
`49`		`- "requests>=2.32.5",`
	`49`	`+ "requests>=2.33.0",`
`50`	`50`	`]`
`51`	`51`
`52`	`52`	`# URLs`