From d11448c5f3104c2cda4cd25907b502bd34338359 Mon Sep 17 00:00:00 2001
From: "renovate-rancher[bot]"
 <119870437+renovate-rancher[bot]@users.noreply.github.com>
Date: Wed, 10 Jun 2026 07:56:01 +0000
Subject: [PATCH] Update GitHub Actions

---
 .github/workflows/add_issue.yaml | 2 +-
 .github/workflows/fossa.yml      | 2 +-
 .github/workflows/release.yml    | 8 ++++----
 .github/workflows/unitest.yaml   | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/add_issue.yaml b/.github/workflows/add_issue.yaml
index 9f7de69c4..5cbb484de 100644
--- a/.github/workflows/add_issue.yaml
+++ b/.github/workflows/add_issue.yaml
@@ -13,7 +13,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: app-token
         with:
           app-id: ${{ secrets.ADD_ISSUE_APP_ID }}
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index dfa734586..2667d3ec2 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 30
     steps:
     - name: Checkout
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
 
     # The FOSSA token is shared between all repos in NeuVector's GH org. It can
     # be used directly and there is no need to request specific access to EIO.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d27952ea4..334468ee5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
     - name: Load Secrets from Vault
       uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3
       with:
@@ -38,7 +38,7 @@ jobs:
       run: |
         wget https://${{ secrets.VULNDB_SERVER }}/${TAG}/cvedb.regular -O data/cvedb.regular
     - name: Publish neuvector manifest
-      uses: rancher/ecm-distro-tools/actions/publish-image@0e1697ecc955e85ec73970b66c8984241fa84a28 # v0.69.0
+      uses: rancher/ecm-distro-tools/actions/publish-image@a7a867a6376bf4a1cee397558f3c85393769f069 # v0.69.4
       with:
         push-to-public: true
         push-to-prime: false
@@ -51,7 +51,7 @@ jobs:
         public-username: ${{ env.DOCKER_USERNAME }}
         public-password: ${{ env.DOCKER_PASSWORD }}
     - name: Publish rancher manifest
-      uses: rancher/ecm-distro-tools/actions/publish-image@0e1697ecc955e85ec73970b66c8984241fa84a28 # v0.69.0
+      uses: rancher/ecm-distro-tools/actions/publish-image@a7a867a6376bf4a1cee397558f3c85393769f069 # v0.69.4
       env:
         IMAGE_PREFIX: neuvector-
       with:
@@ -79,7 +79,7 @@ jobs:
       id-token: write
     steps:
     - name: Checkout code
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
     - name: Load Secrets from Vault
       uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3
       with:
diff --git a/.github/workflows/unitest.yaml b/.github/workflows/unitest.yaml
index da24d2c24..a77039b79 100644
--- a/.github/workflows/unitest.yaml
+++ b/.github/workflows/unitest.yaml
@@ -8,7 +8,7 @@ jobs:
   unitest:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+    - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
     - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
       with:
         go-version: '1.26.3'