From f1caebbaf0b2dda056aaecdeadcfd1bce14fcdaf Mon Sep 17 00:00:00 2001
From: Yusuke Kuoka <ykuoka@gmail.com>
Date: Mon, 16 May 2022 08:59:29 +0900
Subject: [PATCH] Update codeql.yml (#1451)

Give up pinning deps with commit IDs because PRs were unreviewable due to missing changelog and it sends PRs for every commit to the master/main branch of the deps, which is undesired. We only need updates for tagged releases!
---
 .github/workflows/codeql.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 24ea5e65..ceea3e34 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -15,12 +15,12 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+        uses: actions/checkout@v3.0.2
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@32c89b94fd7eb71067f3bf2afd2bfc85efa4a880
+        uses: github/codeql-action/init@v2.1.10
         with:
           languages: go
       - name: Autobuild
-        uses: github/codeql-action/autobuild@32c89b94fd7eb71067f3bf2afd2bfc85efa4a880
+        uses: github/codeql-action/autobuild@v2.1.10
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@32c89b94fd7eb71067f3bf2afd2bfc85efa4a880
+        uses: github/codeql-action/analyze@v2.1.10