Merge branch 'main' into dependabot/github_actions/actions/upload-artifact-4.4.3

Author: Raj-StepSecurity

.github/workflows/actions_release.yml

@@ -0,0 +1,21 @@
+name: Release GitHub Actions
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag for the release"
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
+    with:
+      tag: "${{ github.event.inputs.tag }}"

.github/workflows/audit-package.yml

@@ -0,0 +1,24 @@
+name: NPM Audit Fix Run
+
+on:
+  workflow_dispatch:
+    inputs:
+      force:
+        description: "Use --force flag for npm audit fix?"
+        required: true
+        type: boolean
+      base_branch:
+        description: "Specify a base branch"
+        required: false
+        default: "main"
+
+jobs:
+  audit-fix:
+    uses: step-security/reusable-workflows/.github/workflows/npm_audit_fix.yml@v1
+    with:
+      force: ${{ inputs.force }}
+      base_branch: ${{ inputs.base_branch }}
+
+permissions:
+  contents: write
+  pull-requests: write

.github/workflows/release.yml

@@ -11,7 +11,7 @@ inputs:
     required: false
     default: 'https://github.com/mikefarah/yq/releases/download/{version}/yq_{platform}_{arch}'
 runs:
-  using: 'node16'
+  using: 'node20'
   main: 'dist/index.js'
 icon: book-open
 color: '#FFFF00'