From f367d914c1dc21e55a95d8cecb4b97cf1407fc5d Mon Sep 17 00:00:00 2001 From: jcchavezs Date: Tue, 9 Jun 2026 17:59:49 +0200 Subject: [PATCH] chore(security): uses pinned versions of actions --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/cross-browser.yml | 14 +++++++------- .github/workflows/npm-release.yml | 2 +- .github/workflows/publish.yml | 8 ++++---- .github/workflows/rl-secure.yml | 2 +- .github/workflows/snyk.yml | 2 +- .github/workflows/test.yml | 10 +++++----- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 073bd435..1c06a39f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,18 +36,18 @@ jobs: run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@v4 + uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: category: '/language:${{ matrix.language }}' diff --git a/.github/workflows/cross-browser.yml b/.github/workflows/cross-browser.yml index ed8b746a..1bd5444d 100644 --- a/.github/workflows/cross-browser.yml +++ b/.github/workflows/cross-browser.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha || github.ref }} @@ -38,7 +38,7 @@ jobs: node: ${{ env.NODE_VERSION }} - name: Upload build artifacts - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: dist-${{ github.run_id }} path: dist @@ -58,18 +58,18 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Download build artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: dist-${{ github.run_id }} path: dist - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ env.NODE_VERSION }} @@ -77,7 +77,7 @@ jobs: run: npm i - name: Run cross-browser tests - uses: cypress-io/github-action@v7 + uses: cypress-io/github-action@948d67d3074f1bbb6379c8bdbb04e95d2f8e593f # v7.4.0 with: browser: ${{ matrix.browser }} start: npm run start:local @@ -88,7 +88,7 @@ jobs: - name: Upload Cypress screenshots if: failure() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: cypress-screenshots-${{ matrix.browser }}-${{ github.run_id }} path: projects/playground/e2e/screenshots diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml index d4aca321..ab7b5737 100644 --- a/.github/workflows/npm-release.yml +++ b/.github/workflows/npm-release.yml @@ -27,7 +27,7 @@ jobs: steps: # Checkout the code - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 607fa611..58e15ea4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 ref: ${{ github.event.inputs.branch }} @@ -59,7 +59,7 @@ jobs: # Ensure tag does not already exist. - name: Validate version - uses: actions/github-script@v9 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: vtag: ${{ env.vtag }} with: @@ -88,13 +88,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 ref: ${{ github.event.inputs.branch }} - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ env.NODE_VERSION }} diff --git a/.github/workflows/rl-secure.yml b/.github/workflows/rl-secure.yml index 0aa42d8c..2a7ed7ce 100644 --- a/.github/workflows/rl-secure.yml +++ b/.github/workflows/rl-secure.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index a1afa8a3..b90783ed 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -29,7 +29,7 @@ jobs: - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group' run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection. - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha || github.ref }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e3a94a89..2d7810c4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Build package uses: ./.github/actions/build @@ -44,10 +44,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ matrix.NODE_VERSION }} @@ -66,10 +66,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ env.NODE_VERSION }}