From 82c46c4498e1de6ea4cb6f2e2ce01a40187579ec Mon Sep 17 00:00:00 2001 From: Subin Lee Date: Mon, 20 Apr 2026 15:13:52 +0900 Subject: [PATCH] ci: bump actions/setup-node to v6.4.0 to resolve zizmor ref-version-mismatch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit zizmor v1.24.1의 `ref-version-mismatch` 룰이 pinned SHA와 주석 버전 불일치를 감지하여 경고 7건이 GitHub Actions Security job을 exit 13으로 실패시킴. 이전 상태: - SHA `53b83947...` = actions/setup-node v6.3.0 - 주석 `# v6`은 현재 v6 floating tag가 가리키는 v6.4.0 암시 해결: - actions/setup-node를 v6.4.0(`48b55a011bda`)으로 실제 업그레이드 - 주석도 구체적 `# v6.4.0`으로 정합 - v6.4.0은 의존성 업데이트(@actions/*, Node 버전 versions.yml) 외 breaking change 없는 minor release 적용 파일(7곳): - .github/workflows/ci.yml L37, L69, L112 - .github/workflows/release.yml L120, L192, L250 - .github/workflows/build-docs.yaml L30 관련 실패 run: solapi/solapi-nodejs 24647689822 Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/build-docs.yaml | 2 +- .github/workflows/ci.yml | 6 +++--- .github/workflows/release.yml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml index a2f5395f..cb485799 100644 --- a/.github/workflows/build-docs.yaml +++ b/.github/workflows/build-docs.yaml @@ -27,7 +27,7 @@ jobs: with: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 - name: Setup Pages diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d20b495a..8f02b88c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,7 +34,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 cache: pnpm @@ -66,7 +66,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.node-version }} cache: pnpm @@ -109,7 +109,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 cache: pnpm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3ff9f68f..3abbd780 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -117,7 +117,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 @@ -189,7 +189,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 18 @@ -247,7 +247,7 @@ jobs: run_install: false - name: Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24 registry-url: https://registry.npmjs.org