diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 8ee0634..a4a34a7 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -78,7 +78,7 @@ jobs: # zero gosec findings, so there is nothing to exclude. args: '-no-fail -fmt sarif -out gosec-results.sarif ./...' - name: Upload gosec SARIF - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: gosec-results.sarif category: gosec @@ -125,16 +125,16 @@ jobs: go-version: '1.25' cache: true - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: go queries: security-extended - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 env: GOWORK: off - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 with: category: '/language:go'