diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index be5f3105..efdc1e22 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2.26.9 + uses: github/codeql-action/init@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2.26.10 # Override language selection by uncommenting this and choosing your languages with: languages: javascript @@ -32,7 +32,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2.26.9 + uses: github/codeql-action/autobuild@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2.26.10 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -46,4 +46,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2.26.9 + uses: github/codeql-action/analyze@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2.26.10 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a5f87c44..34e18ba6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -63,6 +63,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2.26.9 + uses: github/codeql-action/upload-sarif@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2.26.10 with: sarif_file: results.sarif