From 93b86e4043a516b5e3096bb3d79a836bb1cea305 Mon Sep 17 00:00:00 2001 From: jcchavezs Date: Tue, 9 Jun 2026 17:40:14 +0200 Subject: [PATCH] chore(security): uses pinned versions of actions --- .github/workflows/check-content-version.yml | 2 +- .github/workflows/clean-redirects-pr.yml | 6 +++--- .github/workflows/integration-tests.yml | 4 ++-- .github/workflows/push-notify.yml | 2 +- .github/workflows/semgrep.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/check-content-version.yml b/.github/workflows/check-content-version.yml index 8d471da8b9..48163579af 100644 --- a/.github/workflows/check-content-version.yml +++ b/.github/workflows/check-content-version.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Make script executable run: chmod +x scripts/check-version.sh diff --git a/.github/workflows/clean-redirects-pr.yml b/.github/workflows/clean-redirects-pr.yml index 06b704805c..718dca44af 100644 --- a/.github/workflows/clean-redirects-pr.yml +++ b/.github/workflows/clean-redirects-pr.yml @@ -14,8 +14,8 @@ jobs: id: date run: echo "current_date=$(date +'%Y-%m-%d')" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 + - uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2 with: node-version: '14.17' cache: 'yarn' @@ -23,7 +23,7 @@ jobs: - run: yarn run clean-redirects - name: Create Pull Request id: cpr - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@01f7dd1d28f5131231ba3ede0f1c8cb413584a1d # v3.9.2 with: commit-message: Redirects config cleanup ${{ env.current_date }} committer: GitHub diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 3c1be5f76d..a8f3fd59e2 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -13,14 +13,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: fetch-depth: 0 - name: Get branch name id: branch-name uses: tj-actions/branch-names@6c999acf206f5561e19f46301bb310e9e70d8815 # v7.0.7 on 2025-03-20 - name: Wait for Tests Results - uses: convictional/trigger-workflow-and-wait@v1.6.1 + uses: convictional/trigger-workflow-and-wait@924e4984551efec603bec665c0663332498c381a # v1.6.1 with: owner: ${{ secrets.NOTIFY_ORG }} repo: ${{ secrets.NOTIFY_REPO }} diff --git a/.github/workflows/push-notify.yml b/.github/workflows/push-notify.yml index a47e96380d..18dcb0f464 100644 --- a/.github/workflows/push-notify.yml +++ b/.github/workflows/push-notify.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Webhook Notify - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: github-token: ${{ secrets.NOTIFY_PAT_TOKEN }} script: | diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 19d6073644..cd1925298a 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -9,7 +9,7 @@ jobs: image: returntocorp/semgrep if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot') steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - run: semgrep ci env: SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} \ No newline at end of file