diff --git a/.github/workflows/codeQL.yml b/.github/workflows/codeQL.yml index 4280710..d53012b 100644 --- a/.github/workflows/codeQL.yml +++ b/.github/workflows/codeQL.yml @@ -9,13 +9,16 @@ on: - cron: "0 0 * * *" # Declare default permissions as read only. -permissions: read-all +permissions: + contents: read jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: + actions: read + contents: read security-events: write strategy: @@ -25,7 +28,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Initialize CodeQL uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b #v3.26.13 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b5ccfb5..f5d4e83 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -8,13 +8,14 @@ jobs: dependency-review: runs-on: ubuntu-latest permissions: + contents: read pull-requests: write steps: - name: "Checkout Repository" uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: "Dependency Review" - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 with: fail-on-severity: high comment-summary-in-pr: true