fix(deps): update weekly-non-major-updates

2026-01-27 23:26:52 +00:00
parent 0da6f7620c
commit 300e89aa9a
6 changed files with 20 additions and 18 deletions
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -403,7 +403,7 @@ jobs:
      # Generate SBOM (Software Bill of Materials) for supply chain security
      # Only for production builds (main/development) - feature branches use downstream supply-chain-pr.yml
      - name: Generate SBOM
-        uses: anchore/sbom-action@62ad5284b8ced813296287a0b63906cb364b73ee # v0.22.0
+        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0.22.1
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.skip.outputs.is_feature_push != 'true'
        with:
          image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -142,7 +142,7 @@ jobs:
          sbom: true

      - name: Generate SBOM
-        uses: anchore/sbom-action@62ad5284b8ced813296287a0b63906cb364b73ee  # v0.22.0
+        uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56  # v0.22.1
        with:
          image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
          format: cyclonedx-json
@@ -300,7 +300,7 @@ jobs:
          name: sbom-nightly

      - name: Scan with Grype
-        uses: anchore/scan-action@0d444ed77d83ee2ba7f5ced0d90d640a1281d762  # v7.3.0
+        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175  # v7.3.1
        with:
          sbom: sbom-nightly.json
          fail-build: false
--- a/.github/workflows/security-pr.yml
+++ b/.github/workflows/security-pr.yml
@@ -214,7 +214,7 @@ jobs:
      - name: Upload Trivy SARIF to GitHub Security
        if: steps.check-artifact.outputs.artifact_exists == 'true'
        # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@ee1e1399e292f3386c840526dac6a4dc7509ad72
+        uses: github/codeql-action/upload-sarif@b126facd4e5d140dbdf5202489ec4a70ff75ce5c
        with:
          sarif_file: 'trivy-binary-results.sarif'
          category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }}
--- a/.github/workflows/supply-chain-pr.yml
+++ b/.github/workflows/supply-chain-pr.yml
@@ -296,7 +296,7 @@ jobs:
      - name: Upload SARIF to GitHub Security
        if: steps.check-artifact.outputs.artifact_found == 'true'
        # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@ee1e1399e292f3386c840526dac6a4dc7509ad72
+        uses: github/codeql-action/upload-sarif@b126facd4e5d140dbdf5202489ec4a70ff75ce5c
        continue-on-error: true
        with:
          sarif_file: grype-results.sarif