From 8da7e6b8106da8946a7658110affc56df0b6d8ab Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Fri, 29 May 2026 18:40:41 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/codecov-scan.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codecov-scan.yaml b/.github/workflows/codecov-scan.yaml
index 67ef2c6..d29128c 100644
--- a/.github/workflows/codecov-scan.yaml
+++ b/.github/workflows/codecov-scan.yaml
@@ -37,7 +37,7 @@ jobs:
                   
          
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+      uses: step-security/codecov-action@87e66f47a0f8ab4cae465a323eb9ec63d8b6b875 # v6.0.1
       with:
         token: ${{ secrets.CODECOV_TOKEN }} 
         files: ./cover.out