From 114f9ec580c33818b8a69ecc23a00310cbda006f Mon Sep 17 00:00:00 2001 From: Fred Bricon Date: Fri, 17 Feb 2023 10:24:03 +0100 Subject: [PATCH 1/2] Pin 3rd-party actions to SHA1 in .github/workflows/vulnerability.yml --- .github/workflows/vulnerability.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerability.yml b/.github/workflows/vulnerability.yml index 5c0ffe3..71bc7f2 100644 --- a/.github/workflows/vulnerability.yml +++ b/.github/workflows/vulnerability.yml @@ -27,7 +27,7 @@ jobs: fi - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 #v2 with: # Path to SARIF file relative to the root of the repository sarif_file: gosec.sarif \ No newline at end of file From 44b7b51ef99990764b05fe22593bd1dc3b8e5061 Mon Sep 17 00:00:00 2001 From: Fred Bricon Date: Fri, 17 Feb 2023 10:24:04 +0100 Subject: [PATCH 2/2] Pin 3rd-party actions to SHA1 in .github/workflows/ci.yml --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c93f805..c918d11 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -56,7 +56,7 @@ jobs: - name: Create release if: contains(github.ref, 'tags') - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 #v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -66,7 +66,7 @@ jobs: - name: Upload release binaries if: contains(github.ref, 'tags') - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@cc92c9093e5f785e23a3d654fe2671640b851b5f #v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: _dist/*{tar.gz,zip}