From c158274bee41f868b80f1049f1db3397993a1e7d Mon Sep 17 00:00:00 2001
From: CoderDeltaLAN <CoderDeltaLAN@users.noreply.github.com>
Date: Sat, 20 Jun 2026 07:11:37 +0100
Subject: [PATCH] docs: sync supply chain action versions

---
 docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md b/docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md
index c24af46..8d339cc 100644
--- a/docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md
+++ b/docs/SECURITY-SUPPLY-CHAIN-EVALUATION.md
@@ -129,7 +129,7 @@ Recommended future Scorecard phase boundary:
 
 ## GitHub Actions pinning policy
 
-The workflows currently use version tags such as `actions/checkout@v6`, `actions/setup-python@v6`, `actions/upload-artifact@v4`, `actions/download-artifact@v5`, and `pypa/gh-action-pypi-publish@release/v1`.
+The workflows currently use version tags such as `actions/checkout@v7`, `actions/setup-python@v6`, `actions/upload-artifact@v4`, `actions/download-artifact@v8`, and `pypa/gh-action-pypi-publish@release/v1`.
 
 Potential stronger policy: