diff --git a/.github/workflows/vuln-scan-report.yml b/.github/workflows/vuln-scan-report.yml index 0503cfd7e..480451152 100644 --- a/.github/workflows/vuln-scan-report.yml +++ b/.github/workflows/vuln-scan-report.yml @@ -26,7 +26,7 @@ jobs: # Tags can be silently repointed to malicious commits (as happened with trivy-action in March 2026). # To update an action: find the new SHA via `gh api repos///git/ref/tags/` - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: @@ -227,7 +227,7 @@ jobs: FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Read current alpine tag from Dockerfile on main id: current