ci(deps): Bump github/codeql-action from 3.25.15 to 4.32.6

.github/workflows/codeql.yml

@@ -44,7 +44,7 @@ jobs:
 
     # Initialize CodeQL tools for scanning
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
       with:
         languages: ${{ matrix.language }}
         # Use config file to explicitly control what gets scanned
@@ -54,11 +54,11 @@ jobs:
 
     # Autobuild attempts to build any compiled languages
     - name: Autobuild
-      uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
 
     # Perform CodeQL Analysis
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
       with:
         category: "/language:${{matrix.language}}"
         upload: true

.github/workflows/dependency-review.yml

@@ -107,7 +107,7 @@ jobs:
           scanners: 'vuln,secret,misconfig'
 
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
         with:
           sarif_file: 'trivy-fs-results.sarif'
           category: 'dependency-scan'

.github/workflows/develop-ci.yml

@@ -99,7 +99,7 @@ jobs:
 
       - name: Upload SARIF
         if: always()
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
         with:
           sarif_file: semgrep.sarif
           category: semgrep

.github/workflows/full-pipeline.yml

@@ -186,7 +186,7 @@ jobs:
       - name: Upload SARIF to Security Tab
         if: always() && steps.argus.outputs.sarif-path != ''
         continue-on-error: true
-        uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a  # v3
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v3
         with:
           sarif_file: ${{ steps.argus.outputs.sarif-path }}
           category: argus-full-pipeline

.github/workflows/hybrid-security-scan.yml

@@ -177,7 +177,7 @@ jobs:
 
       - name: Upload SARIF to GitHub Security
         if: always() && hashFiles('.argus/hybrid-results/*.sarif') != ''
-        uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a  # v3
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v3
         with:
           sarif_file: .argus/hybrid-results/
           category: hybrid-security-scan

.github/workflows/publish-container.yml

@@ -169,7 +169,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
         with:
           sarif_file: 'trivy-results.sarif'
           category: 'container-image'

.github/workflows/release-ci.yml

@@ -131,7 +131,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy results
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
         with:
           sarif_file: 'trivy-results.sarif'
 

.github/workflows/scorecard.yml

@@ -47,7 +47,7 @@ jobs:
 
     # Upload results to GitHub's code scanning dashboard
     - name: Upload SARIF to Code Scanning
-      uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
       with:
         sarif_file: results.sarif
         category: openssf-scorecard

.github/workflows/semgrep.yml

@@ -76,7 +76,7 @@ jobs:
     # Upload SARIF to GitHub Code Scanning
     - name: Upload SARIF to Code Scanning
       if: always()
-      uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a  # v3.25.15
+      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
       with:
         sarif_file: semgrep-results.sarif
         category: semgrep

action.yml

@@ -838,7 +838,7 @@ runs:
     # Upload SARIF from full pipeline to GitHub Security tab
     - name: Upload SARIF (Full Pipeline)
       if: ${{ inputs.pipeline-mode == 'full' && always() }}
-      uses: github/codeql-action/upload-sarif@b5ebac6f4c00c8ccddb7cdcd45fdb248329f808a  # v3
+      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v3
       continue-on-error: true
       with:
         sarif_file: ${{ inputs.project-path }}/.argus/hybrid-results/