EO-DataHub · renovate · May 11, 2026 · May 11, 2026
diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml
@@ -54,7 +54,7 @@ jobs:
         run: echo ${{ inputs.IMAGE_TAG }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
+        uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-container-registry
           aws-region: ${{ secrets.AWS_REGION }}
@@ -64,7 +64,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
+        uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # v2
         with:
           registries: ${{ inputs.AWS_ACCOUNT_ID }}
           mask-password: "true" # see: https://github.com/aws-actions/amazon-ecr-login#docker-credentials

diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
@@ -59,7 +59,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
+        uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: us-east-1 # This is the region for the public ECR
@@ -69,7 +69,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr-public
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
+        uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # v2
         with:
           registry-type: public
 

diff --git a/.github/workflows/go-build.yaml b/.github/workflows/go-build.yaml
@@ -89,7 +89,7 @@ jobs:
         with:
           name: cover.out
       - name: Check test coverage
-        uses: vladopajic/go-test-coverage@8cfd056d3bc5cc2bc64a840ded0c907aaae3dc46 # v2
+        uses: vladopajic/go-test-coverage@a93b868a4cbcbf18dc3781650fad241f0020e609 # v2
         with:
           profile: cover.out
           local-prefix: github.com/org/project

diff --git a/.github/workflows/s3-publish.yaml b/.github/workflows/s3-publish.yaml
@@ -33,7 +33,7 @@ jobs:
         with:
           name: ${{ inputs.APP_ARTIFACT }}
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
+        uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: ${{ inputs.AWS_REGION }}

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ inputs.ENABLE_BANDIT || inputs.ENABLE_SAST }}
     container:
-      image: semgrep/semgrep@sha256:7810f1d7884974ab6dda7bef8f4a2c8e165ea2142fd8260515d380e4f1407263
+      image: semgrep/semgrep@sha256:326e5f41cc972bb423b764a14febbb62bbad29ee1c01820805d077dd868fea48
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - run: semgrep scan --config auto