diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index df02559..9b8c2c1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,11 +51,11 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # tag=codeql-bundle-v4.31.9 + uses: github/codeql-action/init@19b2f06db2b6f5108140aeb04014ef02b648f789 # tag=codeql-bundle-v4.31.11 with: languages: ${{ matrix.language }} @@ -65,7 +65,7 @@ jobs: # manually (see below). # manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # tag=codeql-bundle-v4.31.9 + uses: github/codeql-action/autobuild@19b2f06db2b6f5108140aeb04014ef02b648f789 # tag=codeql-bundle-v4.31.11 # ℹī¸ Command-line programs to run using the OS shell. 📚 # https://git.io/JvXDl @@ -83,4 +83,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # tag=codeql-bundle-v4.31.9 + uses: github/codeql-action/analyze@19b2f06db2b6f5108140aeb04014ef02b648f789 # tag=codeql-bundle-v4.31.11 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 115d132..2633ed9 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,6 +16,6 @@ jobs: with: # TODO: change to 'egress-policy: block' after couple of runs egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2 - name: 'Dependency Review' uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # tag=v4.8.2 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 689ec33..4d04e37 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -28,7 +28,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2 with: persist-credentials: false @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # tag=codeql-bundle-v4.31.9 + uses: github/codeql-action/upload-sarif@19b2f06db2b6f5108140aeb04014ef02b648f789 # tag=codeql-bundle-v4.31.11 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index db31f08..2f13051 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -23,7 +23,7 @@ jobs: uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # tag=v2.14.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # tag=v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # tag=v6.0.2 - name: Sync repository labels if: success() uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916 # tag=v5.3.0