From d82437286b081d8022105203981fa0e2e5f8d48b Mon Sep 17 00:00:00 2001
From: Amir Alavi <amiralavi7@gmail.com>
Date: Wed, 4 Mar 2026 22:06:29 -0500
Subject: [PATCH] fix(ci): upgrade codeql-action to v4 and clean up security
 workflow

CodeQL Action v1 and v2 have been deprecated. Update
upload-sarif to v4, remove unnecessary strategy block
(missing required matrix property), and remove invalid
exit-code input from the upload-sarif step.
---
 .github/workflows/security.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 317bdc876..6ccbe9a78 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -17,9 +17,6 @@ jobs:
       actions: read
       contents: read
       security-events: write
-
-    strategy:
-      fail-fast: false
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -41,7 +38,6 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: 'trivy-results.sarif'
-          exit-code: '0'