Update github actions

renovate[bot] · web-flow · commit d1ed800170f8 · 2025-10-30T22:16:22.000Z
| datasource  | package                | from    | to      |
| ----------- | ---------------------- | ------- | ------- |
| github-tags | anchore/sbom-action    | v0.20.8 | v0.20.9 |
| github-tags | github/codeql-action   | v4.30.9 | v4.31.2 |
| github-tags | lucacome/draft-release | v2.0.0  | v2.0.1  |


Signed-off-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml
@@ -141,7 +141,7 @@ jobs:
           fi
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         if: steps.check-sarif.outputs.sarif_has_results == 'true'
         with:
           sarif_file: govulncheck.sarif
@@ -363,7 +363,7 @@ jobs:
          overwrite: true
 
      - name: Upload Scan results to GitHub Security tab
-       uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+       uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -443,7 +443,7 @@ jobs:
          overwrite: true
 
      - name: Upload Scan results to GitHub Security tab
-       uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+       uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          sarif_file: "${{ steps.directory.outputs.directory }}/"
 
@@ -530,7 +530,7 @@ jobs:
          overwrite: true
 
      - name: Upload Scan results to GitHub Security tab
-       uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+       uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
        with:
          sarif_file: "${{ steps.directory.outputs.directory }}/"
        continue-on-error: true
@@ -546,7 +546,7 @@ jobs:
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
      - name: Create/Update Draft
-       uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0
+       uses: lucacome/draft-release@45e4395a3d8463abdb1747b20445b9be16ef6409 # v2.0.1
        id: release-notes
        with:
          minor-label: "enhancement"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -480,7 +480,7 @@ jobs:
 
       - name: Download Syft
         id: syft
-        uses: anchore/sbom-action/download-syft@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8
+        uses: anchore/sbom-action/download-syft@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9
 
       - name: Install Cosign
         uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml
@@ -61,7 +61,7 @@ jobs:
           ref: ${{ inputs.branch }}
 
       - name: Create/Update Draft
-        uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0
+        uses: lucacome/draft-release@45e4395a3d8463abdb1747b20445b9be16ef6409 # v2.0.1
         id: release-notes
         with:
           minor-label: "enhancement"
