From f9cda85250f20ca7811c6e36124eb3efe8f20bd9 Mon Sep 17 00:00:00 2001 From: Hans Aikema Date: Sat, 29 Jul 2023 10:17:05 +0200 Subject: [PATCH] chore: switch to sha1-pinning as suggested by Semgrep --- .github/workflows/build.yml | 2 +- .github/workflows/pull_requests.yml | 4 ++-- .github/workflows/release.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2e0a83e637..de87b193235 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,7 @@ jobs: server-id: ossrh server-username: ${{ secrets.OSSRH_USERNAME }} server-password: ${{ secrets.OSSRH_TOKEN }} - - uses: pnpm/action-setup@v2.4.0 + - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 with: version: 6.0.2 - name: Build Snapshot with Maven diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 556de90edb3..8fde59f473c 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -31,7 +31,7 @@ jobs: with: java-version: 8 distribution: 'zulu' - - uses: pnpm/action-setup@v2.4.0 + - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 with: version: 6.0.2 - name: Test with Maven @@ -68,7 +68,7 @@ jobs: with: java-version: 8 distribution: 'zulu' - - uses: pnpm/action-setup@v2.4.0 + - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 with: version: 6.0.2 - name: Regression Test Maven Plugin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a82a999a306..74aff3994dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,7 +57,7 @@ jobs: server-id: ossrh server-username: ${{ secrets.OSSRH_USERNAME }} server-password: ${{ secrets.OSSRH_TOKEN }} - - uses: pnpm/action-setup@v2.4.0 + - uses: pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598 # v2.4.0 with: version: 6.0.2 - name: Configure Git user