Merge branch 'main' into fix-insecure-temp-file-creation-molecular-data-15634551765368123518

mhucka · web-flow · commit 3765b9e9f5fe · 2026-03-31T10:31:04.000-07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -563,7 +563,7 @@ jobs:
       # The next action simply fails if there are any unpinned actions.
       - name: Verify that all workflow actions have pinned versions
         # yamllint disable-line rule:line-length
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@471d5ace1f08e3c4df1c4c2f7e6341aa75da434a # v5.0.3
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236c6ce584ae24bc6283ba8dcf4b3ec8a066 # v5.0.4
 
       # If we didn't fail the previous check, go on to more time-consuming ones.
       - name: Install actionlint
diff --git a/.github/workflows/scorecard-scanner.yaml b/.github/workflows/scorecard-scanner.yaml
@@ -73,7 +73,7 @@ jobs:
 
       - name: Upload results to code-scanning dashboard
         # yamllint disable rule:line-length
-        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: scorecard-results.sarif
 
