ci: Update 3rd-party components

tdrozdovsky · tdrozdovsky · commit adf9d8ffcf06 · 2025-05-16T13:49:58.000+03:00
Signed-off-by: Taras Drozdovskyi &lt;t.drozdovsky@samsung.com&gt;
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -55,7 +55,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -89,6 +89,6 @@ jobs:
         make
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml
@@ -27,6 +27,6 @@ jobs:
           path: ./results
 
       # Artifact download
-      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
+      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
          name: scan-fossology-report
diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml
@@ -26,6 +26,6 @@ jobs:
           path: ./license-finder-report
 
       - name: Artifact download
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           name: scan-license-finder-report
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
         with:
           egress-policy: audit
 
@@ -78,7 +78,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
         with:
           egress-policy: audit
 
@@ -111,22 +111,22 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/')
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
         with:
           egress-policy: audit
 
       - name: Download ${{ needs.build.outputs.version }}_s.bin
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           name: ${{ needs.build.outputs.version }}_s.bin
 
       - name: Download ${{ needs.build.outputs.version }}_ns.bin
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           name: ${{ needs.build.outputs.version }}_ns.bin
 
       - name: Upload assets
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631
         with:
           files: |
             ${{ needs.build.outputs.version }}_s.bin
diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml
@@ -27,6 +27,6 @@ jobs:
           path: ./results/
 
       - name: Artifact download
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093
         with:
           name: scan-scancode-report
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
         with:
           egress-policy: audit
 
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387
         with:
           sarif_file: results.sarif
