From d42daef874e8bc4ff7eb42b775292a8c4c9b268c Mon Sep 17 00:00:00 2001
From: "renovate-rancher[bot]"
 <119870437+renovate-rancher[bot]@users.noreply.github.com>
Date: Tue, 9 Jun 2026 13:57:42 +0000
Subject: [PATCH] Update GitHub Actions

---
 .github/workflows/fossa.yml               | 6 +++---
 .github/workflows/lint-unitest.yaml       | 2 +-
 .github/workflows/publish-on-tagging.yaml | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 3ceed8133..2667d3ec2 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -15,18 +15,18 @@ jobs:
     timeout-minutes: 30
     steps:
     - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
 
     # The FOSSA token is shared between all repos in NeuVector's GH org. It can
     # be used directly and there is no need to request specific access to EIO.
     - name: Read FOSSA token
-      uses: rancher-eio/read-vault-secrets@7282bf97898cd1c16c89f837e0bb442e6d384c89 # v3
+      uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3
       with:
         secrets: |
           secret/data/github/org/neuvector/fossa/credentials token | FOSSA_API_KEY_PUSH_ONLY
 
     - name: FOSSA scan
-      uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0
+      uses: fossas/fossa-action@ff70fe9fe17cbd2040648f1c45e8ec4e4884dcf3 # v1.9.0
       with:
         api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
         # Only runs the scan and do not provide/returns any results back to the
diff --git a/.github/workflows/lint-unitest.yaml b/.github/workflows/lint-unitest.yaml
index 574c913dc..88f8e70bc 100644
--- a/.github/workflows/lint-unitest.yaml
+++ b/.github/workflows/lint-unitest.yaml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           fetch-depth: 0
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
diff --git a/.github/workflows/publish-on-tagging.yaml b/.github/workflows/publish-on-tagging.yaml
index 90ddfdc8f..1231dd65d 100644
--- a/.github/workflows/publish-on-tagging.yaml
+++ b/.github/workflows/publish-on-tagging.yaml
@@ -12,10 +12,10 @@ jobs:
     env:
       TAG: ${{ github.ref_name }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
       - name: Setup helm
         uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
         with:
           ref: gh-pages
           path: gh-pages