From c7e2ce0be158d92d722da5aae7236d52116be5a2 Mon Sep 17 00:00:00 2001
From: "m.semalaiappan" <m.semalaiappan@gmail.com>
Date: Tue, 4 Feb 2025 14:24:08 -0600
Subject: [PATCH] Approved Github Actions updated

---
 .github/workflows/CodeQL Security Scan.yml            | 4 ++--
 .github/workflows/Dependencies Security Scan.yml      | 2 +-
 .github/workflows/Pkg EdFi.Database.Admin.yml         | 2 +-
 .github/workflows/Pkg EdFi.Database.Security.yml      | 2 +-
 .github/workflows/Scorecard supply-chain security.yml | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/CodeQL Security Scan.yml b/.github/workflows/CodeQL Security Scan.yml
index e42b6bcdfb..0762ff435e 100644
--- a/.github/workflows/CodeQL Security Scan.yml	
+++ b/.github/workflows/CodeQL Security Scan.yml	
@@ -43,7 +43,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # codeql-bundle-v2.15.2
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169  # v3.28.0
         with:
           languages: 'csharp'
       - name: Checkout Ed-Fi-ODS-Implementation
@@ -96,4 +96,4 @@ jobs:
         run: |
              .\build.githubactions.ps1 build -Configuration ${{ env.CONFIGURATION }} -InformationalVersion ${{ env.INFORMATIONAL_VERSION}} -BuildCounter ${{ github.run_number }} -BuildIncrementer ${{env.BUILD_INCREMENTER}}  -Solution "$env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/Application/Ed-Fi-Ods.sln" -StandardVersion ${{ matrix.StandardVersion }}
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034  # codeql-bundle-v2.15.2
\ No newline at end of file
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169  # v3.28.0
\ No newline at end of file
diff --git a/.github/workflows/Dependencies Security Scan.yml b/.github/workflows/Dependencies Security Scan.yml
index 02932b1581..dbd7bfa558 100644
--- a/.github/workflows/Dependencies Security Scan.yml	
+++ b/.github/workflows/Dependencies Security Scan.yml	
@@ -47,4 +47,4 @@ jobs:
         run: |
              .\build.githubactions.ps1 CheckoutBranch -RelativeRepoPath "."
       - name: Dependency Review ("Dependabot on PR")
-        uses: actions/dependency-review-action@11310527b429536e263dc6cc47873e608189ba21  # v3.0.1
\ No newline at end of file
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019  # v4.5.0
\ No newline at end of file
diff --git a/.github/workflows/Pkg EdFi.Database.Admin.yml b/.github/workflows/Pkg EdFi.Database.Admin.yml
index f3ab20a737..ca49429c46 100644
--- a/.github/workflows/Pkg EdFi.Database.Admin.yml	
+++ b/.github/workflows/Pkg EdFi.Database.Admin.yml	
@@ -95,7 +95,7 @@ jobs:
           $PSVersionTable
           . $env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/logistics/scripts/activities/build/create-database-package.ps1 -Output NugetPackages -DatabaseType Admin -ExtensionVersion ${{ matrix.ExtensionVersion }} -StandardVersion ${{ matrix.StandardVersion }} -SQLPackage "C:\ProgramData\chocolatey\lib\sqlpackage\tools"
     - name: Use NuGet
-      uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1
+      uses: nuget/setup-nuget@323ab0502cd38fdc493335025a96c8fdb0edc71f # v2.0.1
       with:
         nuget-version: '5.x'
     - name: Create NuGet package
diff --git a/.github/workflows/Pkg EdFi.Database.Security.yml b/.github/workflows/Pkg EdFi.Database.Security.yml
index aa2d336013..2eb60ced43 100644
--- a/.github/workflows/Pkg EdFi.Database.Security.yml	
+++ b/.github/workflows/Pkg EdFi.Database.Security.yml	
@@ -95,7 +95,7 @@ jobs:
           $PSVersionTable
           . $env:GITHUB_WORKSPACE/Ed-Fi-ODS-Implementation/logistics/scripts/activities/build/create-database-package.ps1 -Output NugetPackages -DatabaseType Security -ExtensionVersion ${{ matrix.ExtensionVersion }} -StandardVersion ${{ matrix.StandardVersion }} -SQLPackage "C:\ProgramData\chocolatey\lib\sqlpackage\tools"
     - name: Use NuGet
-      uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa # v1
+      uses: nuget/setup-nuget@323ab0502cd38fdc493335025a96c8fdb0edc71f # v2.0.1
       with:
         nuget-version: '5.x'
     - name: Create NuGet package
diff --git a/.github/workflows/Scorecard supply-chain security.yml b/.github/workflows/Scorecard supply-chain security.yml
index 8d622fa113..7a86b6bba7 100644
--- a/.github/workflows/Scorecard supply-chain security.yml	
+++ b/.github/workflows/Scorecard supply-chain security.yml	
@@ -61,6 +61,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 # codeql-bundle-v2.16.2
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 #v3.28.0
         with:
           sarif_file: scorecard.sarif