Merge branch 'advanced-security:main' into main

Author: CalinL

.github/workflows/codeql-ql.yml

@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: "Set up Rust"
-        uses: dtolnay/rust-toolchain@f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561   # v1.85.1
+        uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9   # v1.85.1
         with:
           toolchain: stable
 

.github/workflows/container-publish.yml

@@ -72,7 +72,7 @@ jobs:
             type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.version }}
     
       - name: Build & Publish Container ${{ env.IMAGE_NAME }}
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         id: build
         with:
           file: "${{ inputs.container-file }}"
@@ -85,7 +85,7 @@ jobs:
 
       # Upload Software Bill of Materials (SBOM) to GitHub
       - name: Upload SBOM
-        uses: advanced-security/spdx-dependency-submission-action@f957edbb35161c1f9e33f61026fc86a671c58cae  # v0.1.2
+        uses: advanced-security/spdx-dependency-submission-action@169d22427d74f3faf93504e70b03eede8dab272a  # v0.2.0
         with:
           filePath: '.'
           filePattern: '*.spdx.json'

.github/workflows/container-security.yml

@@ -46,7 +46,7 @@ jobs:
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
 
       - name: Build Initial Container
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         id: build
         with:
           file: "${{ inputs.container-file }}"
@@ -57,7 +57,7 @@ jobs:
 
       # Scan the image for vulnerabilities
       - name: Run the Anchore / Grype scan action
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7.3.1
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
         id: scan
         with:
           image: localbuild/testimage:latest

.github/workflows/release.yml

@@ -33,7 +33,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: "Patch Release Me"
-        uses: 42ByteLabs/patch-release-me@ef44b04c04fde87280adf14548664bfbcebba04d    # 0.6.4
+        uses: 42ByteLabs/patch-release-me@6cd166a460bc205b93c29acb6fef2aa275dc0502    # 0.6.5
         with:
           mode: ${{ github.event.inputs.bump }}