chore: upgrade scorecard workflow pinned action versions (#184) · expressjs/cookie-session@aa2ecf4
@@ -33,12 +33,12 @@ jobs:
33333434steps:
3535 - name: "Checkout code"
36-uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
36+uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3737with:
3838persist-credentials: false
39394040 - name: "Run analysis"
41-uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
41+uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
4242with:
4343results_file: results.sarif
4444results_format: sarif
@@ -60,14 +60,14 @@ jobs:
6060# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
6161# format to the repository Actions tab.
6262 - name: "Upload artifact"
63-uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
63+uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
6464with:
6565name: SARIF file
6666path: results.sarif
6767retention-days: 5
68686969# Upload the results to GitHub's code scanning dashboard.
7070 - name: "Upload to code-scanning"
71-uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2
71+uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
7272with:
7373sarif_file: results.sarif