diff --git a/.github/workflows/governance.yml b/.github/workflows/governance.yml index f4b6c85..5ac974a 100644 --- a/.github/workflows/governance.yml +++ b/.github/workflows/governance.yml @@ -34,4 +34,4 @@ jobs: # matches the sibling repos' pin (e.g. ochrance-framework). Bump # deliberately, never float: an unpinned reusable workflow is an # unpinned trust boundary. mirror.yml / scorecard.yml already pin. - uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@d135b05bfc647d0c0fbfedc7e80f37ea50f49236 + uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@d7c22711e830e1f383846472f6e9b99debdb201e \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 12d2daa..9be1957 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -21,6 +21,6 @@ jobs: contents: read security-events: write id-token: write - uses: hyperpolymath/standards/.github/workflows/scorecard-reusable.yml@d135b05bfc647d0c0fbfedc7e80f37ea50f49236 + uses: hyperpolymath/standards/.github/workflows/scorecard-reusable.yml@d7c22711e830e1f383846472f6e9b99debdb201e timeout-minutes: 10 - secrets: inherit + secrets: inherit \ No newline at end of file