ci(deps): bump the all-actions group across 1 directory with 2 updates

Bumps the all-actions group with 2 updates in the / directory: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `codecov/codecov-action` from 5.5.1 to 5.5.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@5a10915...671740a) Updates `github/codeql-action` from 4.31.6 to 4.31.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@fe4161a...1b168cd) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: github/codeql-action dependency-version: 4.31.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions ... Signed-off-by: dependabot[bot] <[email protected]>
bit2me-devs · dependabot · Dec 15, 2025 · Dec 15, 2025 · 0751ba783fe717d102d8ea23caca409db46a5c1a
commit 0751ba783fe717d102d8ea23caca409db46a5c1a
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -45,7 +45,7 @@ jobs:
 
             - name: Upload coverage to Codecov
               if: matrix.node-version == '22.x'
-              uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5
+              uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5
               with:
                   files: ./coverage/coverage-final.json
                   flags: unittests

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -31,7 +31,7 @@ jobs:
               uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4
+              uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4
               with:
                   languages: ${{ matrix.language }}
                   queries: +security-and-quality
@@ -49,7 +49,7 @@ jobs:
               run: npm run build
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4
+              uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4
               with:
                   category: "/language:javascript"
 
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
@@ -50,7 +50,7 @@ jobs:
 
             - name: Upload results to GitHub Security
               if: always()
-              uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4
+              uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4
               with:
                   sarif_file: results.sarif
 
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -39,7 +39,7 @@ jobs:
                   repo_token: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Upload results to GitHub Security
-              uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4
+              uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4
               with:
                   sarif_file: results.sarif