From 79e813919407c69753d705d3c7f462bc312a4a4e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 06:08:17 +0000
Subject: [PATCH] Update GitHub Actions

---
 .github/workflows/ci.yml         | 4 ++--
 .github/workflows/claude.yml     | 2 +-
 .github/workflows/lighthouse.yml | 2 +-
 .github/workflows/scorecard.yml  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 35e0126..f6d2747 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,7 +28,7 @@ jobs:
 
       - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2.2.0
         with:
-          bun-version: 1.3.13
+          bun-version: 1.3.14
 
       # Bun is the package manager and script runner, but Next.js (and tsc)
       # run on Node. The runner image is pinned (ubuntu-24.04) but Node
@@ -187,7 +187,7 @@ jobs:
           # TruffleHog diffs base..head and needs the full history present.
           fetch-depth: 0
       - name: TruffleHog scan
-        uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26  # v3.95.2
+        uses: trufflesecurity/trufflehog@37b77001d0174ebec2fcca2bd83ff83a6d45a3ab  # v3.95.3
         with:
           # On PRs: scan the diff between base and head. On push to main:
           # scan the previous commit to HEAD. The action infers both from
diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml
index aef1eaf..f03b001 100644
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -45,7 +45,7 @@ jobs:
         with:
           fetch-depth: 1
 
-      - uses: anthropics/claude-code-action@476e359e6203e73dad705c8b322e333fabbd7416 # v1.0.119
+      - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1.0.121
         with:
           anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml
index 868e922..f865078 100644
--- a/.github/workflows/lighthouse.yml
+++ b/.github/workflows/lighthouse.yml
@@ -24,7 +24,7 @@ jobs:
 
       - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2.2.0
         with:
-          bun-version: 1.3.13
+          bun-version: 1.3.14
 
       # Bun is the package manager and script runner, but Next.js (and the
       # lhci binary) run on Node. The runner image is pinned (ubuntu-24.04)
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index d07c57c..e8bd2a0 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -83,6 +83,6 @@ jobs:
           retention-days: 7
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e  # v4.35.4
         with:
           sarif_file: results.sarif