Merge pull request #2156 from intel/dependabot/github_actions/github-actions-88b8beaffd

tkatila · web-flow · commit 6ce7a217b865 · 2025-10-23T10:34:04.000+03:00
build(deps): bump the github-actions group across 1 directory with 2 updates
diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml
@@ -29,11 +29,11 @@ jobs:
         sudo apt-get update
         sudo apt-get install -y libze1 libze-dev
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+      uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v3
       with:
         languages: 'go'
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+      uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v3
       with:
         category: "/language:go"
diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml
@@ -113,7 +113,7 @@ jobs:
           echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
       - name: Install cosign
         if: ${{ inputs.image_tag != 'devel' }}
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 #v3.10.0
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0
       - name: Keyless image sign
         if: ${{ inputs.image_tag != 'devel' }}
         run: |
diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml
@@ -26,6 +26,6 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload results to security"
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml
@@ -31,6 +31,6 @@ jobs:
         format: sarif
         output: trivy-report.sarif
     - name: Upload sarif report to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+      uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3
       with:
         sarif_file: trivy-report.sarif
