Merge pull request #1247 from step-security-bot/stepsecurity_remediat…

…ion_1720003240 [StepSecurity] ci: Harden GitHub Actions (Pinned Dependencies)
finos · Jul 8, 2024 · fdf060f · fdf060f
2 parents 3b6ebd5 + 70de1c4
commit fdf060f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/.github/workflows/cve-scanning.yml b/.github/workflows/cve-scanning.yml
@@ -28,9 +28,9 @@ jobs:
       matrix:
         node-version: [20]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: ${{ matrix.node-version }}
 

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -39,10 +39,10 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Use Node ${{ matrix.node }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           node-version: ${{ matrix.node }}
 
@@ -78,10 +78,10 @@ jobs:
            token-name: GITHUB_TOKEN
     steps:
     - name: Checkout repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
     - name: Configure Node
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
       with:
         node-version: 20
         registry-url: ${{ matrix.registry }}

diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -17,7 +17,7 @@ jobs:
     container:
       image: returntocorp/semgrep
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
     - run: semgrep scan --error --config auto
       env:
         SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}