chore: update action references to v2026 (f98ae7cd7d)

This commit updates all internal action references to point to the latest v2026 tag SHA.
2026-03-06 07:56:02 +00:00 · 2026-03-02 09:14:52 +00:00
33 changed files with 90 additions and 87 deletions
--- a/.github/actions/setup-test-environment/action.yml
+++ b/.github/actions/setup-test-environment/action.yml
@@ -31,7 +31,7 @@ runs:
      run: uv sync --frozen
    - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
        cache: npm
--- a/.github/workflows/action-security.yml
+++ b/.github/workflows/action-security.yml
@@ -17,7 +17,10 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  contents: read
  actions: read
  pull-requests: read
 jobs:
  analyze:
@@ -26,9 +29,6 @@ jobs:
    timeout-minutes: 30
    permissions:
      contents: read
      actions: read
      pull-requests: read
      security-events: write
      statuses: write
      issues: write
--- a/.github/workflows/build-testing-image.yml
+++ b/.github/workflows/build-testing-image.yml
@@ -23,26 +23,25 @@ on:
        default: 'latest'
        type: string
-permissions: {}
+permissions:
  contents: read
  packages: write
 jobs:
  build-and-push:
    name: Build and Push Testing Image
    runs-on: ubuntu-latest
    timeout-minutes: 20
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/codeql-new.yml
+++ b/.github/workflows/codeql-new.yml
@@ -13,16 +13,17 @@ on:
    - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday
  merge_group:
-permissions: {}
+permissions:
  actions: read
  contents: read
 jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
      contents: read
    strategy:
      fail-fast: false
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -4,13 +4,12 @@ name: 'Dependency Review'
 on:
  - pull_request
-permissions: {}
+permissions:
  contents: read
 jobs:
  dependency-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
--- a/.github/workflows/issue-stats.yml
+++ b/.github/workflows/issue-stats.yml
@@ -5,7 +5,8 @@ on:
  schedule:
    - cron: '3 2 1 * *'
-permissions: {}
+permissions:
  contents: read
 jobs:
  build:
@@ -29,7 +30,7 @@ jobs:
          echo "last_month=$first_day..$last_day" >> "$GITHUB_ENV"
      - name: Run issue-metrics tool
-        uses: github/issue-metrics@41a7961f701cc64490f32e143af8ef479b93e87d # v4.1.0
+        uses: github/issue-metrics@67526e7bd8100b870f10b1c120780a8375777b43 # v3.25.5
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SEARCH_QUERY: 'repo:ivuorinen/actions is:issue created:${{ env.last_month }} -reason:"not planned"'
--- a/.github/workflows/new-release.yml
+++ b/.github/workflows/new-release.yml
@@ -6,7 +6,7 @@ on:
  schedule:
    - cron: '0 21 * * *' # 00:00 at Europe/Helsinki
-permissions: {}
+permissions: read-all
 jobs:
  new-daily-release:
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -37,7 +37,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions:
  contents: read
  packages: read # Required for private dependencies
 jobs:
  megalinter:
@@ -72,7 +74,7 @@ jobs:
      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,7 +7,8 @@ on:
    tags:
      - 'v*'
-permissions: {}
+permissions:
  contents: read
 jobs:
  release:
--- a/.github/workflows/security-suite.yml
+++ b/.github/workflows/security-suite.yml
@@ -18,7 +18,11 @@ on:
      - '**/*.yaml'
      - '.github/workflows/**'
-permissions: {}
+permissions:
  contents: read
  pull-requests: write
  issues: write
  actions: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -28,11 +32,6 @@ jobs:
  security-analysis:
    name: Security Analysis
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      issues: write
      actions: read
    steps:
      - name: Checkout PR
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -8,7 +8,10 @@ on:
  workflow_call:
  workflow_dispatch:
-permissions: {}
+permissions:
  contents: read
  packages: read
  statuses: read
 jobs:
  stale:
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -22,7 +22,7 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions: {}
+permissions: read-all
 jobs:
  labels:
@@ -31,7 +31,6 @@ jobs:
    timeout-minutes: 10
    permissions:
      contents: read
      issues: write
    steps:
--- a/.github/workflows/test-actions.yml
+++ b/.github/workflows/test-actions.yml
@@ -73,7 +73,7 @@ jobs:
        if: always()
      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
        if: always() && hashFiles('_tests/reports/test-results.sarif') != ''
        with:
          sarif_file: _tests/reports/test-results.sarif
--- a/.github/workflows/version-maintenance.yml
+++ b/.github/workflows/version-maintenance.yml
@@ -12,16 +12,15 @@ on:
        required: false
        type: string
-permissions: {}
+permissions:
  contents: write
  pull-requests: write
  issues: write
 jobs:
  check-and-update:
    name: Check Version References
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      issues: write
    steps:
      - name: Checkout Repository
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,7 +14,7 @@ repos:
        types: [markdown, python, yaml]
        files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
  - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.10.8
+    rev: 0.10.5
    hooks:
      - id: uv-lock
      - id: uv-sync
@@ -55,7 +55,7 @@ repos:
      - id: yamllint
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.4
+    rev: v0.15.2
    hooks:
      # Run the linter with auto-fix
      - id: ruff-check
@@ -84,7 +84,7 @@ repos:
        args: ['-shellcheck=']
  - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.507'
+    rev: '3.2.506'
    hooks:
      - id: checkov
        args:
--- a/ansible-lint-fix/action.yml
+++ b/ansible-lint-fix/action.yml
@@ -45,7 +45,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'ansible-lint-fix'
        token: ${{ inputs.token }}
@@ -130,6 +130,6 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.files_found == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: ansible-lint.sarif
--- a/biome-lint/action.yml
+++ b/biome-lint/action.yml
@@ -181,7 +181,7 @@ runs:
        echo "Detected package manager: $package_manager"
    - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
@@ -212,7 +212,7 @@ runs:
    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
      with:
        bun-version: latest
@@ -331,7 +331,7 @@ runs:
    - name: Upload SARIF Report
      if: inputs.mode == 'check' && always()
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: biome-report.sarif
--- a/codeql-analysis/action.yml
+++ b/codeql-analysis/action.yml
@@ -107,7 +107,7 @@ runs:
  using: composite
  steps:
    - name: Validate inputs
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: codeql-analysis
        language: ${{ inputs.language }}
@@ -186,7 +186,7 @@ runs:
        echo "Using build mode: $build_mode"
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        languages: ${{ inputs.language }}
        queries: ${{ inputs.queries }}
@@ -199,12 +199,12 @@ runs:
        threads: ${{ inputs.threads }}
    - name: Autobuild
-      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }}
    - name: Perform CodeQL Analysis
      id: analysis
-      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        category: ${{ steps.set-category.outputs.category }}
        upload: ${{ inputs.upload-results }}
--- a/csharp-lint-check/action.yml
+++ b/csharp-lint-check/action.yml
@@ -206,6 +206,6 @@ runs:
        fi
    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: dotnet-format.sarif
--- a/csharp-publish/action.yml
+++ b/csharp-publish/action.yml
@@ -55,7 +55,7 @@ runs:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'csharp-publish'
        token: ${{ inputs.token }}
--- a/docker-build/action.yml
+++ b/docker-build/action.yml
@@ -147,7 +147,7 @@ runs:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'docker-build'
        image-name: ${{ inputs.image-name }}
@@ -169,13 +169,13 @@ runs:
        fi
    - name: Set up QEMU
-      uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+      uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
      with:
        platforms: ${{ inputs.architectures }}
    - name: Set up Docker Buildx
      id: buildx
-      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
      with:
        version: ${{ inputs.buildx-version }}
        platforms: ${{ inputs.architectures }}
@@ -321,7 +321,7 @@ runs:
    - name: Login to GitHub Container Registry
      if: ${{ inputs.push == 'true' }}
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
@@ -536,7 +536,7 @@ runs:
    - name: Scan Image for Vulnerabilities
      id: scan
      if: inputs.scan-image == 'true' && inputs.dry-run != 'true'
-      uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # 0.34.2
+      uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1
      with:
        scan-type: 'image'
        image-ref: ${{ steps.image-name.outputs.name }}:${{ inputs.tag }}
--- a/docker-publish/action.yml
+++ b/docker-publish/action.yml
@@ -202,7 +202,7 @@ runs:
        printf '%s\n' "Input validation completed successfully"
    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
    - name: Determine Image Names and Tags
      id: meta
@@ -265,14 +265,14 @@ runs:
    - name: Login to Docker Hub
      if: inputs.registry == 'dockerhub' || inputs.registry == 'both'
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
      with:
        username: ${{ inputs.dockerhub-username }}
        password: ${{ inputs.dockerhub-token }}
    - name: Login to GitHub Container Registry
      if: inputs.registry == 'github' || inputs.registry == 'both'
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
--- a/eslint-lint/action.yml
+++ b/eslint-lint/action.yml
@@ -288,7 +288,7 @@ runs:
        echo "Detected package manager: $package_manager"
    - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
@@ -319,7 +319,7 @@ runs:
    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
      with:
        bun-version: latest
@@ -457,7 +457,7 @@ runs:
    - name: Upload SARIF Report
      if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always()
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif
--- a/go-lint/action.yml
+++ b/go-lint/action.yml
@@ -414,7 +414,7 @@ runs:
    - name: Upload Lint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
        category: golangci-lint
--- a/npm-publish/action.yml
+++ b/npm-publish/action.yml
@@ -121,7 +121,7 @@ runs:
        echo "Detected package manager: $package_manager"
    - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
@@ -152,7 +152,7 @@ runs:
    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
      with:
        bun-version: latest
--- a/package-lock.json
+++ b/package-lock.json
@@ -523,9 +523,9 @@
      "license": "MIT"
    },
    "node_modules/fs-extra": {
-      "version": "11.3.4",
+      "version": "11.3.3",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.4.tgz",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.3.tgz",
-      "integrity": "sha512-CTXd6rk/M3/ULNQj8FBqBWHYBVYybQ3VPBw0xGKFe3tuH7ytT6ACnvzpIQ3UZtB8yvUKC2cXn1a+x+5EVQLovA==",
+      "integrity": "sha512-VWSRii4t0AFm6ixFFmLLx1t7wS1gh+ckoa84aOeapGum0h+EZd1EhEumSB+ZdDLnEPuucsVB9oB7cxJHap6Afg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -813,9 +813,9 @@
      }
    },
    "node_modules/katex": {
-      "version": "0.16.35",
+      "version": "0.16.33",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.35.tgz",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.33.tgz",
-      "integrity": "sha512-S0+riEvy1CK4VKse1ivMff8gmabe/prY7sKB3njjhyoLLsNFDQYtKNgXrbWUggGDCJBz7Fctl5i8fLCESHXzSg==",
+      "integrity": "sha512-q3N5u+1sY9Bu7T4nlXoiRBXWfwSefNGoKeOwekV+gw0cAXQlz2Ww6BLcmBxVDeXBMUDQv6fK5bcNaJLxob3ZQA==",
      "dev": true,
      "funding": [
        "https://opencollective.com/katex",
--- a/pr-lint/action.yml
+++ b/pr-lint/action.yml
@@ -40,7 +40,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: pr-lint
        token: ${{ inputs.token }}
@@ -118,7 +118,7 @@ runs:
    - name: Setup Node.js
      if: steps.detect-node.outputs.found == 'true'
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
@@ -156,7 +156,7 @@ runs:
    - name: Setup Bun
      if: steps.detect-node.outputs.found == 'true' && steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
      with:
        bun-version: latest
@@ -632,7 +632,7 @@ runs:
    - name: MegaLinter
      # You can override MegaLinter flavor used to have faster performances
      # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter/flavors/cupcake@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0
+      uses: oxsecurity/megalinter/flavors/cupcake@42bb470545e359597e7f12156947c436e4e3fb9a # v9.3.0
      id: ml
      # All available variables are described in documentation
--- a/pre-commit/action.yml
+++ b/pre-commit/action.yml
@@ -49,7 +49,7 @@ runs:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'pre-commit'
        token: ${{ inputs.token }}
--- a/prettier-lint/action.yml
+++ b/prettier-lint/action.yml
@@ -274,7 +274,7 @@ runs:
        echo "Detected package manager: $package_manager"
    - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
      with:
        node-version: '24'
@@ -305,7 +305,7 @@ runs:
    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
      with:
        bun-version: latest
--- a/python-lint-fix/action.yml
+++ b/python-lint-fix/action.yml
@@ -64,7 +64,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'python-lint-fix'
        token: ${{ inputs.token }}
@@ -370,7 +370,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
        category: 'python-lint'
--- a/security-scan/action.yml
+++ b/security-scan/action.yml
@@ -65,7 +65,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: security-scan
        gitleaks-license: ${{ inputs.gitleaks-license }}
@@ -161,14 +161,14 @@ runs:
    - name: Upload Trivy results
      if: steps.verify-sarif.outputs.has_trivy == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: 'trivy-results.sarif'
        category: 'trivy'
    - name: Upload Gitleaks results
      if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: 'gitleaks-report.sarif'
        category: 'gitleaks'
--- a/stale/action.yml
+++ b/stale/action.yml
@@ -43,7 +43,7 @@ runs:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'stale'
        token: ${{ inputs.token || github.token }}
--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -78,7 +78,7 @@ runs:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'terraform-lint-fix'
        token: ${{ inputs.token || github.token }}
@@ -256,7 +256,7 @@ runs:
    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
      with:
        sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
        category: terraform-lint