[CI] Bump actions' versions in scorecard workflow

lukaszstolarczuk · lukaszstolarczuk · commit 45ca57ee71dd · 2024-03-21T19:06:53.000+01:00
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -29,22 +29,22 @@ jobs:
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     - name: Run analysis
-      uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+      uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
       with:
         results_file: scorecard_results.sarif
         results_format: sarif
         publish_results: true
 
     # Upload the results as artifacts to the repository Actions tab.
     - name: Upload artifact
-      uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # 4.0.0
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
       with:
         name: Scorecard results
         path: scorecard_results.sarif
         retention-days: 5
 
     # Upload the results to GitHub's code scanning dashboard.
     - name: Upload to code-scanning
-      uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+      uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
       with:
         sarif_file: scorecard_results.sarif
