Merge pull request #17442 from prometheus/dependabot/github_actions/github/codeql-action-4.31.2

chore(deps): bump github/codeql-action from 3.30.5 to 4.31.2
2026-05-28 04:02:21 -04:00 · 2025-11-06 11:32:26 +01:00 · 2025-11-06 11:32:26 +01:00 · b58d868bc4
commit b58d868bc4
parent d12f2fcdf0 79893d3b3c
2 changed files with 4 additions and 4 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -29,12 +29,12 @@ jobs:
          persist-credentials: false

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
-        uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@ -45,6 +45,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # tag=v3.30.5
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # tag=v4.31.2
        with:
          sarif_file: results.sarif