From 0609134758c3b53e8fa4cd8b2b231001ca82063e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 31 May 2026 05:17:29 +0000
Subject: [PATCH] chore(deps): bump the actions group across 1 directory with 4
 updates

Bumps the actions group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml](https://github.com/hyperpolymath/panic-attacker).


Updates `github/codeql-action` from 4.34.0 to 4.36.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v4.34.0...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

Updates `actions/upload-artifact` from 5.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

Updates `actions/download-artifact` from 6.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c)

Updates `hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml` from 23b44b39698bfebce67b931d2a849281a3999812 to edbfcffec120a63fbf4cc393f1439d32589248d7
- [Release notes](https://github.com/hyperpolymath/panic-attacker/releases)
- [Changelog](https://github.com/hyperpolymath/panic-attack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hyperpolymath/panic-attacker/compare/23b44b39698bfebce67b931d2a849281a3999812...edbfcffec120a63fbf4cc393f1439d32589248d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml
  dependency-version: edbfcffec120a63fbf4cc393f1439d32589248d7
  dependency-type: direct:production
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/scorecard-enforcer.yml | 6 +++---
 .github/workflows/security-scan.yml      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/scorecard-enforcer.yml b/.github/workflows/scorecard-enforcer.yml
index 75e2385..a5de43d 100644
--- a/.github/workflows/scorecard-enforcer.yml
+++ b/.github/workflows/scorecard-enforcer.yml
@@ -49,12 +49,12 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF
-        uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
         with:
           sarif_file: results.sarif
 
       - name: Persist SARIF for downstream score-gate job
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: scorecard-results
           path: results.sarif
@@ -67,7 +67,7 @@ jobs:
       contents: read
     steps:
       - name: Download SARIF from scorecard job
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v5.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v5.0.0
         with:
           name: scorecard-results
 
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 7466538..1d09320 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   scan:
-    uses: hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml@23b44b39698bfebce67b931d2a849281a3999812
+    uses: hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml@edbfcffec120a63fbf4cc393f1439d32589248d7
 
     secrets:
       VERISIMDB_PAT: ${{ secrets.VERISIMDB_PAT }}