chore(deps): lock file maintenance (#3014)

* chore(deps): lock file maintenance

Signed-off-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com>

* use semgrep action from geti-ci

Signed-off-by: Barabanov <[email protected]>

* fix pre-commit

Signed-off-by: Barabanov <[email protected]>

* update sha

Signed-off-by: Barabanov <[email protected]>

* remove local semgrep action

Signed-off-by: Barabanov <[email protected]>

* update sha

Signed-off-by: Barabanov <[email protected]>

* update semgrepignore

Signed-off-by: Barabanov <[email protected]>

---------

Signed-off-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com>
Signed-off-by: Barabanov <[email protected]>
Co-authored-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com>
Co-authored-by: Barabanov <[email protected]>

Author: oep-renovate[bot]

.github/actions/security/semgrep/README.md

@@ -93,14 +93,13 @@ jobs:
   semgrep:
     if: contains(inputs.tools, 'semgrep')
     runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep@sha256:ee3c01c9d33a975209d6bcda050520a45366d79e2919c15baca4014e8634a9ac # v1.124.0
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         with:
           persist-credentials: false
+          fetch-depth: 0
       - name: Run Semgrep scan
-        uses: ./.github/actions/security/semgrep
+        uses: open-edge-platform/geti-ci/actions/semgrep@4ec90fb54c7be053e40b9e3ecdf399cf501596ca
         with:
           scan-scope: ${{ inputs.scan-scope }}
           severity: ${{ inputs.severity-level }}

.github/actions/security/semgrep/action.yaml

@@ -0,0 +1 @@
+**/uv.lock