Merge pull request #143 from apache/dependabot/github_actions/ossf/scorecard-action-2.3.3 Bump ossf/scorecard-action from 2.3.1 to 2.3.3

commit: 29fb9cc680342a466570099a125b2a8752e8ac69 [log] [tgz]
author: Gary Gregory <garydgregory@users.noreply.github.com> Fri May 10 07:45:07 2024 -0400
committer: GitHub <noreply@github.com> Fri May 10 07:45:07 2024 -0400
tree: 6ad9d0aa0794f0a3e8e81a77fc89ec228c5a5385
parent: e4833ff235564ab370160d11d4c39e66f92da531 [diff]
parent: 5d27195136c55b218e071100f6700dcc6af96aa9 [diff]
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e0fe3ba..44c0fc0 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml

@@ -45,7 +45,7 @@
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b    # v4.1.4
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b    # v4.1.5
       with:
         persist-credentials: false
     - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9    # v4.0.2
@@ -57,7 +57,7 @@
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+      uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -68,7 +68,7 @@
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+      uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -82,4 +82,4 @@
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+      uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 60390fd..6db5120 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml

@@ -34,7 +34,7 @@
 #            experimental: true        
         
     steps:
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b    # v4.1.4
+    - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b    # v4.1.5
       with:
         persist-credentials: false
     - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9    # v4.0.2

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 6768e2a..65d807a 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml

@@ -40,7 +40,7 @@
     steps:
 
       - name: "Checkout code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b    # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b    # v4.1.5
         with:
           persist-credentials: false
 
@@ -64,6 +64,6 @@
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
         with:
           sarif_file: results.sarif
commit	29fb9cc680342a466570099a125b2a8752e8ac69	[log] [tgz]
author	Gary Gregory <garydgregory@users.noreply.github.com>	Fri May 10 07:45:07 2024 -0400
committer	GitHub <noreply@github.com>	Fri May 10 07:45:07 2024 -0400
tree	6ad9d0aa0794f0a3e8e81a77fc89ec228c5a5385
parent	e4833ff235564ab370160d11d4c39e66f92da531 [diff]
parent	5d27195136c55b218e071100f6700dcc6af96aa9 [diff]