From 761e08f1687a0d4a0bdd007bc0f3ef22db0cbc82 Mon Sep 17 00:00:00 2001
From: devitway <devitway@gmail.com>
Date: Tue, 24 Feb 2026 10:41:37 +0000
Subject: [PATCH] ci: upgrade codeql-action v3 -> v4

---
 .github/workflows/ci.yml      | 2 +-
 .github/workflows/release.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e26b483..3ba5a65 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -82,7 +82,7 @@ jobs:
           exit-code: 0  # warn only; change to 1 to block the pipeline
 
       - name: Upload Trivy fs results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-fs.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 23d69e8..cd77189 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -130,7 +130,7 @@ jobs:
           exit-code: 0  # warn only; change to 1 to block on vulnerabilities
 
       - name: Upload Trivy image results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-image-${{ matrix.name }}.sarif