fix(scorecard): Could not pin upload-sarif action

Signed-off-by: Helio Chissini de Castro <dev@heliocastro.info>

Author: heliocastro

.github/workflows/scorecard.yml

@@ -10,9 +10,9 @@ on:
   # To guarantee Maintained check is occasionally updated. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
-    - cron: '19 19 * * 4'
+    - cron: "19 19 * * 4"
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   workflow_dispatch:
 
 # Declare default permissions as read only.
@@ -38,7 +38,7 @@ jobs:
         uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
         with:
           egress-policy: audit
-          
+
       - name: "Checkout code"
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
@@ -79,6 +79,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f0489abddd4e5e9dff53ed28a45b1d6f88978a1b
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif