chore: update action references to v2026 (f98ae7cd7d)

This commit updates all internal action references to point to the latest

v2026 tag SHA.

.github/actions/setup-test-environment/action.yml

@@ -31,7 +31,7 @@ runs:
       run: uv sync --frozen
 
     - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
         cache: npm

.github/workflows/action-security.yml

@@ -17,7 +17,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  contents: read
+  actions: read
+  pull-requests: read
 
 jobs:
   analyze:
@@ -26,9 +29,6 @@ jobs:
     timeout-minutes: 30
 
     permissions:
-      contents: read
-      actions: read
-      pull-requests: read
       security-events: write
       statuses: write
       issues: write

.github/workflows/build-testing-image.yml

@@ -23,26 +23,25 @@ on:
         default: 'latest'
         type: string
 
-permissions: {}
+permissions:
+  contents: read
+  packages: write
 
 jobs:
   build-and-push:
     name: Build and Push Testing Image
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    permissions:
-      contents: read
-      packages: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Log in to GitHub Container Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/codeql-new.yml

@@ -13,16 +13,17 @@ on:
     - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday
   merge_group:
 
-permissions: {}
+permissions:
+  actions: read
+  contents: read
 
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
     runs-on: ubuntu-latest
     permissions:
-      actions: read
-      contents: read
       security-events: write
+      contents: read
 
     strategy:
       fail-fast: false

.github/workflows/dependency-review.yml

@@ -4,13 +4,12 @@ name: 'Dependency Review'
 on:
   - pull_request
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta

.github/workflows/issue-stats.yml

@@ -5,7 +5,8 @@ on:
   schedule:
     - cron: '3 2 1 * *'
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   build:
@@ -29,7 +30,7 @@ jobs:
           echo "last_month=$first_day..$last_day" >> "$GITHUB_ENV"
 
       - name: Run issue-metrics tool
-        uses: github/issue-metrics@41a7961f701cc64490f32e143af8ef479b93e87d # v4.1.0
+        uses: github/issue-metrics@67526e7bd8100b870f10b1c120780a8375777b43 # v3.25.5
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SEARCH_QUERY: 'repo:ivuorinen/actions is:issue created:${{ env.last_month }} -reason:"not planned"'

.github/workflows/new-release.yml

@@ -6,7 +6,7 @@ on:
   schedule:
     - cron: '0 21 * * *' # 00:00 at Europe/Helsinki
 
-permissions: {}
+permissions: read-all
 
 jobs:
   new-daily-release:

.github/workflows/pr-lint.yml

@@ -37,7 +37,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  contents: read
+  packages: read # Required for private dependencies
 
 jobs:
   megalinter:
@@ -72,7 +74,7 @@ jobs:
 
       - name: Upload SARIF Report
         if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
           sarif_file: megalinter-reports/sarif
           category: megalinter

.github/workflows/release.yml

@@ -7,7 +7,8 @@ on:
     tags:
       - 'v*'
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   release:

.github/workflows/security-suite.yml

@@ -18,7 +18,11 @@ on:
       - '**/*.yaml'
       - '.github/workflows/**'
 
-permissions: {}
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+  actions: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -28,11 +32,6 @@ jobs:
   security-analysis:
     name: Security Analysis
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-      issues: write
-      actions: read
 
     steps:
       - name: Checkout PR

.github/workflows/stale.yml

@@ -8,7 +8,10 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions: {}
+permissions:
+  contents: read
+  packages: read
+  statuses: read
 
 jobs:
   stale:

.github/workflows/sync-labels.yml

@@ -22,7 +22,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: {}
+permissions: read-all
 
 jobs:
   labels:
@@ -31,7 +31,6 @@ jobs:
     timeout-minutes: 10
 
     permissions:
-      contents: read
       issues: write
 
     steps:

.github/workflows/test-actions.yml

@@ -73,7 +73,7 @@ jobs:
         if: always()
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         if: always() && hashFiles('_tests/reports/test-results.sarif') != ''
         with:
           sarif_file: _tests/reports/test-results.sarif

.github/workflows/version-maintenance.yml

@@ -12,16 +12,15 @@ on:
         required: false
         type: string
 
-permissions: {}
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
 
 jobs:
   check-and-update:
     name: Check Version References
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
 
     steps:
       - name: Checkout Repository

.pre-commit-config.yaml

@@ -14,7 +14,7 @@ repos:
         types: [markdown, python, yaml]
         files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
   - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.10.8
+    rev: 0.10.5
     hooks:
       - id: uv-lock
       - id: uv-sync
@@ -55,7 +55,7 @@ repos:
       - id: yamllint
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.4
+    rev: v0.15.2
     hooks:
       # Run the linter with auto-fix
       - id: ruff-check
@@ -84,7 +84,7 @@ repos:
         args: ['-shellcheck=']
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.507'
+    rev: '3.2.506'
     hooks:
       - id: checkov
         args:

ansible-lint-fix/action.yml

@@ -45,7 +45,7 @@ runs:
   steps:
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'ansible-lint-fix'
         token: ${{ inputs.token }}
@@ -130,6 +130,6 @@ runs:
 
     - name: Upload SARIF Report
       if: steps.check-files.outputs.files_found == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: ansible-lint.sarif

biome-lint/action.yml

@@ -181,7 +181,7 @@ runs:
         echo "Detected package manager: $package_manager"
 
     - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
 
@@ -212,7 +212,7 @@ runs:
 
     - name: Setup Bun
       if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
       with:
         bun-version: latest
 
@@ -331,7 +331,7 @@ runs:
 
     - name: Upload SARIF Report
       if: inputs.mode == 'check' && always()
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: biome-report.sarif
 

codeql-analysis/action.yml

@@ -107,7 +107,7 @@ runs:
   using: composite
   steps:
     - name: Validate inputs
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: codeql-analysis
         language: ${{ inputs.language }}
@@ -186,7 +186,7 @@ runs:
         echo "Using build mode: $build_mode"
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         languages: ${{ inputs.language }}
         queries: ${{ inputs.queries }}
@@ -199,12 +199,12 @@ runs:
         threads: ${{ inputs.threads }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }}
 
     - name: Perform CodeQL Analysis
       id: analysis
-      uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         category: ${{ steps.set-category.outputs.category }}
         upload: ${{ inputs.upload-results }}

csharp-lint-check/action.yml

@@ -206,6 +206,6 @@ runs:
         fi
 
     - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: dotnet-format.sarif

csharp-publish/action.yml

@@ -55,7 +55,7 @@ runs:
 
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'csharp-publish'
         token: ${{ inputs.token }}

docker-build/action.yml

@@ -147,7 +147,7 @@ runs:
 
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'docker-build'
         image-name: ${{ inputs.image-name }}
@@ -169,13 +169,13 @@ runs:
         fi
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
+      uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
       with:
         platforms: ${{ inputs.architectures }}
 
     - name: Set up Docker Buildx
       id: buildx
-      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
       with:
         version: ${{ inputs.buildx-version }}
         platforms: ${{ inputs.architectures }}
@@ -321,7 +321,7 @@ runs:
 
     - name: Login to GitHub Container Registry
       if: ${{ inputs.push == 'true' }}
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
@@ -536,7 +536,7 @@ runs:
     - name: Scan Image for Vulnerabilities
       id: scan
       if: inputs.scan-image == 'true' && inputs.dry-run != 'true'
-      uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # 0.34.2
+      uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1
       with:
         scan-type: 'image'
         image-ref: ${{ steps.image-name.outputs.name }}:${{ inputs.tag }}

docker-publish/action.yml

@@ -202,7 +202,7 @@ runs:
         printf '%s\n' "Input validation completed successfully"
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
     - name: Determine Image Names and Tags
       id: meta
@@ -265,14 +265,14 @@ runs:
 
     - name: Login to Docker Hub
       if: inputs.registry == 'dockerhub' || inputs.registry == 'both'
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
       with:
         username: ${{ inputs.dockerhub-username }}
         password: ${{ inputs.dockerhub-token }}
 
     - name: Login to GitHub Container Registry
       if: inputs.registry == 'github' || inputs.registry == 'both'
-      uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}

eslint-lint/action.yml

@@ -288,7 +288,7 @@ runs:
         echo "Detected package manager: $package_manager"
 
     - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
 
@@ -319,7 +319,7 @@ runs:
 
     - name: Setup Bun
       if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
       with:
         bun-version: latest
 
@@ -457,7 +457,7 @@ runs:
 
     - name: Upload SARIF Report
       if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always()
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif
 

go-lint/action.yml

@@ -414,7 +414,7 @@ runs:
 
     - name: Upload Lint Results
       if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
         category: golangci-lint

npm-publish/action.yml

@@ -121,7 +121,7 @@ runs:
         echo "Detected package manager: $package_manager"
 
     - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
 
@@ -152,7 +152,7 @@ runs:
 
     - name: Setup Bun
       if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
       with:
         bun-version: latest
 

package-lock.json

@@ -523,9 +523,9 @@
       "license": "MIT"
     },
     "node_modules/fs-extra": {
-      "version": "11.3.4",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.4.tgz",
-      "integrity": "sha512-CTXd6rk/M3/ULNQj8FBqBWHYBVYybQ3VPBw0xGKFe3tuH7ytT6ACnvzpIQ3UZtB8yvUKC2cXn1a+x+5EVQLovA==",
+      "version": "11.3.3",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.3.tgz",
+      "integrity": "sha512-VWSRii4t0AFm6ixFFmLLx1t7wS1gh+ckoa84aOeapGum0h+EZd1EhEumSB+ZdDLnEPuucsVB9oB7cxJHap6Afg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -813,9 +813,9 @@
       }
     },
     "node_modules/katex": {
-      "version": "0.16.35",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.35.tgz",
-      "integrity": "sha512-S0+riEvy1CK4VKse1ivMff8gmabe/prY7sKB3njjhyoLLsNFDQYtKNgXrbWUggGDCJBz7Fctl5i8fLCESHXzSg==",
+      "version": "0.16.33",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.33.tgz",
+      "integrity": "sha512-q3N5u+1sY9Bu7T4nlXoiRBXWfwSefNGoKeOwekV+gw0cAXQlz2Ww6BLcmBxVDeXBMUDQv6fK5bcNaJLxob3ZQA==",
       "dev": true,
       "funding": [
         "https://opencollective.com/katex",

pr-lint/action.yml

@@ -40,7 +40,7 @@ runs:
   steps:
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: pr-lint
         token: ${{ inputs.token }}
@@ -118,7 +118,7 @@ runs:
 
     - name: Setup Node.js
       if: steps.detect-node.outputs.found == 'true'
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
 
@@ -156,7 +156,7 @@ runs:
 
     - name: Setup Bun
       if: steps.detect-node.outputs.found == 'true' && steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
       with:
         bun-version: latest
 
@@ -632,7 +632,7 @@ runs:
     - name: MegaLinter
       # You can override MegaLinter flavor used to have faster performances
       # More info at https://megalinter.io/latest/flavors/
-      uses: oxsecurity/megalinter/flavors/cupcake@8fbdead70d1409964ab3d5afa885e18ee85388bb # v9.4.0
+      uses: oxsecurity/megalinter/flavors/cupcake@42bb470545e359597e7f12156947c436e4e3fb9a # v9.3.0
       id: ml
 
       # All available variables are described in documentation

pre-commit/action.yml

@@ -49,7 +49,7 @@ runs:
 
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'pre-commit'
         token: ${{ inputs.token }}

prettier-lint/action.yml

@@ -274,7 +274,7 @@ runs:
         echo "Detected package manager: $package_manager"
 
     - name: Setup Node.js
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
       with:
         node-version: '24'
 
@@ -305,7 +305,7 @@ runs:
 
     - name: Setup Bun
       if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@ecf28ddc73e819eb6fa29df6b34ef8921c743461 # v2.1.3
+      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
       with:
         bun-version: latest
 

python-lint-fix/action.yml

@@ -64,7 +64,7 @@ runs:
   steps:
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'python-lint-fix'
         token: ${{ inputs.token }}
@@ -370,7 +370,7 @@ runs:
 
     - name: Upload SARIF Report
       if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
         category: 'python-lint'

security-scan/action.yml

@@ -65,7 +65,7 @@ runs:
   steps:
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: security-scan
         gitleaks-license: ${{ inputs.gitleaks-license }}
@@ -161,14 +161,14 @@ runs:
 
     - name: Upload Trivy results
       if: steps.verify-sarif.outputs.has_trivy == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: 'trivy-results.sarif'
         category: 'trivy'
 
     - name: Upload Gitleaks results
       if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: 'gitleaks-report.sarif'
         category: 'gitleaks'

stale/action.yml

@@ -43,7 +43,7 @@ runs:
 
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'stale'
         token: ${{ inputs.token || github.token }}

terraform-lint-fix/action.yml

@@ -78,7 +78,7 @@ runs:
 
     - name: Validate Inputs
       id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
       with:
         action-type: 'terraform-lint-fix'
         token: ${{ inputs.token || github.token }}
@@ -256,7 +256,7 @@ runs:
 
     - name: Upload SARIF Report
       if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+      uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
       with:
         sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
         category: terraform-lint