ci: scorecard: bump actions to latest as per dependabot

Apply dependabot suggested updates to the `scorecard` workflow to pull latest versions of the actions. Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
2025-03-18 17:53:03 +01:00 · 2025-03-18 17:53:03 +01:00 · d5b2fcffa5
commit d5b2fcffa5
parent 078ac84db0
1 changed files with 2 additions and 2 deletions
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -34,7 +34,7 @@ jobs:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
@ -56,6 +56,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard (optional).
      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
        with:
          sarif_file: results.sarif