diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3783d32..deee674 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -44,7 +44,7 @@ jobs: - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # post-v2.9.1 - name: Install cargo-llvm-cov - uses: taiki-e/install-action@6c1f7cf125e42770ff087ea443901b487cc5471a # v2.79.5 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: cargo-llvm-cov diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 50590e9..bb082be 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -82,7 +82,7 @@ jobs: # Scorecard's Signed-Releases check pattern-matches on the # `.sig` extension next to release assets. - name: Install cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign SBOMs with cosign (keyless) run: |