From 5e4a9128717d0afdda1b7eff63e77e41cfce8683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 09:47:08 +0000 Subject: [PATCH] ci(deps): Bump github/codeql-action from 3.25.15 to 4.32.6 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 4.32.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.25.15...0d579ffd059c29b07949a3cce3983f0780820c98) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/dependency-review.yml | 2 +- .github/workflows/develop-ci.yml | 2 +- .github/workflows/full-pipeline.yml | 2 +- .github/workflows/hybrid-security-scan.yml | 2 +- .github/workflows/publish-container.yml | 2 +- .github/workflows/release-ci.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/semgrep.yml | 2 +- action.yml | 2 +- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 15f3dad..0f647f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: # Initialize CodeQL tools for scanning - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: languages: ${{ matrix.language }} # Use config file to explicitly control what gets scanned @@ -54,11 +54,11 @@ jobs: # Autobuild attempts to build any compiled languages - name: Autobuild - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 # Perform CodeQL Analysis - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: category: "/language:${{matrix.language}}" upload: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e28dc6c..b1b0699 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -107,7 +107,7 @@ jobs: scanners: 'vuln,secret,misconfig' - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: 'trivy-fs-results.sarif' category: 'dependency-scan' diff --git a/.github/workflows/develop-ci.yml b/.github/workflows/develop-ci.yml index f11cac4..1f877b4 100644 --- a/.github/workflows/develop-ci.yml +++ b/.github/workflows/develop-ci.yml @@ -99,7 +99,7 @@ jobs: - name: Upload SARIF if: always() - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: semgrep.sarif category: semgrep diff --git a/.github/workflows/full-pipeline.yml b/.github/workflows/full-pipeline.yml index 10e50cb..7a26c9d 100644 --- a/.github/workflows/full-pipeline.yml +++ b/.github/workflows/full-pipeline.yml @@ -186,7 +186,7 @@ jobs: - name: Upload SARIF to Security Tab if: always() && steps.argus.outputs.sarif-path != '' continue-on-error: true - uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3 with: sarif_file: ${{ steps.argus.outputs.sarif-path }} category: argus-full-pipeline diff --git a/.github/workflows/hybrid-security-scan.yml b/.github/workflows/hybrid-security-scan.yml index 39e4872..55c117b 100644 --- a/.github/workflows/hybrid-security-scan.yml +++ b/.github/workflows/hybrid-security-scan.yml @@ -177,7 +177,7 @@ jobs: - name: Upload SARIF to GitHub Security if: always() && hashFiles('.argus/hybrid-results/*.sarif') != '' - uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3 with: sarif_file: .argus/hybrid-results/ category: hybrid-security-scan diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 208a204..0e77187 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -169,7 +169,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy results to GitHub Security - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: 'trivy-results.sarif' category: 'container-image' diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index abefa72..d0689b4 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -131,7 +131,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy results - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index aa31f55..733e033 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -47,7 +47,7 @@ jobs: # Upload results to GitHub's code scanning dashboard - name: Upload SARIF to Code Scanning - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: results.sarif category: openssf-scorecard diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index bda13cb..4b54f83 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -76,7 +76,7 @@ jobs: # Upload SARIF to GitHub Code Scanning - name: Upload SARIF to Code Scanning if: always() - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: semgrep-results.sarif category: semgrep diff --git a/action.yml b/action.yml index 6bcb382..1110310 100644 --- a/action.yml +++ b/action.yml @@ -838,7 +838,7 @@ runs: # Upload SARIF from full pipeline to GitHub Security tab - name: Upload SARIF (Full Pipeline) if: ${{ inputs.pipeline-mode == 'full' && always() }} - uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a # v3 + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v3 continue-on-error: true with: sarif_file: ${{ inputs.project-path }}/.argus/hybrid-results/