From bfb726f361981ab06a9b00476a572944af50a20c Mon Sep 17 00:00:00 2001
From: "enechange-renovate[bot]"
 <254051205+enechange-renovate[bot]@users.noreply.github.com>
Date: Sat, 28 Mar 2026 10:40:38 +0000
Subject: [PATCH] chore(deps): update github-actions

---
 .github/workflows/ci.yml      | 2 +-
 .github/workflows/publish.yml | 2 +-
 .github/workflows/trivy.yml   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1302df8..f203db0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,6 +29,6 @@ jobs:
         run: bash validate.sh
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
+        uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 4ed27c1..0918bea 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -158,7 +158,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
 
       - name: Sign the image
         env:
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 2651945..524d614 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -45,7 +45,7 @@ jobs:
           version: 'v0.68.2'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'