From 873861b179682bb84792835c5c4c946018893e8c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 27 Oct 2025 00:29:49 +0000
Subject: [PATCH] chore(deps): update weekly update

---
 .github/workflows/codeql.yml                                  | 4 ++--
 .github/workflows/ossf-scorecard.yml                          | 2 +-
 .github/workflows/reusable-native-tests.yml                   | 2 +-
 benchmark-overhead/Dockerfile.petclinic                       | 4 ++--
 .../images/fake-backend/src/docker/backend/windows.dockerfile | 2 +-
 smoke-tests/images/servlet/src/jetty.windows.dockerfile       | 2 +-
 smoke-tests/images/servlet/src/liberty.windows.dockerfile     | 2 +-
 smoke-tests/images/servlet/src/payara.windows.dockerfile      | 2 +-
 smoke-tests/images/servlet/src/tomcat.windows.dockerfile      | 2 +-
 smoke-tests/images/servlet/src/tomee.windows.dockerfile       | 2 +-
 smoke-tests/images/servlet/src/wildfly.windows.dockerfile     | 2 +-
 11 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index add644743590..5e6d0e3b0bb0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -63,7 +63,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the linked Kotlin support
@@ -84,6 +84,6 @@ jobs:
           --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index fa3aa234e97a..cfd0da6c53fc 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/reusable-native-tests.yml b/.github/workflows/reusable-native-tests.yml
index 8310a6c34724..9ef8eb61f0e9 100644
--- a/.github/workflows/reusable-native-tests.yml
+++ b/.github/workflows/reusable-native-tests.yml
@@ -27,7 +27,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - id: read-java
         run: echo "version=$(cat .java-version)" >> "$GITHUB_OUTPUT"
-      - uses: graalvm/setup-graalvm@2a2412009026a83f51d179f92dc2b3fd4c8142df # v1.4.1.1
+      - uses: graalvm/setup-graalvm@eec48106e0bf45f2976c2ff0c3e22395cced8243 # v1.4.2.1
         with:
           version: "latest"
           java-version: ${{ matrix.test-java-version }}
diff --git a/benchmark-overhead/Dockerfile.petclinic b/benchmark-overhead/Dockerfile.petclinic
index d29b5d403174..d33bfde412c1 100644
--- a/benchmark-overhead/Dockerfile.petclinic
+++ b/benchmark-overhead/Dockerfile.petclinic
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:11.0.28_6-jdk@sha256:ed9802af79941c6e0c0442445c8c51e754c1fc1d0a78b6072d6707b918f404ba as app-build
+FROM eclipse-temurin:11.0.28_6-jdk@sha256:15eedd1722fc6abe55ffa1da22f581ae4fc21f18da78e911767c10f9b2cfd985 as app-build
 
 # This is the base image that will contain a built version of the spring-petclinic-rest
 # application. Installing the dependencies and maven compiling the application is time
@@ -13,7 +13,7 @@ RUN git checkout 8aa4d49
 RUN ./mvnw package -Dmaven.test.skip=true
 RUN cp target/spring-petclinic-rest*.jar /app/spring-petclinic-rest.jar
 
-FROM bellsoft/liberica-openjdk-alpine:25@sha256:2ef36da2e7dbde0730121d6a5d018d318adaecc1a420bd170031c1453dbf4b6d
+FROM bellsoft/liberica-openjdk-alpine:25.0.1@sha256:b93fbc9ec64d89c7eb6e225b7a2e8f62c83e001266177d75e365cb0bc77681c4
 COPY --from=app-build /app/spring-petclinic-rest.jar /app/spring-petclinic-rest.jar
 WORKDIR /app
 EXPOSE 9966
diff --git a/smoke-tests/images/fake-backend/src/docker/backend/windows.dockerfile b/smoke-tests/images/fake-backend/src/docker/backend/windows.dockerfile
index c50df5e28fb7..cec8945f04e8 100644
--- a/smoke-tests/images/fake-backend/src/docker/backend/windows.dockerfile
+++ b/smoke-tests/images/fake-backend/src/docker/backend/windows.dockerfile
@@ -1,3 +1,3 @@
-FROM eclipse-temurin:21.0.8_9-jdk-windowsservercore-ltsc2022@sha256:b5f3c18f0235658f400cb75ab69c650eb3f8c03aa12135759dffdf7f67836dc5
+FROM eclipse-temurin:21.0.8_9-jdk-windowsservercore-ltsc2022@sha256:47afec211682c034b7188eb1d01210de503bcb3bb8e47f7b60198ef825cdca4b
 COPY fake-backend.jar /fake-backend.jar
 CMD ["java", "-jar", "/fake-backend.jar"]
diff --git a/smoke-tests/images/servlet/src/jetty.windows.dockerfile b/smoke-tests/images/servlet/src/jetty.windows.dockerfile
index 4d3ee17164f2..2963f16fe64d 100644
--- a/smoke-tests/images/servlet/src/jetty.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/jetty.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG sourceVersion
 
 ADD https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${sourceVersion}/jetty-home-${sourceVersion}.zip /server.zip
diff --git a/smoke-tests/images/servlet/src/liberty.windows.dockerfile b/smoke-tests/images/servlet/src/liberty.windows.dockerfile
index 8250b9e7bb4c..38ca6b8addeb 100644
--- a/smoke-tests/images/servlet/src/liberty.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/liberty.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG version
 ARG release
 
diff --git a/smoke-tests/images/servlet/src/payara.windows.dockerfile b/smoke-tests/images/servlet/src/payara.windows.dockerfile
index e4aee283536d..acb71ed5dc5d 100644
--- a/smoke-tests/images/servlet/src/payara.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/payara.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG version
 
 ADD https://nexus.payara.fish/repository/payara-community/fish/payara/distributions/payara/${version}/payara-${version}.zip /server.zip
diff --git a/smoke-tests/images/servlet/src/tomcat.windows.dockerfile b/smoke-tests/images/servlet/src/tomcat.windows.dockerfile
index 426fe7c9c11d..3823418c5625 100644
--- a/smoke-tests/images/servlet/src/tomcat.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/tomcat.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG majorVersion
 ARG version
 
diff --git a/smoke-tests/images/servlet/src/tomee.windows.dockerfile b/smoke-tests/images/servlet/src/tomee.windows.dockerfile
index 729285649862..a665045ebf14 100644
--- a/smoke-tests/images/servlet/src/tomee.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/tomee.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG version
 
 ADD https://archive.apache.org/dist/tomee/tomee-${version}/apache-tomee-${version}-webprofile.zip /server.zip
diff --git a/smoke-tests/images/servlet/src/wildfly.windows.dockerfile b/smoke-tests/images/servlet/src/wildfly.windows.dockerfile
index 4a11cd40f1c3..369f49cacf22 100644
--- a/smoke-tests/images/servlet/src/wildfly.windows.dockerfile
+++ b/smoke-tests/images/servlet/src/wildfly.windows.dockerfile
@@ -1,7 +1,7 @@
 ARG jdkImage
 
 # Unzip in a separate container so that zip file layer is not part of final image
-FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:418d8d0c6e026e5131e48f4d71ca66e9564c31b50f02b740235d32145a55c6ea as builder
+FROM mcr.microsoft.com/windows/servercore:ltsc2022@sha256:f51004008a2017ce3905fe7e1985d5aff62e596c4ab4111caad6d3cf33aa5cf1 as builder
 ARG version
 ARG baseDownloadUrl