From a4aec3c249bbdebe1e5e87c2e8ac64e14b67d2ec Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Wed, 31 Dec 2025 14:32:57 +0000
Subject: [PATCH] chore(deps): update workflows

---
 .github/workflows/codeql-analysis.yml | 6 +++---
 .github/workflows/lint.yaml           | 2 +-
 .github/workflows/scorecards.yml      | 2 +-
 .github/workflows/snapshots.yml       | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8163833002a..03c5e405d02 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6
+      uses: github/codeql-action/init@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6
+      uses: github/codeql-action/autobuild@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6
+      uses: github/codeql-action/analyze@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 02c2755ee97..c8afb147baa 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -50,7 +50,7 @@ jobs:
       - name: Set up poetry
         run: poetry install
       - name: Set up Go
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
         with:
           go-version: '>=1.23.6'
       - name: Set up terraform
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 68dfb661456..8efd42c2294 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@497990dfed22177a82ba1bbab381bc8f6d27058f # v3.31.6
+        uses: github/codeql-action/upload-sarif@45c373516f557556c15d420e3f5e0aa3d64366bc # v3.31.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/snapshots.yml b/.github/workflows/snapshots.yml
index cf5d8ba071b..66a0dd746ea 100644
--- a/.github/workflows/snapshots.yml
+++ b/.github/workflows/snapshots.yml
@@ -33,7 +33,7 @@ jobs:
         env:
           OSV_API_BASE_URL: api.test.osv.dev
           UPDATE_SNAPS: always
-      - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
+      - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
         with:
           token: ${{ secrets.PR_TOKEN_BOT }}
           title: "test: update apitester snapshots"