Nick2bad4u · Nick2bad4u · Oct 30, 2025 · Oct 30, 2025 · Oct 30, 2025
@@ -46,7 +46,7 @@ jobs:
               with:
                   shellcheck_opts: "-e SC2129"
 
-            - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+            - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: actionlint-results
                   path: ${{ steps.action-lint.outputs.results-file }}
@@ -97,7 +97,7 @@ jobs:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
             - name: Upload bumped package.json to repo
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: bumped-package-json
                   path: .
@@ -164,7 +164,7 @@ jobs:
                   ref: ${{ github.event.inputs.branch || github.ref }}
 
             - name: Download bumped package.json from bump-version job
-              uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+              uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
               with:
                   name: bumped-package-json
                   path: .
@@ -322,7 +322,7 @@ jobs:
 
             - name: Upload build dist files as artifact
               id: upload_artifact
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: dist-${{ matrix.os }}-${{ matrix.arch }}
                   path: |
@@ -362,7 +362,7 @@ jobs:
                   ref: ${{ github.event.inputs.branch || github.ref }}
 
             - name: Download all build artifacts from build job
-              uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+              uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
               with:
                   path: ./artifacts
 

@@ -125,7 +125,7 @@ jobs:
 
             # Initializes the CodeQL tools for scanning.
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+              uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
               with:
                   languages: ${{ matrix.language }}
                   source-root: .
@@ -169,7 +169,7 @@ jobs:
 
             - name: Upload CodeQL DBs (debug)
               if: always()
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: codeql-databases-${{ matrix.language }}
                   path: |
@@ -181,6 +181,6 @@ jobs:
             # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+              uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
               with:
                   category: "/language:${{matrix.language}}"
@@ -52,12 +52,12 @@ jobs:
                   done
 
             - name: Upload DevSkim SARIF as artifact
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: devskim-results
                   path: devskim-results.sarif
 
             - name: Upload DevSkim scan results to GitHub Security tab
-              uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+              uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
               with:
                   sarif_file: devskim-results.sarif
@@ -29,6 +29,6 @@ jobs:
                   input: .
                   version: latest
             - name: Upload SARIF results
-              uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+              uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
               with:
                   sarif_file: ../electronegativity_results
@@ -89,13 +89,13 @@ jobs:
               working-directory: .
 
             - name: Upload analysis results to GitHub
-              uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v2.27.0
+              uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v2.27.0
               with:
                   sarif_file: eslint-results.sarif
                   wait-for-processing: true
 
             - name: Upload ESLint SARIF as artifact
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: eslint-results
                   path: eslint-results.sarif
@@ -166,7 +166,7 @@ jobs:
 
             # Optionally, upload the FlatPak bundle as an artifact
             - name: Upload FlatPak bundle
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: flatpak-bundle
                   path: ./Uptime-Watcher.flatpak

@@ -51,7 +51,7 @@ jobs:
             # Upload MegaLinter artifacts
             - name: Archive production artifacts
               if: success() || failure()
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: MegaLinter reports
                   path: |

@@ -94,7 +94,7 @@ jobs:
             # For organization-wide consistency, document and update artifact retention policy in your repository’s CI/CD guidelines.
             - name: Upload Playwright report
               if: ${{ !cancelled() }}
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: playwright-report
                   path: playwright-report/

@@ -92,7 +92,7 @@ jobs:
                   } >> "$GITHUB_STEP_SUMMARY"
 
             - name: Upload sizes.md as artifact
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: release-asset-sizes
                   path: sizes.md
@@ -111,14 +111,14 @@ jobs:
             # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
             # format to the repository Actions tab.
             - name: "Upload artifact"
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: SARIF file
                   path: results.sarif
                   retention-days: 5
 
             # Upload the results to GitHub's code scanning dashboard.
             - name: "Upload to code-scanning"
-              uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v2.27.0
+              uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v2.27.0
               with:
                   sarif_file: results.sarif
@@ -40,6 +40,6 @@ jobs:
               uses: microsoft/security-devops-action@d0736c546281e0632667b8e0046ae3d7bba0bf67 # latest
               id: msdo
             - name: Upload results to Security tab
-              uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+              uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
               with:
                   sarif_file: ${{ steps.msdo.outputs.sarifFile }}
@@ -32,13 +32,13 @@ jobs:
                   egress-policy: audit
 
             - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-            - uses: rojopolis/spellcheck-github-actions@739a1e3ceb79a98a5d4a9bf76f351137f9d78892 # 0.52.0
+            - uses: rojopolis/spellcheck-github-actions@336d2b4c911d9e582a8e7aa1143f0e862daefbc0 # 0.53.0
               name: Spellcheck
               continue-on-error: true
               with:
                   config_path: .github/.spellcheck.yml
                   output_file: spellcheck-output.txt
-            - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+            - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               if: ${{ !cancelled() }}
               with:
                   name: Spellcheck Output

@@ -219,7 +219,7 @@ jobs:
 
             - name: Upload mutation testing reports
               if: always() # Upload reports even if Stryker fails
-              uses: actions/upload-artifact@ef09cdac3e2d3e60d8ccadda691f4f1cec5035cb # v5.0.0
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: stryker-reports-${{ github.sha }}
                   path: |

@@ -78,7 +78,7 @@ jobs:
 
             - name: Upload Stylelint Results
               if: always()
-              uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+              uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
               with:
                   name: stylelint-results
                   path: |

@@ -27,7 +27,7 @@ jobs:
               with:
                   fetch-depth: 0
             - name: Secret Scanning (entire repo)
-              uses: trufflesecurity/trufflehog@ad6fc8fb446b8fafbf7ea8193d2d6bfd42f45690 # v3.90.11
+              uses: trufflesecurity/trufflehog@b84c3d14d189e16da175e2c27fa8136603783ffc # v3.90.12
               with:
                   base: ""
                   head: ${{ github.ref_name }}