From ba52be02c71646081d8847c1453ff1117a432d74 Mon Sep 17 00:00:00 2001 From: jcchavezs Date: Tue, 9 Jun 2026 17:38:12 +0200 Subject: [PATCH] chore(security): uses pinned versions of actions --- .github/workflows/build.yml | 4 ++-- .github/workflows/npm-release.yml | 2 +- .github/workflows/snyk.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e747d19a..05ec6a67 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,9 +28,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 - run: npm ci diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index 1595357d..5cbf25d9 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -26,7 +26,7 @@ jobs: steps: # Checkout the code - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 29e6b3a0..fc4b1064 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -29,7 +29,7 @@ jobs: - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: ${{ github.event.pull_request.head.sha || github.ref }}