From 23480bae60e5e20052f46453b59cdd067b6f808b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 May 2026 05:56:31 +0000
Subject: [PATCH] chore(deps): Bump the actions-minor-patch group across 1
 directory with 5 updates

Bumps the actions-minor-patch group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [anchore/workflows/.github/workflows/codeql.yaml](https://github.com/anchore/workflows) | `0.5.0` | `0.6.0` |
| [anchore/workflows/.github/workflows/check-version-available.yaml](https://github.com/anchore/workflows) | `0.4.0` | `0.6.0` |
| [anchore/workflows/.github/workflows/check-gate.yaml](https://github.com/anchore/workflows) | `0.4.0` | `0.6.0` |
| [anchore/go-make](https://github.com/anchore/go-make) | `0.4.0` | `0.5.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.3` | `0.5.5` |



Updates `anchore/workflows/.github/workflows/codeql.yaml` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](https://github.com/anchore/workflows/compare/e8cee3a5916cebb68cda68b54c180f43394c1910...15122524ced7906bfa9685eeae12e22647773ea6)

Updates `anchore/workflows/.github/workflows/check-version-available.yaml` from 0.4.0 to 0.6.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](https://github.com/anchore/workflows/compare/8b2b1caf40e03933c6807e03b99e883e2ceb5ac8...15122524ced7906bfa9685eeae12e22647773ea6)

Updates `anchore/workflows/.github/workflows/check-gate.yaml` from 0.4.0 to 0.6.0
- [Release notes](https://github.com/anchore/workflows/releases)
- [Commits](https://github.com/anchore/workflows/compare/8b2b1caf40e03933c6807e03b99e883e2ceb5ac8...15122524ced7906bfa9685eeae12e22647773ea6)

Updates `anchore/go-make` from 0.4.0 to 0.5.0
- [Release notes](https://github.com/anchore/go-make/releases)
- [Commits](https://github.com/anchore/go-make/compare/88c36505984649108439f13fb35dcaea4ce61d94...9de27be11ed73e2f9d5406a836a492b7d8aa1225)

Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.5
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...a16621b09c6db4281f81a93cb393b05dcd7b7165)

---
updated-dependencies:
- dependency-name: anchore/workflows/.github/workflows/codeql.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-version-available.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/workflows/.github/workflows/check-gate.yaml
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: anchore/go-make
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-patch
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yaml                  | 2 +-
 .github/workflows/release.yaml                 | 6 +++---
 .github/workflows/validate-github-actions.yaml | 2 +-
 .github/workflows/validations.yaml             | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 00dda19..06b5dbc 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -13,7 +13,7 @@ permissions: {}
 jobs:
   analyze:
     name: Analyze
-    uses: anchore/workflows/.github/workflows/codeql.yaml@e8cee3a5916cebb68cda68b54c180f43394c1910 # v0.5.0
+    uses: anchore/workflows/.github/workflows/codeql.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0
     permissions:
       security-events: write
       packages: read
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cdc989c..376399f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -16,7 +16,7 @@ on:
 
 jobs:
   version-available:
-    uses: anchore/workflows/.github/workflows/check-version-available.yaml@8b2b1caf40e03933c6807e03b99e883e2ceb5ac8 # v0.4.0
+    uses: anchore/workflows/.github/workflows/check-version-available.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0
     permissions:
       contents: read # required for the reusable workflow to check out the repo and verify the version
     with:
@@ -25,7 +25,7 @@ jobs:
   check-gate:
     permissions:
       checks: read # required for getting the status of specific check names
-    uses: anchore/workflows/.github/workflows/check-gate.yaml@8b2b1caf40e03933c6807e03b99e883e2ceb5ac8 # v0.4.0
+    uses: anchore/workflows/.github/workflows/check-gate.yaml@15122524ced7906bfa9685eeae12e22647773ea6 # v0.6.0
     with:
       # these are checks that should be run on pull-request and merges to main.
       # we do NOT want to kick off a release if these have not been verified on main.
@@ -45,7 +45,7 @@ jobs:
           persist-credentials: true # needed for pushing a tag
 
       # setup checkout, go, go-make, binny, and cache go modules
-      - uses: anchore/go-make/.github/actions/setup@88c36505984649108439f13fb35dcaea4ce61d94 # v0.4.0
+      - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0
 
       - name: Create release
         env:
diff --git a/.github/workflows/validate-github-actions.yaml b/.github/workflows/validate-github-actions.yaml
index 694cd69..1960f38 100644
--- a/.github/workflows/validate-github-actions.yaml
+++ b/.github/workflows/validate-github-actions.yaml
@@ -25,7 +25,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run zizmor"
-        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+        uses: zizmorcore/zizmor-action@a16621b09c6db4281f81a93cb393b05dcd7b7165 # v0.5.5
         with:
           # there is a pass/fail gate as a repo ruleset (if there is no ruleset configured then the action will pass by default)
           advanced-security: true
diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
index f1c6968..51fbb65 100644
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@@ -17,7 +17,7 @@ jobs:
       contents: read
     steps:
       # setup checkout, go, go-make, binny, and cache go modules
-      - uses: anchore/go-make/.github/actions/setup@88c36505984649108439f13fb35dcaea4ce61d94 # v0.4.0
+      - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0
 
       - name: Run static analysis
         run: make static-analysis
@@ -30,7 +30,7 @@ jobs:
       contents: read
     steps:
       # setup checkout, go, go-make, binny, and cache go modules
-      - uses: anchore/go-make/.github/actions/setup@88c36505984649108439f13fb35dcaea4ce61d94 # v0.4.0
+      - uses: anchore/go-make/.github/actions/setup@9de27be11ed73e2f9d5406a836a492b7d8aa1225 # v0.5.0
 
       - name: Run unit tests
         run: make unit