deps: Update GitHub Actions

renovate[bot] · web-flow · commit 9cf068a13bf4 · 2025-12-09T19:49:15.000Z
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -133,7 +133,7 @@ jobs:
           echo '```' >> $GITHUB_STEP_SUMMARY
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           slug: VirtualAgentics/review-bot-automator
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -233,7 +233,7 @@ jobs:
       # Uses custom configuration for enhanced security coverage.
       # The config file specifies both security-extended and security-and-quality query suites.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
+        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
         with:
           languages: ${{ matrix.language }}
           config-file: ./.github/codeql/codeql-config.yml
@@ -253,7 +253,7 @@ jobs:
       # Results can be viewed in the Security > Code scanning alerts tab
       - name: Perform CodeQL Analysis
         id: analyze
-        uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
+        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
         with:
           category: "/language:${{matrix.language}}"  # Categorize results by language
           upload: true  # Upload SARIF results to GitHub Security tab
@@ -325,7 +325,7 @@ jobs:
       # Upload Trivy results to GitHub Security tab
       # Always runs even if scan fails, to ensure visibility
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2  # v4.31.6
+        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412  # v4.31.7
         if: always()  # Upload even if scan found vulnerabilities
         with:
           sarif_file: 'trivy-results.sarif'
@@ -498,7 +498,7 @@ jobs:
       # Upload Scorecard results to GitHub Security tab
       # Always uploads to track score trends over time
       - name: Upload Scorecard results to GitHub Security
-        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2  # v4.31.6
+        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412  # v4.31.7
         if: always()  # Upload even if score is below threshold
         with:
           sarif_file: scorecard-results.sarif
