diff --git a/template/.github/workflows/build.yml b/template/.github/workflows/build.yml index 541a2bd..f31c3d6 100644 --- a/template/.github/workflows/build.yml +++ b/template/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: - name: Check package run: pixi run -e build check-wheel - name: Upload package - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: artifact path: dist/* @@ -39,7 +39,7 @@ jobs: id-token: write environment: pypi steps: - - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: artifact path: dist diff --git a/template/.github/workflows/scorecard.yml.jinja b/template/.github/workflows/scorecard.yml.jinja index b5dfedf..5ba805c 100644 --- a/template/.github/workflows/scorecard.yml.jinja +++ b/template/.github/workflows/scorecard.yml.jinja @@ -68,7 +68,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif @@ -77,7 +77,7 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 + uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8 with: sarif_file: results.sarif {%- endraw %}