From 525dbda177c4bb16a57ab0a4c7b7bbc2b27a8685 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 05:14:05 +0000 Subject: [PATCH] chore(deps): bump the everything group with 2 updates Bumps the everything group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [KineticCafe/actions-dco](https://github.com/kineticcafe/actions-dco). Updates `github/codeql-action` from 4.35.3 to 4.35.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e) Updates `KineticCafe/actions-dco` from 2.1.1 to 3.0.0 - [Release notes](https://github.com/kineticcafe/actions-dco/releases) - [Changelog](https://github.com/KineticCafe/actions-dco/blob/main/CHANGELOG.md) - [Commits](https://github.com/kineticcafe/actions-dco/compare/6e1652ef3027ce128e65e6edd215ae053350bd16...f7fe2fdfb5808e2528042be3919b67079100b96b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: everything - dependency-name: KineticCafe/actions-dco dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: everything ... Signed-off-by: dependabot[bot] --- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/test-dco.yml | 2 +- .github/workflows/test-sast.yml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index a20e1f1..9efe098 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -69,6 +69,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: 'Upload to code-scanning' - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 with: sarif_file: results.sarif diff --git a/.github/workflows/test-dco.yml b/.github/workflows/test-dco.yml index 150de0c..90c0120 100644 --- a/.github/workflows/test-dco.yml +++ b/.github/workflows/test-dco.yml @@ -12,4 +12,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Check for Developer Certificate of Origin (DCO) compiance - uses: KineticCafe/actions-dco@6e1652ef3027ce128e65e6edd215ae053350bd16 # v2.1.1 + uses: KineticCafe/actions-dco@f7fe2fdfb5808e2528042be3919b67079100b96b # v3.0.0 diff --git a/.github/workflows/test-sast.yml b/.github/workflows/test-sast.yml index 6cbeb35..2b9c69c 100644 --- a/.github/workflows/test-sast.yml +++ b/.github/workflows/test-sast.yml @@ -97,16 +97,16 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Initialize CodeQL - uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v2.27.7 + uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v2.27.7 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v2.27.7 + uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v2.27.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v2.27.7 + uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v2.27.7 with: category: "/language:${{ matrix.language }}"