From bf6e694155a2c9f48b2499ea0882d6d827ee9638 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 17 May 2026 00:07:19 +0000
Subject: [PATCH] chore: bump the github-actions group across 1 directory with
 4 updates

Bumps the github-actions group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [actions/upload-artifact](https://github.com/actions/upload-artifact), [google/osv-scanner-action](https://github.com/google/osv-scanner-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `github/codeql-action` from db2c8fe24a75c0f28f87ed1a6fe918a5ccf7b1e6 to cdefb33c0f6224e58673d9004f47f7cb3e328b89
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/db2c8fe24a75c0f28f87ed1a6fe918a5ccf7b1e6...cdefb33c0f6224e58673d9004f47f7cb3e328b89)

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `google/osv-scanner-action` from 8dc09193bb540e09b23da07ad7e30bd33bf87018 to 9a498708959aeaef5ef730655706c5a1df1edbc2
- [Release notes](https://github.com/google/osv-scanner-action/releases)
- [Commits](https://github.com/google/osv-scanner-action/compare/8dc09193bb540e09b23da07ad7e30bd33bf87018...9a498708959aeaef5ef730655706c5a1df1edbc2)

Updates `aquasecurity/trivy-action` from a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 to ed142fd0673e97e23eac54620cfb913e5ce36c25
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8...ed142fd0673e97e23eac54620cfb913e5ce36c25)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: cdefb33c0f6224e58673d9004f47f7cb3e328b89
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: google/osv-scanner-action
  dependency-version: 9a498708959aeaef5ef730655706c5a1df1edbc2
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: ed142fd0673e97e23eac54620cfb913e5ce36c25
  dependency-type: direct:production
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/security-scan.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 32dd095..902eb94 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -74,13 +74,13 @@ jobs:
       - name: Upload Gitleaks SARIF
         if: always() && hashFiles('gitleaks-results.sarif') != ''
         continue-on-error: true
-        uses: github/codeql-action/upload-sarif@db2c8fe24a75c0f28f87ed1a6fe918a5ccf7b1e6 # v4.31.10
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           sarif_file: gitleaks-results.sarif
 
       - name: Upload Gitleaks artifact
         if: always() && hashFiles('gitleaks-results.sarif') != ''
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: gitleaks-results-${{ github.run_id }}
           path: gitleaks-results.sarif
@@ -112,7 +112,7 @@ jobs:
 
       - name: Run OSV dependency scan
         continue-on-error: true
-        uses: google/osv-scanner-action/osv-scanner-action@8dc09193bb540e09b23da07ad7e30bd33bf87018 # v2.3.8
+        uses: google/osv-scanner-action/osv-scanner-action@9a498708959aeaef5ef730655706c5a1df1edbc2 # v2.3.8
         with:
           scan-args: |-
             --recursive
@@ -122,7 +122,7 @@ jobs:
 
       - name: Upload OSV JSON artifact
         if: always() && hashFiles('osv-results.json') != ''
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: osv-results-${{ github.run_id }}
           path: osv-results.json
@@ -154,7 +154,7 @@ jobs:
 
       - name: Generate Trivy SARIF report
         continue-on-error: true
-        uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           scan-type: fs
           scan-ref: .
@@ -169,13 +169,13 @@ jobs:
       - name: Upload Trivy SARIF
         if: always() && hashFiles('trivy-results.sarif') != ''
         continue-on-error: true
-        uses: github/codeql-action/upload-sarif@db2c8fe24a75c0f28f87ed1a6fe918a5ccf7b1e6 # v4.31.10
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
         with:
           sarif_file: trivy-results.sarif
 
       - name: Generate Trivy JSON report
         continue-on-error: true
-        uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           scan-type: fs
           scan-ref: .
@@ -227,7 +227,7 @@ jobs:
 
       - name: Upload Trivy JSON artifact
         if: always() && hashFiles('trivy-results.json') != ''
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: trivy-results-${{ github.run_id }}
           path: trivy-results.json