chore: update action references to v2026 (f98ae7cd7d)

This commit updates all internal action references to point to the latest v2026 tag SHA.
2026-03-19 23:00:46 +00:00 · 2026-01-26 09:08:01 +00:00
28 changed files with 67 additions and 67 deletions
--- a/.github/actions/setup-test-environment/action.yml
+++ b/.github/actions/setup-test-environment/action.yml
@@ -17,12 +17,12 @@ runs:
  using: composite
  steps:
    - name: Install uv
-      uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
+      uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
      with:
        enable-cache: true

    - name: Set up Python
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version-file: pyproject.toml

@@ -31,7 +31,7 @@ runs:
      run: uv sync --frozen

    - name: Setup Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'
        cache: npm
--- a/.github/workflows/build-testing-image.yml
+++ b/.github/workflows/build-testing-image.yml
@@ -41,7 +41,7 @@ jobs:
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -74,7 +74,7 @@ jobs:

      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
-        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter
--- a/.github/workflows/test-actions.yml
+++ b/.github/workflows/test-actions.yml
@@ -73,7 +73,7 @@ jobs:
        if: always()

      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
        if: always() && hashFiles('_tests/reports/test-results.sarif') != ''
        with:
          sarif_file: _tests/reports/test-results.sarif
--- a/.github/workflows/version-maintenance.yml
+++ b/.github/workflows/version-maintenance.yml
@@ -72,7 +72,7 @@ jobs:

      - name: Create Pull Request
        if: steps.action-versioning.outputs.updated == 'true'
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore: update action references to ${{ steps.version.outputs.major }}'
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -14,7 +14,7 @@ repos:
        types: [markdown, python, yaml]
        files: ^(docs/.*|README\.md|CONTRIBUTING\.md|CHANGELOG\.md|.*\.py|.*\.ya?ml)$
  - repo: https://github.com/astral-sh/uv-pre-commit
-    rev: 0.10.0
+    rev: 0.9.24
    hooks:
      - id: uv-lock
      - id: uv-sync
@@ -50,12 +50,12 @@ repos:
        args: [--fix]

  - repo: https://github.com/adrienverge/yamllint
-    rev: v1.38.0
+    rev: v1.37.1
    hooks:
      - id: yamllint

  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.0
+    rev: v0.14.11
    hooks:
      # Run the linter with auto-fix
      - id: ruff-check
@@ -84,7 +84,7 @@ repos:
        args: ['-shellcheck=']

  - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.500'
+    rev: '3.2.497'
    hooks:
      - id: checkov
        args:
--- a/.python-version
+++ b/.python-version
@@ -1 +1 @@
-3.14.3
+3.14.2
--- a/ansible-lint-fix/action.yml
+++ b/ansible-lint-fix/action.yml
@@ -45,7 +45,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'ansible-lint-fix'
        token: ${{ inputs.token }}
@@ -75,7 +75,7 @@ runs:

    - name: Setup Python
      if: steps.check-files.outputs.files_found == 'true'
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: '3.14'
        cache: 'pip'
@@ -130,6 +130,6 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.files_found == 'true'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: ansible-lint.sarif
--- a/biome-lint/action.yml
+++ b/biome-lint/action.yml
@@ -181,7 +181,7 @@ runs:
        echo "Detected package manager: $package_manager"

    - name: Setup Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'

@@ -212,13 +212,13 @@ runs:

    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
+      uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
      with:
        bun-version: latest

    - name: Cache Node Dependencies
      id: cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: node_modules
        key: ${{ runner.os }}-biome-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
@@ -331,7 +331,7 @@ runs:

    - name: Upload SARIF Report
      if: inputs.mode == 'check' && always()
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: biome-report.sarif

--- a/codeql-analysis/action.yml
+++ b/codeql-analysis/action.yml
@@ -107,7 +107,7 @@ runs:
  using: composite
  steps:
    - name: Validate inputs
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: codeql-analysis
        language: ${{ inputs.language }}
@@ -186,7 +186,7 @@ runs:
        echo "Using build mode: $build_mode"

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        languages: ${{ inputs.language }}
        queries: ${{ inputs.queries }}
@@ -199,12 +199,12 @@ runs:
        threads: ${{ inputs.threads }}

    - name: Autobuild
-      uses: github/codeql-action/autobuild@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }}

    - name: Perform CodeQL Analysis
      id: analysis
-      uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        category: ${{ steps.set-category.outputs.category }}
        upload: ${{ inputs.upload-results }}
--- a/compress-images/action.yml
+++ b/compress-images/action.yml
@@ -163,7 +163,7 @@ runs:

    - name: Create New Pull Request If Needed
      if: steps.calibre.outputs.markdown != ''
-      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+      uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
      with:
        token: ${{ inputs.token }}
        title: 'chore: compress images'
--- a/csharp-build/action.yml
+++ b/csharp-build/action.yml
@@ -148,7 +148,7 @@ runs:
        echo "Final detected .NET version: $detected_version" >&2

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
      with:
        dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
        cache: true
--- a/csharp-lint-check/action.yml
+++ b/csharp-lint-check/action.yml
@@ -164,7 +164,7 @@ runs:
        echo "Final detected .NET version: $detected_version" >&2

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
      with:
        dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }}
        cache: true
@@ -206,6 +206,6 @@ runs:
        fi

    - name: Upload SARIF Report
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: dotnet-format.sarif
--- a/csharp-publish/action.yml
+++ b/csharp-publish/action.yml
@@ -55,7 +55,7 @@ runs:

    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'csharp-publish'
        token: ${{ inputs.token }}
@@ -162,7 +162,7 @@ runs:
        echo "Final detected .NET version: $detected_version" >&2

    - name: Setup .NET SDK
-      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1
      with:
        dotnet-version: ${{ inputs.dotnet-version || steps.detect-dotnet-version.outputs.detected-version }}
        cache: true
--- a/docker-build/action.yml
+++ b/docker-build/action.yml
@@ -147,7 +147,7 @@ runs:

    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'docker-build'
        image-name: ${{ inputs.image-name }}
@@ -321,7 +321,7 @@ runs:

    - name: Login to GitHub Container Registry
      if: ${{ inputs.push == 'true' }}
-      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
--- a/docker-publish/action.yml
+++ b/docker-publish/action.yml
@@ -265,14 +265,14 @@ runs:

    - name: Login to Docker Hub
      if: inputs.registry == 'dockerhub' || inputs.registry == 'both'
-      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
      with:
        username: ${{ inputs.dockerhub-username }}
        password: ${{ inputs.dockerhub-token }}

    - name: Login to GitHub Container Registry
      if: inputs.registry == 'github' || inputs.registry == 'both'
-      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
--- a/eslint-lint/action.yml
+++ b/eslint-lint/action.yml
@@ -288,7 +288,7 @@ runs:
        echo "Detected package manager: $package_manager"

    - name: Setup Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'

@@ -319,13 +319,13 @@ runs:

    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
+      uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
      with:
        bun-version: latest

    - name: Cache Node Dependencies
      id: cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: node_modules
        key: ${{ runner.os }}-eslint-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
@@ -457,7 +457,7 @@ runs:

    - name: Upload SARIF Report
      if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always()
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif

--- a/go-build/action.yml
+++ b/go-build/action.yml
@@ -159,7 +159,7 @@ runs:
        echo "Final detected Go version: $detected_version" >&2

    - name: Setup Go
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
      with:
        go-version: ${{ steps.detect-go-version.outputs.detected-version }}
        cache: true
--- a/go-lint/action.yml
+++ b/go-lint/action.yml
@@ -205,7 +205,7 @@ runs:
        validate_linter_list "$DISABLE_LINTERS" "disable-linters"

    - name: Setup Go
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
      with:
        go-version: ${{ inputs.go-version }}
        cache: true
@@ -218,7 +218,7 @@ runs:
    - name: Cache golangci-lint
      id: cache
      if: inputs.cache == 'true'
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: |
          ~/.cache/golangci-lint
@@ -414,7 +414,7 @@ runs:

    - name: Upload Lint Results
      if: always() && inputs.report-format == 'sarif'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif
        category: golangci-lint
--- a/npm-publish/action.yml
+++ b/npm-publish/action.yml
@@ -121,7 +121,7 @@ runs:
        echo "Detected package manager: $package_manager"

    - name: Setup Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'

@@ -152,13 +152,13 @@ runs:

    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
+      uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
      with:
        bun-version: latest

    - name: Cache Node Dependencies
      id: cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: node_modules
        key: ${{ runner.os }}-npm-publish-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
--- a/php-tests/action.yml
+++ b/php-tests/action.yml
@@ -356,7 +356,7 @@ runs:

    - name: Cache Composer packages
      id: composer-cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: |
          vendor
--- a/pr-lint/action.yml
+++ b/pr-lint/action.yml
@@ -40,7 +40,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: pr-lint
        token: ${{ inputs.token }}
@@ -118,7 +118,7 @@ runs:

    - name: Setup Node.js
      if: steps.detect-node.outputs.found == 'true'
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'

@@ -156,14 +156,14 @@ runs:

    - name: Setup Bun
      if: steps.detect-node.outputs.found == 'true' && steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
+      uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
      with:
        bun-version: latest

    - name: Cache Node Dependencies
      if: steps.detect-node.outputs.found == 'true'
      id: node-cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: node_modules
        key: ${{ runner.os }}-pr-lint-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
@@ -486,7 +486,7 @@ runs:

    - name: Setup Python
      if: steps.detect-python.outputs.found == 'true'
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: ${{ steps.python-version.outputs.detected-version }}
        cache: 'pip'
@@ -621,7 +621,7 @@ runs:

    - name: Setup Go
      if: steps.detect-go.outputs.found == 'true'
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
+      uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
      with:
        go-version: ${{ steps.go-version.outputs.detected-version }}
        cache: true
--- a/pre-commit/action.yml
+++ b/pre-commit/action.yml
@@ -49,7 +49,7 @@ runs:

    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'pre-commit'
        token: ${{ inputs.token }}
--- a/prettier-lint/action.yml
+++ b/prettier-lint/action.yml
@@ -274,7 +274,7 @@ runs:
        echo "Detected package manager: $package_manager"

    - name: Setup Node.js
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: '24'

@@ -305,13 +305,13 @@ runs:

    - name: Setup Bun
      if: steps.detect-pm.outputs.package-manager == 'bun'
-      uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2
+      uses: oven-sh/setup-bun@b7a1c7ccf290d58743029c4f6903da283811b979 # v2.1.0
      with:
        bun-version: latest

    - name: Cache Node Dependencies
      id: cache
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: node_modules
        key: ${{ runner.os }}-prettier-lint-${{ inputs.mode }}-${{ steps.detect-pm.outputs.package-manager }}-${{ hashFiles('package-lock.json', 'yarn.lock', 'pnpm-lock.yaml', 'bun.lockb') }}
--- a/python-lint-fix/action.yml
+++ b/python-lint-fix/action.yml
@@ -64,7 +64,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'python-lint-fix'
        token: ${{ inputs.token }}
@@ -224,7 +224,7 @@ runs:

    - name: Setup Python (pip)
      if: steps.package-manager.outputs.package-manager == 'pip'
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: ${{ steps.python-version.outputs.detected-version }}
        cache: 'pip'
@@ -237,7 +237,7 @@ runs:

    - name: Setup Python (pipenv)
      if: steps.package-manager.outputs.package-manager == 'pipenv'
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: ${{ steps.python-version.outputs.detected-version }}
        cache: 'pipenv'
@@ -247,7 +247,7 @@ runs:

    - name: Setup Python (poetry)
      if: steps.package-manager.outputs.package-manager == 'poetry'
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: ${{ steps.python-version.outputs.detected-version }}
        cache: 'poetry'
@@ -370,7 +370,7 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.result == 'found'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif
        category: 'python-lint'
--- a/security-scan/action.yml
+++ b/security-scan/action.yml
@@ -65,7 +65,7 @@ runs:
  steps:
    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: security-scan
        gitleaks-license: ${{ inputs.gitleaks-license }}
@@ -99,7 +99,7 @@ runs:

    - name: Run actionlint
      if: steps.check-configs.outputs.run_actionlint == 'true'
-      uses: raven-actions/actionlint@e01d1ea33dd6a5ed517d95b4c0c357560ac6f518 # v2.1.1
+      uses: raven-actions/actionlint@963d4779ef039e217e5d0e6fd73ce9ab7764e493 # v2.1.0
      with:
        cache: true
        fail-on-error: true
@@ -161,14 +161,14 @@ runs:

    - name: Upload Trivy results
      if: steps.verify-sarif.outputs.has_trivy == 'true'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: 'trivy-results.sarif'
        category: 'trivy'

    - name: Upload Gitleaks results
      if: steps.verify-sarif.outputs.has_gitleaks == 'true'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: 'gitleaks-report.sarif'
        category: 'gitleaks'
--- a/stale/action.yml
+++ b/stale/action.yml
@@ -43,7 +43,7 @@ runs:

    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'stale'
        token: ${{ inputs.token || github.token }}
--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -78,7 +78,7 @@ runs:

    - name: Validate Inputs
      id: validate
-      uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb
+      uses: ivuorinen/actions/validate-inputs@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73
      with:
        action-type: 'terraform-lint-fix'
        token: ${{ inputs.token || github.token }}
@@ -256,7 +256,7 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+      uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
      with:
        sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
        category: terraform-lint
@@ -1 +1 @@
 .14.3
 .14.2