chore(deps): update github-actions: bump the github-actions-version-updates group with 2 updates

.github/workflows/cfn_nag.yml

@@ -35,7 +35,7 @@ jobs:
           output_path: cfn_nag.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
 
         # Results are generated only on a success or failure
         # this is required since GitHub by default won't run the next step

.github/workflows/checkov.yml

@@ -35,7 +35,7 @@ jobs:
           output_file_path: console,results.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
 
         # Results are generated only on a success or failure
         # this is required since GitHub by default won't run the next step

.github/workflows/codeql.yml

@@ -71,7 +71,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+      uses: github/codeql-action/init@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -99,6 +99,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+      uses: github/codeql-action/analyze@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/powershell.yml

@@ -37,6 +37,6 @@ jobs:
           output: results.sarif
 
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
         with:
           sarif_file: results.sarif

.github/workflows/pre-commit.yml

@@ -46,7 +46,7 @@ jobs:
         echo "vars.GITHUB_WORKSPACE=${{ vars.GITHUB_WORKSPACE }}"
         python -m pip install --require-hashes --requirement ${{ github.workspace }}/.github/workflows/pre-commit-requirements.txt
         python -m pip freeze --local
-    - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb #v5.0.1
+    - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 #v5.0.2
       with:
         path: ~/.cache/pre-commit
         key: pre-commit-3|${{ runner.os }}|${{ hashFiles(matrix.precommit) }}

.github/workflows/python.yml

@@ -87,7 +87,7 @@ jobs:
           # cache: uv (not supported)
 
       - name: Cache GraphViz
-        uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb #v5.0.1
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 #v5.0.2
         id: cache-graphviz
         with:
           path: "~/graphviz"

.github/workflows/scorecard-analysis.yml

@@ -50,6 +50,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
         with:
           sarif_file: scorecard-results.sarif

.github/workflows/semgrep.yml

@@ -30,6 +30,6 @@ jobs:
           python -m pip install --require-hashes --requirement .github/workflows/semgrep-requirements.txt
       - run: semgrep scan --config auto --sarif-output semgrep.sarif.json --no-error --dryrun --verbose
       - name: Upload Semgrep scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
         with:
           sarif_file: semgrep.sarif.json

.github/workflows/trivy.yml

@@ -129,7 +129,7 @@ jobs:
           output: '${{ matrix.dockerfile }}/trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@a2d9de63c2916881d0621fdb7e65abe32141606d # v4.31.9
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1 # v4.31.9
         with:
           sarif_file: '${{ matrix.dockerfile }}/trivy-results.sarif'