diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 18cdb48..479a193 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -34,6 +34,6 @@ jobs: path: results.sarif retention-days: 5 - - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/CHANGELOG.md b/CHANGELOG.md index 59eee46..3d8ee02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ under the affected version with a reference to the CVE or advisory. ### Changed - Bump `google.golang.org/grpc` from 1.81.1 to 1.82.0 (routine minor release; transitive bump to `google.golang.org/genproto/googleapis/rpc`) +- Bump `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3 (CI: pinned SHA update) ---