diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 8f54291d4f..50f12792d6 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -363,7 +363,7 @@ jobs: pip install . if: needs.paths-filter.outputs.submit-performance == 'true' - name: Performance Reporting - uses: CodSpeedHQ/action@db35df748deb45fdef0960669f57d627c1956c30 # pin@v4 + uses: CodSpeedHQ/action@658a901452bb54c799643e060733b7afe9121b8d # pin@v4.14.0 # check if we are in inventree/inventree - reporting only works in that OIDC context if: github.repository == 'inventree/InvenTree' && needs.paths-filter.outputs.submit-performance == 'true' with: @@ -454,7 +454,7 @@ jobs: env: node_version: '>=20.19.0' - name: Performance Reporting - uses: CodSpeedHQ/action@db35df748deb45fdef0960669f57d627c1956c30 # pin@v4 + uses: CodSpeedHQ/action@658a901452bb54c799643e060733b7afe9121b8d # pin@v4.14.0 with: mode: walltime run: inv dev.test --pytest @@ -795,7 +795,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # pin@v3 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # pin@v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index e525beeef8..8be962c18b 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif