From 0f82fc68047cb264def87c18f50f385d24984bb4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 7 Jun 2026 17:30:36 +0000
Subject: [PATCH] chore(deps): update github/codeql-action action to v4.36.2

---
 .github/workflows/build-container.yml    | 2 +-
 .github/workflows/codeql.yml             | 4 ++--
 .github/workflows/gitleaks.yml           | 2 +-
 .github/workflows/go-check.yml           | 2 +-
 .github/workflows/release-go-app.yml     | 2 +-
 .github/workflows/scorecard.yml          | 2 +-
 .github/workflows/security-container.yml | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
index 561d3bb..b847642 100644
--- a/.github/workflows/build-container.yml
+++ b/.github/workflows/build-container.yml
@@ -272,7 +272,7 @@ jobs:
         # and producing a guaranteed `ref ... not found` failure. Push and
         # release events run with stable refs.
         if: inputs.scan && inputs.push && github.event_name != 'merge_group' && hashFiles('trivy-results.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: "trivy-results.sarif"
           category: "container-scan"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 25c2b60..81a5609 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -131,7 +131,7 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
@@ -149,6 +149,6 @@ jobs:
         run: bash -euo pipefail -c "$PRE_BUILD_CMD"
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           category: /language:${{ matrix.language }}
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index 56c19a6..82b57f8 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -66,7 +66,7 @@ jobs:
 
       - name: Upload SARIF to code scanning
         if: always() && hashFiles('betterleaks.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: betterleaks.sarif
           category: betterleaks
diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml
index 3a4e88b..08df042 100644
--- a/.github/workflows/go-check.yml
+++ b/.github/workflows/go-check.yml
@@ -459,7 +459,7 @@ jobs:
         # failure on every successful merge. Push and pull_request events
         # re-run the same scan with a stable ref, so coverage is not lost.
         if: always() && github.event_name != 'merge_group' && hashFiles('gosec-results.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: gosec-results.sarif
 
diff --git a/.github/workflows/release-go-app.yml b/.github/workflows/release-go-app.yml
index 59e77cc..aed857c 100644
--- a/.github/workflows/release-go-app.yml
+++ b/.github/workflows/release-go-app.yml
@@ -604,7 +604,7 @@ jobs:
         # and producing a guaranteed `ref ... not found` failure. Release/push
         # events run with stable refs.
         if: github.event_name != 'merge_group' && hashFiles('trivy-results.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: trivy-results.sarif
           category: container-scan
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index cc5bac9..326254d 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -39,6 +39,6 @@ jobs:
         # and producing a guaranteed `ref ... not found` failure. Push and
         # schedule events run with stable refs.
         if: github.event_name != 'merge_group'
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/security-container.yml b/.github/workflows/security-container.yml
index 7c9eeb8..3b3e6ec 100644
--- a/.github/workflows/security-container.yml
+++ b/.github/workflows/security-container.yml
@@ -198,7 +198,7 @@ jobs:
         # the moment the merge completes, racing with codeql-action/upload-sarif
         # and producing a guaranteed `ref ... not found` failure.
         if: always() && inputs.upload-sarif && github.event_name != 'merge_group' && hashFiles('trivy-results.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: trivy-results.sarif
           category: ${{ inputs.sarif-category }}