chore(deps): update github actions (open-edge-platform#844)

oep-renovate[bot] · web-flow · commit 494b24c8272d · 2026-03-16T09:46:49.000Z
Signed-off-by: oep-renovate[bot] &lt;212772560+oep-renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: oep-renovate[bot] &lt;212772560+oep-renovate[bot]@users.noreply.github.com&gt;
diff --git a/.github/actions/change-detection/action.yaml b/.github/actions/change-detection/action.yaml
@@ -16,7 +16,7 @@ runs:
   steps:
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@7dee1b0c1557f278e5c7dc244927139d78c0e22a # v47.0.4
+      uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
       with:
         files_yaml_from_source_file: "${{ inputs.path_filter }}"
 
diff --git a/.github/actions/install-dependencies/action.yaml b/.github/actions/install-dependencies/action.yaml
@@ -31,7 +31,7 @@ runs:
   steps:
     - name: Initial cleanup
       if: ${{ inputs.cleanup-runner == 'true' }}
-      uses: open-edge-platform/geti-ci/actions/cleanup-runner@9b1ef60a8b2b802da428621e192c322960f4b3d5
+      uses: open-edge-platform/geti-ci/actions/cleanup-runner@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
       with:
         type: "initial"
 
@@ -43,7 +43,7 @@ runs:
 
     - name: Install uv
       if: ${{ inputs.install-uv == 'true' }}
-      uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+      uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7.5.0
       with:
         version: ${{ inputs.uv-version }}
         enable-cache: ${{ inputs.uv-cache-dependency-glob != '' && 'true' || 'false' }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -36,13 +36,13 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
           queries: security-extended
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/collect-license.yml b/.github/workflows/collect-license.yml
@@ -41,7 +41,7 @@ jobs:
         run: docker builder prune -f
 
       - name: Generate SBOM for container image
-        uses: anchore/sbom-action@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0
+        uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1
         env:
           SYFT_GOLANG_SEARCH_LOCAL_MOD_CACHE_LICENSES: "true"
           SYFT_GOLANG_SEARCH_REMOTE_LICENSES: "true"
@@ -101,7 +101,7 @@ jobs:
           persist-credentials: false
 
       - name: Install uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7.5.0
         with:
           version: "0.7.13"
 
diff --git a/.github/workflows/collect-source.yml b/.github/workflows/collect-source.yml
@@ -78,7 +78,7 @@ jobs:
 
       # Download all reports
       - name: Download all reports
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           pattern: "pkg_list_*"
           merge-multiple: true
diff --git a/.github/workflows/distrib.yml b/.github/workflows/distrib.yml
@@ -109,7 +109,7 @@ jobs:
 
       - name: Log in to GHCR
         if: inputs.push_images
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -124,6 +124,6 @@ jobs:
 
       - name: Sign image for ${{ matrix.ai-device }}
         if: inputs.push_images
-        uses: open-edge-platform/geti-ci/actions/sign-image@375de2eb018dae396c959f9b3a464f40271de969
+        uses: open-edge-platform/geti-ci/actions/sign-image@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           image-uri: ${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -16,7 +16,7 @@ jobs:
           persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: application/ui/.nvmrc
           package-manager-cache: false
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -66,13 +66,13 @@ jobs:
 
       - name: Get token
         id: get-github-app-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         with:
           app-id: ${{ secrets.RENOVATE_APP_ID }}
           private-key: ${{ secrets.RENOVATE_APP_PEM }}
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@7b4b65bf31e07d4e3e51708d07700fb41bc03166 # v46.1.3
+        uses: renovatebot/github-action@abd08c7549b2a864af5df4a2e369c43f035a6a9d # v46.1.5
         with:
           configurationFile: .github/renovate.json5
           token: "${{ steps.get-github-app-token.outputs.token }}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -33,6 +33,6 @@ jobs:
           publish_results: true
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -48,7 +48,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Zizmor scan
-        uses: open-edge-platform/geti-ci/actions/zizmor@9b1ef60a8b2b802da428621e192c322960f4b3d5
+        uses: open-edge-platform/geti-ci/actions/zizmor@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }}
           severity-level: ${{ github.event_name == 'pull_request' && 'LOW' || 'LOW' }}
@@ -66,7 +66,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run Bandit scan
-        uses: open-edge-platform/geti-ci/actions/bandit@9b1ef60a8b2b802da428621e192c322960f4b3d5
+        uses: open-edge-platform/geti-ci/actions/bandit@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }}
           severity-level: ${{ github.event_name == 'pull_request' && 'HIGH' || 'LOW' }}
@@ -86,7 +86,7 @@ jobs:
           persist-credentials: false
           fetch-depth: 0
       - name: Run Semgrep scan
-        uses: open-edge-platform/geti-ci/actions/semgrep@9b1ef60a8b2b802da428621e192c322960f4b3d5
+        uses: open-edge-platform/geti-ci/actions/semgrep@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           scan-scope: ${{ github.event_name == 'pull_request' && 'changed' || 'all' }}
           severity: ${{ github.event_name == 'pull_request' && 'HIGH' || 'LOW' }}
@@ -105,7 +105,7 @@ jobs:
           persist-credentials: false
       - name: Run Trivy scan
         id: trivy
-        uses: open-edge-platform/geti-ci/actions/trivy@9b1ef60a8b2b802da428621e192c322960f4b3d5
+        uses: open-edge-platform/geti-ci/actions/trivy@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           scan_type: "fs"
           scan-scope: all
@@ -150,7 +150,7 @@ jobs:
 
       - name: Run Trivy scan
         id: trivy
-        uses: open-edge-platform/geti-ci/actions/trivy@9b1ef60a8b2b802da428621e192c322960f4b3d5
+        uses: open-edge-platform/geti-ci/actions/trivy@cc6fbe840db6ebd16ebd18d409f475bff5a8c182
         with:
           artifact-name: "trivy-results-docker-${{ matrix.ai-device }}"
           scan_type: "image"
@@ -252,7 +252,7 @@ jobs:
           artifact_name: zapfull
 
       - name: Run Schemathesis Scan
-        uses: schemathesis/action@1f15936316e0742005bf69657b5909ac68f04cb3 # v2
+        uses: schemathesis/action@806cace2053cbbac93188e1281ff7da415643160 # v3
         continue-on-error: true
         with:
           schema: "http://localhost:9100/api/openapi.json"
diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
@@ -50,7 +50,7 @@ jobs:
       - *checkout
 
       - &setup-node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         id: setup-node
         with:
           node-version-file: application/ui/.nvmrc
@@ -64,7 +64,7 @@ jobs:
 
       - &download-openapi
         name: Download OpenAPI spec artifact
-        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: openapi-spec
           path: application/ui/src/api
diff --git a/.github/workflows/windows-installer.yml b/.github/workflows/windows-installer.yml
@@ -104,7 +104,7 @@ jobs:
           python-version: "3.13"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7.5.0
         with:
           version: "0.10.0"
           enable-cache: true
@@ -119,7 +119,7 @@ jobs:
           toolchain: stable
 
       - name: Cache Rust dependencies & target
-        uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
         with:
           save-if: ${{ startsWith(github.ref_name, 'release/') || github.ref_name == 'main' }}
           workspaces: |
@@ -156,7 +156,7 @@ jobs:
         # Build UI with Tauri
 
       - name: Setup Node & npm
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version-file: application/ui/.nvmrc
           cache: "npm"
