fix(deps): update rustls-webpki 0.103.9 -> 0.103.10 (RUSTSEC-2026-0049)

Also revert codeql-action to tag pin in scorecard.yml — scorecard webapp rejects SHA pins for this specific action.
2026-04-12 16:10:31 +00:00 · 2026-03-20 23:07:09 +00:00
parent 533f3cd795
commit 975264c353
2 changed files with 7 additions and 7 deletions
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,7 +32,7 @@ jobs:
          repo_token: ${{ secrets.SCORECARD_TOKEN || secrets.GITHUB_TOKEN }}

      - name: Upload Scorecard results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@256d634097be96e792d6764f9edaefc4320557b1 # v4
+        uses: github/codeql-action/upload-sarif@v4 # tag required by scorecard webapp verification
        with:
          sarif_file: results.sarif
          category: scorecard