developmentseed · dependabot · Jun 15, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ jobs:
       contents: read
       security-events: write # Code Scanning: upload SARIF from OSV (codeql-action/upload-sarif)
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -19,13 +19,13 @@ jobs:
       contents: write # Create releases, tags, and release branches
       pull-requests: write # Open and update pin README pull requests
     steps:
-      - uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4.4.1
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
         id: release
         with:
           release-type: simple
 
       # Move major version tag (e.g. v1) after a release is cut
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         if: ${{ steps.release.outputs.release_created }}
         with:
           persist-credentials: false

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -25,7 +25,7 @@ jobs:
       actions: read           # Required by Scorecard to evaluate workflow security posture
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
 

diff --git a/action.yml b/action.yml
@@ -108,7 +108,7 @@ runs:
       id: zizmor
       if: ${{ inputs.enable_zizmor != 'false' }}
       continue-on-error: true
-      uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+      uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
       with:
         persona: ${{ inputs.zizmor_persona }}
         min-severity: ${{ inputs.zizmor_min_severity }}
@@ -140,7 +140,7 @@ runs:
       id: osv
       if: ${{ inputs.enable_osv != 'false' }}
       continue-on-error: true
-      uses: google/osv-scanner-action/osv-scanner-action@c51854704019a247608d928f370c98740469d4b5 # v2.3.5
+      uses: google/osv-scanner-action/osv-scanner-action@9a498708959aeaef5ef730655706c5a1df1edbc2 # v2.3.8
       with:
         scan-args: ${{ steps.osv-args.outputs.args }}
 
@@ -159,7 +159,7 @@ runs:
 
     - name: Upload osv-scanner SARIF to Code Scanning
       if: ${{ always() && inputs.enable_osv != 'false' && inputs.osv_upload_sarif == 'true' && steps.osv-sarif.outputs.upload == 'true' }}
-      uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+      uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
       with:
         sarif_file: ${{ inputs.osv_results_file_name }}
         category: osv-scanner
@@ -195,7 +195,7 @@ runs:
 
     - name: Upload Scorecard SARIF to Code Scanning
       if: ${{ always() && inputs.enable_scorecard == 'true' }}
-      uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+      uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
       with:
         sarif_file: scorecard.sarif
         category: scorecard