diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 56e5980..251da92 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -69,7 +69,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/init@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -97,6 +97,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/analyze@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9e1758e..30fe729 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -11,7 +11,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7cdd812..9a6b719 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: 'Harden Runner' - uses: 'step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411' # v2.19.4 + uses: 'step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920' # v2.20.0 with: egress-policy: 'audit' @@ -42,6 +42,6 @@ jobs: retention-days: 5 - name: 'Upload to code-scanning' - uses: 'github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a' # v4 + uses: 'github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9' # v4 with: sarif_file: 'results.sarif'