UID2-6742: upgrade Node.js 20 actions to Node.js 24-compatible versions

.github/workflows/build-and-test.yaml

@@ -3,7 +3,7 @@ on: [pull_request, push]
 
 jobs:
   build:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@sch-UID2-6742-update-node20-actions
     secrets: inherit
     with:
       vulnerability_scan_only: true

.github/workflows/shared-build-and-test.yaml

@@ -31,18 +31,18 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Checkout uid2-shared-actions repo
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          ref: v3
+          ref: sch-UID2-6742-update-node20-actions
           repository: IABTechLab/uid2-shared-actions
           path: uid2-shared-actions
 
       - name: Set up JDK
         if: ${{ inputs.vulnerability_scan_only == 'false' }}
-        uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ inputs.java_version }}
@@ -66,7 +66,7 @@ jobs:
 
       - name: Archive code coverage results
         if: ${{ inputs.vulnerability_scan_only == 'false' }}
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: code-coverage-report
           path: ${{ inputs.working_dir }}/target/site/jacoco/*

.github/workflows/shared-check-stable-dependency.yaml

@@ -8,7 +8,7 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Resolve dependencies
         run: mvn -B dependency:resolve

.github/workflows/shared-increase-version-number.yaml

@@ -44,7 +44,7 @@ jobs:
         with:
           release_type: ${{ inputs.release_type }}
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: 20
 
@@ -74,7 +74,7 @@ jobs:
       - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json and ${{ inputs.working_dir }}/version.json
         if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE != 'true' }}
         id: commit-without-tag
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
@@ -83,15 +83,15 @@ jobs:
       - name: Commit ${{ inputs.working_dir }}/package.json, ${{ inputs.working_dir }}/package-lock.json, ${{ inputs.working_dir }}/version.json and set tag
         if: ${{ inputs.version_number_input == '' && steps.setup.outputs.IS_RELEASE == 'true' }}
         id: commit-and-tag
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/package.json ${{ inputs.working_dir }}/package-lock.json ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
           tag: v${{ steps.version.outputs.new_version }}
           github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }}
 
       - name: Print outputs
-        uses: actions/github-script@v7
+        uses: actions/github-script@d746ffe35508b1917358783b479e04febd2b8f71 # v9.0.0
         with:
           script: |
             console.log('Result', '${{ steps.commit-and-tag.outcome }}');

.github/workflows/shared-promote-auto-pr.yaml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Create Pull Request
         run: |
           echo "branch ${{ github.ref }} was pushed to"

.github/workflows/shared-publish-java-to-docker-versioned.yaml

@@ -72,7 +72,7 @@ jobs:
     steps:
       - name: Check branch and release type
         id: checkRelease
-        uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3
+        uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@sch-UID2-6742-update-node20-actions
         with:
           release_type: ${{ inputs.release_type }}
           force_release: ${{ inputs.force_release }}
@@ -87,20 +87,20 @@ jobs:
             IS_RELEASE: ${{ steps.checkRelease.outputs.is_release }}
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ inputs.java_version }}
 
       - name: Checkout full history on Main
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         if: ${{ inputs.version_number_input == ''}}
         with:
           # git-restore-mtime requires full git history. The default fetch-depth value (1) creates a shallow checkout.
           fetch-depth: 0
 
       - name: Checkout full history at tag v${{ inputs.version_number_input }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         if: ${{ inputs.version_number_input != ''}}
         with:
           ref: v${{ inputs.version_number_input }}
@@ -112,7 +112,7 @@ jobs:
 
       - name: Set version number
         id: version
-        uses: IABTechLab/uid2-shared-actions/actions/version_number@v2
+        uses: IABTechLab/uid2-shared-actions/actions/version_number@sch-UID2-6742-update-node20-actions
         with:
           type: ${{ inputs.release_type }}
           version_number: ${{ inputs.version_number_input }}
@@ -145,31 +145,31 @@ jobs:
 
       - name: Commit pom.xml and version.json
         if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release != 'true' }}
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{inputs.working_dir}}/pom.xml version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
           github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }}
 
       - name: Commit pom.xml, version.json and set tag
         if: ${{ inputs.version_number_input == '' && steps.checkRelease.outputs.is_release == 'true' }}
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{inputs.working_dir}}/pom.xml version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
           tag: v${{ steps.version.outputs.new_version }}
           github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }}
 
       - name: Log in to the Docker container registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ inputs.append_image_name }}
           tags: |
@@ -183,7 +183,7 @@ jobs:
           echo "firstTag=$FIRST_TAG" >> $GITHUB_OUTPUT
 
       - name: Build and export to Docker
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
           context: ${{inputs.working_dir}}
           load: true
@@ -194,7 +194,7 @@ jobs:
             IMAGE_VERSION=${{ steps.version.outputs.new_version }}
 
       - name: Vulnerability Scan
-        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions
         with:
           scan_severity: HIGH,CRITICAL
           failure_severity: ${{ inputs.vulnerability_severity }}
@@ -203,7 +203,7 @@ jobs:
           scan_type: image
 
       - name: Push to Docker
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         with:
           context: ${{inputs.working_dir}}
           push: true
@@ -229,11 +229,11 @@ jobs:
 
       - name: Delete Draft Releases
         if: ${{ steps.checkRelease.outputs.is_release == 'true' }}
-        uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@v3
+        uses: IABTechLab/uid2-shared-actions/actions/delete_draft_releases@sch-UID2-6742-update-node20-actions
 
       - name: Create Release
         if: ${{ steps.checkRelease.outputs.is_release == 'true' }}
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ steps.version.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}

.github/workflows/shared-publish-to-docker-versioned.yaml

@@ -62,7 +62,7 @@ jobs:
 
       - name: Publish to Docker
         id: publishToDocker
-        uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@v3
+        uses: IABTechLab/uid2-shared-actions/actions/shared_publish_to_docker@sch-UID2-6742-update-node20-actions
         with:
           new_version: ${{ inputs.new_version }}
           image_tag: ${{ inputs.image_tag }}

.github/workflows/shared-publish-to-ios-version.yaml

@@ -44,7 +44,7 @@ jobs:
           release_type: ${{ inputs.release_type }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
@@ -91,7 +91,7 @@ jobs:
           xcodebuild test -scheme UID2Prebid -destination "OS=26.2,name=iPhone 17"
 
       - name: Commit SDK properties, podspecs, version.json and set tag
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/Sources/UID2/Properties/UID2SDKProperties.swift ${{ inputs.working_dir }}/UID2.podspec.json ${{ inputs.working_dir }}/UID2Prebid.podspec.json ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
@@ -112,7 +112,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ steps.version.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}

.github/workflows/shared-publish-to-maven-versioned.yaml

@@ -64,19 +64,19 @@ jobs:
           release_type: ${{ inputs.release_type }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
       - name: Checkout uid2-shared-actions repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          ref: v3
+          ref: sch-UID2-6742-update-node20-actions
           repository: IABTechLab/uid2-shared-actions
           path: uid2-shared-actions
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
         with:
           distribution: 'temurin'
           java-version: ${{ inputs.java_version }}
@@ -87,7 +87,7 @@ jobs:
           key: ${{ secrets.GPG_KEY }}
 
       - name: Vulnerability Scan
-        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions
         with:
           scan_severity: HIGH,CRITICAL
           failure_severity: ${{ inputs.vulnerability_failure_severity }}
@@ -144,15 +144,15 @@ jobs:
 
       - name: Commit pom.xml and version.json
         if: ${{ steps.checkRelease.outputs.is_release != 'true' }}
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
           github_token: ${{ inputs.merge_environment != '' && secrets.GH_MERGE_TOKEN || '' }}
 
       - name: Commit pom.xml, version.json and set tag
         if: ${{ steps.checkRelease.outputs.is_release == 'true' }}
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/pom.xml ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
@@ -175,7 +175,7 @@ jobs:
 
       - name: Create Release
         if: ${{ env.IS_RELEASE == 'true' }}
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ steps.version.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}

.github/workflows/shared-publish-to-nuget-versioned.yaml

@@ -54,12 +54,12 @@ jobs:
           release_type: ${{ inputs.release_type }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
       - name: Setup dotnet ${{ inputs.dotnet_version }}
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
         with:
           dotnet-version: ${{ inputs.dotnet_version }}
 
@@ -86,7 +86,7 @@ jobs:
 
       - name: Vulnerability Scan
         id: vulnerability-scan
-        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions
         with:
           scan_severity: ${{ inputs.vulnerability_severity }}
           failure_severity: ${{ inputs.vulnerability_severity }}
@@ -100,7 +100,7 @@ jobs:
           dotnet nuget push ./src/UID2.Client/bin/Release/UID2.Client.${{ steps.version.outputs.new_version }}.nupkg -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json
 
       - name: Commit UID2.Client.nuspec, version.json and set tag
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/UID2.Client.nuspec ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
@@ -123,7 +123,7 @@ jobs:
 
       - name: Create Release
         if: ${{ steps.checkRelease.outputs.is_release == 'true' }} 
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ steps.version.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}

.github/workflows/shared-publish-to-pypi-versioned.yaml

@@ -51,12 +51,12 @@ jobs:
           release_type: ${{ inputs.release_type }}
 
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
       - name: Vulnerability Scan
-        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@v3
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan@sch-UID2-6742-update-node20-actions
         with:
           scan_severity: HIGH,CRITICAL
           failure_severity: ${{ inputs.vulnerability_failure_severity }}
@@ -90,7 +90,7 @@ jobs:
           python3 -m twine upload dist/* -u __token__ -p "${{ secrets.PYPI_API_KEY }}"
 
       - name: Commit pyproject.toml, version.json and set tag
-        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v3
+        uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@sch-UID2-6742-update-node20-actions
         with:
           add: '${{ inputs.working_dir }}/pyproject.toml ${{ inputs.working_dir }}/version.json'
           message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}'
@@ -111,7 +111,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           name: v${{ steps.version.outputs.new_version }}
           body: ${{ steps.github_release.outputs.changelog }}