diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml index 2a04a5a..2fd4999 100644 --- a/.github/workflows/publish-chart.yaml +++ b/.github/workflows/publish-chart.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 + uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0 with: egress-policy: audit diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index 43f9f72..8775aeb 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -11,7 +11,7 @@ jobs: # Skip any PR created by dependabot to avoid permission issues if: (github.actor != 'dependabot[bot]') container: - image: semgrep/semgrep:1.168.0@sha256:59fbed6127ea7c5dde3ba6a85142733bb20ea9aaa36120c953904f1539aaf66e + image: semgrep/semgrep:1.169.0@sha256:2b33f46ba66cf8cc2ad59ccfa7d22951fd00c632c38f1339e84ec8e6e641a942 steps: # Fetch project source - uses: actions/checkout@v7 @@ -31,6 +31,6 @@ jobs: # Upload findings to GitHub Advanced Security Dashboard [step 2/2] - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + uses: github/codeql-action/upload-sarif@99df26d4f13ea111d4ec1a7dddef6063f76b97e9 # v4.37.0 with: sarif_file: semgrep.sarif \ No newline at end of file