update version comments since dependabot doesn't do it (#617)

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

update version comments since dependabot doesn't do it (#617)
9e237b13 · Bob Callaway · GitHub · d20427b4 · 9e237b13 · 9e237b13
Unverified Commit 9e237b13 authored 3 years ago by Bob Callaway Committed by GitHub 3 years ago
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,7 +52,7 @@ jobs:
          version: v0.9.3

      - name: Set up Cloud SDK
-        uses: google-github-actions/auth@7a360a247cce1245c1d13bc63d8b2ac927d201c8 #v0.4.4
+        uses: google-github-actions/auth@7a360a247cce1245c1d13bc63d8b2ac927d201c8 #v0.5.0
        with:
          workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-rekor'
          service_account: 'github-actions-rekor@projectsigstore.iam.gserviceaccount.com'

--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -39,12 +39,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.28
+      uses: github/codeql-action/init@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.29
      with:
        languages: ${{ matrix.language }}

    - name: Autobuild
-      uses: github/codeql-action/autobuild@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.28
+      uses: github/codeql-action/autobuild@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.29

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.28
+      uses: github/codeql-action/analyze@384cfc42b2131df01c009d3d2eed7b78d8e8556e #v1.0.29