From f8c69c871d18621994d2b75902305946c1f390ab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Mar 2026 06:45:48 +0000
Subject: [PATCH 1/3] chore(deps): bump actions/checkout from 4 to 6 in
 /actions/cdxgen

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 actions/cdxgen/action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/cdxgen/action.yaml b/actions/cdxgen/action.yaml
index 60a61839..56f405b0 100644
--- a/actions/cdxgen/action.yaml
+++ b/actions/cdxgen/action.yaml
@@ -25,7 +25,7 @@ runs:
   steps:
 
     - name: "Checkout code"
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     - name: "Check input"
       shell: bash

From ffc0e8aeed6810a150d5fc00fcf4e1a735be8477 Mon Sep 17 00:00:00 2001
From: Pavel Anikin <snwteam5@gmail.com>
Date: Wed, 11 Mar 2026 11:04:18 +0400
Subject: [PATCH 2/3] chore(deps): update actions/checkout and
 actions/upload-artifact versions in action.yaml

---
 actions/cdxgen/action.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/actions/cdxgen/action.yaml b/actions/cdxgen/action.yaml
index 56f405b0..2f6bf592 100644
--- a/actions/cdxgen/action.yaml
+++ b/actions/cdxgen/action.yaml
@@ -25,7 +25,7 @@ runs:
   steps:
 
     - name: "Checkout code"
-      uses: actions/checkout@v6
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
 
     - name: "Check input"
       shell: bash
@@ -52,7 +52,7 @@ runs:
       shell: bash
 
     - name: "Upload SBOM file"
-      uses: actions/upload-artifact@v4.6.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: "BOM file"
         path: ${{ github.workspace }}/**/${{ github.event.repository.name }}_sbom.json
@@ -107,7 +107,7 @@ runs:
 
     - name: "Upload Depscan report"
       if: ${{ inputs.generate_cdx_report == 'true' }}
-      uses: actions/upload-artifact@v4.6.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: "DEPSCAN report"
         path: ${{ github.workspace }}/reports/*
@@ -116,7 +116,7 @@ runs:
     - name: Upload static files as artifact
       if: ${{ inputs.generate_cdx_report == 'true' }}
       id: upload
-      uses: actions/upload-pages-artifact@v3
+      uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b #v4.0.0
       with:
         path: ${{ github.workspace }}/output/
 

From cd4b08ae81401edc12a691dba73acc4d247269fa Mon Sep 17 00:00:00 2001
From: Pavel Anikin <snwteam5@gmail.com>
Date: Wed, 11 Mar 2026 11:06:42 +0400
Subject: [PATCH 3/3] chore: add persist-credentials option to actions/checkout
 step in action.yaml

---
 actions/cdxgen/action.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/actions/cdxgen/action.yaml b/actions/cdxgen/action.yaml
index 2f6bf592..77e74487 100644
--- a/actions/cdxgen/action.yaml
+++ b/actions/cdxgen/action.yaml
@@ -26,6 +26,8 @@ runs:
 
     - name: "Checkout code"
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+      with:
+        persist-credentials: false
 
     - name: "Check input"
       shell: bash