deps: update GitHub action dependencies (#3989)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-08 06:33:05 -05:00 · 2025-10-21 09:16:37 +02:00 · 2025-10-21 09:16:37 +02:00 · d02c256130
commit d02c256130
parent 5d538bbc1c
5 changed files with 6 additions and 6 deletions
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@ -77,7 +77,7 @@ runs:

    - name: Install Cosign
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
-      uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1

    - name: Install Rekor
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
--- a/.github/actions/container_sbom/action.yml
+++ b/.github/actions/container_sbom/action.yml
@ -19,7 +19,7 @@ runs:
  steps:
    - name: Install Cosign
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
-      uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+      uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1

    - name: Download Syft & Grype
      uses: ./.github/actions/install_syft_grype
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -44,7 +44,7 @@ jobs:
          cache: false

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
+        uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
        with:
          languages: ${{ matrix.language }}

@ -63,6 +63,6 @@ jobs:
          echo "::endgroup::"

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
+        uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
        with:
          category: "/language:${{ matrix.language }}"
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@ -261,7 +261,7 @@ jobs:
          ref: ${{ inputs.ref || github.head_ref }}

      - name: Install Cosign
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1

      - name: Download Syft & Grype
        uses: ./.github/actions/install_syft_grype
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -37,6 +37,6 @@ jobs:
          retention-days: 5

      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@755f44910c12a3d7ca0d8c6e42c048b3362f7cec # v3.30.8
+        uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
        with:
          sarif_file: results.sarif