From 0319dd3e2eb6df65268dd48a55373f4d60676be9 Mon Sep 17 00:00:00 2001 From: JL Mitra Date: Thu, 2 Apr 2026 08:08:54 -0700 Subject: [PATCH] chore: SECENG-7706 [security] Pin versions of GitHub Actions to full commit hash This PR pins versions of GitHub Actions to full commit hash via automated scripts. In general, this PR doesn't change the behavior of the workflows, so you can merge this safely. This pull request was created by [multi-gitter](https://github.com/lindell/multi-gitter). Please merge this pull request by 2026-04-10. For any questions, please ask in the Slack channel #help-security. --- .github/workflows/docs.yml | 6 +++--- .github/workflows/jira-issue-create.yml | 4 ++-- .github/workflows/pull-request-test.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c0ea6ca..8d0db6d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1 with: ruby-version: 3.0 bundler-cache: true @@ -19,7 +19,7 @@ jobs: run: bundle exec rake yard - name: Deploy - uses: JamesIves/github-pages-deploy-action@4.1.5 + uses: JamesIves/github-pages-deploy-action@0f24da7de3e7e135102609a4c9633b025be8411b # 4.1.5 with: branch: gh-pages folder: doc diff --git a/.github/workflows/jira-issue-create.yml b/.github/workflows/jira-issue-create.yml index a238309..d7c9003 100644 --- a/.github/workflows/jira-issue-create.yml +++ b/.github/workflows/jira-issue-create.yml @@ -12,7 +12,7 @@ jobs: name: SDK Bot Jira Issue Creation steps: - name: Login - uses: atlassian/gajira-login@master + uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c # v3 env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} @@ -20,7 +20,7 @@ jobs: - name: Create issue id: create - uses: atlassian/gajira-create@master + uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec # v3 with: project: ${{ secrets.JIRA_PROJECT }} issuetype: Task diff --git a/.github/workflows/pull-request-test.yml b/.github/workflows/pull-request-test.yml index 40ae9be..1f9f0b0 100644 --- a/.github/workflows/pull-request-test.yml +++ b/.github/workflows/pull-request-test.yml @@ -10,9 +10,9 @@ jobs: matrix: ruby-version: ['2.7.8', '3.1', 'jruby'] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1 with: ruby-version: ${{ matrix.ruby-version }} bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06bade6..d0d7e41 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,15 +27,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Ruby 2.7 - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1 with: ruby-version: 2.7 - name: Set up Node.js 22 - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 22 cache: 'npm'