diff --git a/.github/workflows/ci-agent-pipeline.yml b/.github/workflows/ci-agent-pipeline.yml index f051a37..d004742 100644 --- a/.github/workflows/ci-agent-pipeline.yml +++ b/.github/workflows/ci-agent-pipeline.yml @@ -24,7 +24,7 @@ jobs: steps: # Step 1: Secure Checkout (Only check out base branch in pull_request event) - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v7 with: # SECURED: Checkout the target branch (default), not the untrusted PR branch persist-credentials: false diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 447a954..9d5b7f3 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v7 # Set up QEMU for multi-architecture compilations (x86_64 and arm64 support) - name: Set up QEMU diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56ab101..adaf595 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v7 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4b5ab02..79fe9aa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -19,7 +19,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false