fix: update benchmark-action/github-action-benchmark to v1.22.0 and mlugg/setup-zig to v2.2.1 for improved security and functionality

2026-04-16 13:31:37 +00:00
parent 402a8b3105
commit 4232c0a8ee
2 changed files with 2 additions and 2 deletions
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -52,7 +52,7 @@ jobs:
        # This avoids gh-pages branch errors and permission issues on fork PRs
        if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main'
        # Security: Pinned to full SHA for supply chain security
-        uses: benchmark-action/github-action-benchmark@4e0b38bc48375986542b13c0d8976b7b80c60c00 # v1
+        uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0
        with:
          name: Go Benchmark
          tool: 'go'
--- a/.github/workflows/release-goreleaser.yml
+++ b/.github/workflows/release-goreleaser.yml
@@ -67,7 +67,7 @@ jobs:

      - name: Install Cross-Compilation Tools (Zig)
        # Security: Pinned to full SHA for supply chain security
-        uses: goto-bus-stop/setup-zig@abea47f85e598557f500fa1fd2ab7464fcb39406 # v2
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
        with:
          version: 0.13.0