metaschema-framework · dependabot · May 15, 2026
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -120,7 +120,7 @@ jobs:
         cache: 'maven'
     - name: Initialize CodeQL
       if: ${{ !inputs.skip_code_scans }}
-      uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e
+      uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba
       with:
         languages: java
         config-file: .github/codeql-config.yml
@@ -147,7 +147,7 @@ jobs:
         git push --force-with-lease
     - name: Perform CodeQL Analysis
       if: ${{ !inputs.skip_code_scans }}
-      uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e
+      uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba
       with:
         upload: 'never'
         output: codeql-results
@@ -257,13 +257,13 @@ jobs:
         fi
     - name: Upload CodeQL scan results to GitHub Security tab
       if: ${{ !inputs.skip_code_scans && env.UPLOAD_SCAN_SARIF == 'true' }}
-      uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e
+      uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba
       with:
         sarif_file: codeql-results
         category: 'codeql'
     - name: Upload Trivy scan results to GitHub Security tab
       if: ${{ !inputs.skip_code_scans && env.UPLOAD_SCAN_SARIF == 'true' }}
-      uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e
+      uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba
       with:
         sarif_file: 'trivy-results.sarif'
         category: 'trivy'