chore(deps): lock file maintenance #2758

	name: Semgrep

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: "41 3 * * 6"

	permissions:
	security-events: write
	actions: read
	contents: read

	jobs:
	semgrep:
	name: Scan
	runs-on: ubuntu-latest

	container:
	image: returntocorp/semgrep:1.103.0@sha256:3978a2b4e6c2cbd4eee04b0f05d5ca4a82e6526dc89e01a5dcbb941cedafb393

	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	show-progress: false

	- name: Run semgrep
	env:
	SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
	run: \|
	semgrep ci --sarif --output=semgrep.sarif

	- name: Upload SARIF file for GitHub Advanced Security Dashboard
	if: \|
	always()
	uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
	with:
	sarif_file: semgrep.sarif

Provide feedback