From 8b223d21808f1dd4023ef7c02af3ded22e53b641 Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Fri, 29 May 2026 19:06:23 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 894d9d5..b845f6e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
                 run: ./mvnw clean verify --show-version --batch-mode --errors -PbuildKar -Drevision=${{ needs.test.outputs.version }}
 
             -   name: Release
-                uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+                uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0
                 with:
                     files: |
                         ./target/*.kar
@@ -43,7 +43,7 @@ jobs:
                     draft: false
                     prerelease: false
             -   name: Push
-                uses: ad-m/github-push-action@d30dc2d070765d7e509df00c34c5fa2dd636ff74 # master
+                uses: step-security/ad-m-github-push-action@4f2a5a64cb99d1588e58df11a0729c5d2bf401dc # v1.0.0
                 with:
                     github_token: ${{ secrets.GITHUB_TOKEN }}
                     branch: master