ci(frontend): update licenses workflow dependencies and Node.js version (#4520)

# Description of Changes - Added the workflow file itself (`.github/workflows/frontend-licenses-update.yml`) to the trigger paths. - Updated `step-security/harden-runner` from **v2.12.2** → **v2.13.1**. - Bumped `actions/checkout` from **v4.2.2** → **v5.0.0**. - Upgraded `actions/setup-node` from **v4.1.0** (Node.js 18) → **v5.0.0** (Node.js 22). - Updated `actions/github-script` from **v7.0.1** → **v8.0.0**. These changes modernize the workflow, ensure compatibility with newer Node.js versions, and keep GitHub Actions up to date. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.
2025-11-16 01:21:16 +01:00 · 2025-09-29 13:21:48 +02:00 · 2025-09-29 13:21:48 +02:00 · 2228ae7197
commit 2228ae7197
parent 30987dcad2
1 changed files with 8 additions and 7 deletions
--- a/.github/workflows/frontend-licenses-update.yml
+++ b/.github/workflows/frontend-licenses-update.yml
@ -12,6 +12,7 @@ on:
    branches:
      - V2
    paths:
+      - ".github/workflows/frontend-licenses-update.yml"
      - "frontend/package.json"
      - "frontend/package-lock.json"
      - "frontend/scripts/generate-licenses.js"
@ -28,12 +29,12 @@ jobs:
      repository-projects: write # Required for enabling automerge
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - name: Checkout PR head (default)
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
          persist-credentials: false
@ -48,7 +49,7 @@ jobs:

      - name: Checkout BASE branch (safe script)
        if: github.event_name == 'pull_request'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          ref: ${{ github.event.pull_request.base.sha }}
          path: base
@ -56,9 +57,9 @@ jobs:
          persist-credentials: false

      - name: Set up Node.js
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
        with:
-          node-version: '18'
+          node-version: '22'
          cache: 'npm'
          cache-dependency-path: frontend/package-lock.json

@ -114,7 +115,7 @@ jobs:
      # PR Event: Check licenses and comment on PR
      - name: Delete previous license check comments
        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |
@ -167,7 +168,7 @@ jobs:

      - name: Comment on PR - License Check Results
        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.setup-bot.outputs.token }}
          script: |