From 0a7aaf5b1bd542255cfa657bb506f436e4308c08 Mon Sep 17 00:00:00 2001
From: "renovate-pagopa[bot]"
 <164534245+renovate-pagopa[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:40:53 +0000
Subject: [PATCH] Pin dependencies

---
 .github/actions/build-nextjs-website/action.yaml |  2 +-
 .github/actions/deploy/action.yaml               |  2 +-
 .github/workflows/deploy_ac_sync_lambda.yaml     | 10 +++++-----
 .github/workflows/move_latest_tag.yaml           |  2 +-
 apps/chatbot/docker/app.Dockerfile               |  2 +-
 apps/chatbot/docker/app.local.Dockerfile         |  2 +-
 apps/chatbot/docker/compose.test.yaml            |  4 ++--
 apps/chatbot/docker/compose.yaml                 |  4 ++--
 apps/chatbot/load-test/docker-compose.yml        |  4 ++--
 9 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/actions/build-nextjs-website/action.yaml b/.github/actions/build-nextjs-website/action.yaml
index c6e57c036b..442f9d6ecc 100644
--- a/.github/actions/build-nextjs-website/action.yaml
+++ b/.github/actions/build-nextjs-website/action.yaml
@@ -54,7 +54,7 @@ runs:
   using: "composite"
   steps:
     - name: Download GitBook docs
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         repository: pagopa/devportal-docs
         ref: docs/from-gitbook
diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml
index 4c61586086..9d75e0f3c7 100644
--- a/.github/actions/deploy/action.yaml
+++ b/.github/actions/deploy/action.yaml
@@ -74,7 +74,7 @@ runs:
       run: npm run compile
 
     - name: Download GitBook docs
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         repository: pagopa/devportal-docs
         ref: docs/from-gitbook
diff --git a/.github/workflows/deploy_ac_sync_lambda.yaml b/.github/workflows/deploy_ac_sync_lambda.yaml
index 9c1c3fa779..788e400938 100644
--- a/.github/workflows/deploy_ac_sync_lambda.yaml
+++ b/.github/workflows/deploy_ac_sync_lambda.yaml
@@ -24,10 +24,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3
         with:
           node-version: '20.x'
 
@@ -40,7 +40,7 @@ jobs:
         run: zip -r function.zip .
 
       - name: Archive build artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3
         with:
           name: active-campaign-client
           path: packages/active-campaign-client/dist/function.zip
@@ -57,13 +57,13 @@ jobs:
 
     steps:
       - name: Download build artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
         with:
           name: active-campaign-client
           path: ./packages/active-campaign-client/target
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2
         with:
           role-to-assume: ${{ secrets.DEPLOY_IAM_ROLE }}
           aws-region: eu-south-1
diff --git a/.github/workflows/move_latest_tag.yaml b/.github/workflows/move_latest_tag.yaml
index 7bee4f6f88..bbd22e8f96 100644
--- a/.github/workflows/move_latest_tag.yaml
+++ b/.github/workflows/move_latest_tag.yaml
@@ -12,7 +12,7 @@ jobs:
     if: ${{ startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '@latest') }}
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       
     - name: Get commit hash associated with the new tag
       id: get-commit
diff --git a/apps/chatbot/docker/app.Dockerfile b/apps/chatbot/docker/app.Dockerfile
index 56bd38451b..d5880f110b 100644
--- a/apps/chatbot/docker/app.Dockerfile
+++ b/apps/chatbot/docker/app.Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/python:3.12
+FROM public.ecr.aws/lambda/python:3.12@sha256:92c88c1adc374b073b07b12bd4045497af7da68230d47c2b330423115c5850dc
 ARG DEBIAN_FRONTEND=noninteractive
 
 ENV PYTHONPATH=$LAMBDA_TASK_ROOT
diff --git a/apps/chatbot/docker/app.local.Dockerfile b/apps/chatbot/docker/app.local.Dockerfile
index ba490b2572..de54d4b496 100644
--- a/apps/chatbot/docker/app.local.Dockerfile
+++ b/apps/chatbot/docker/app.local.Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12.4-slim-bullseye
+FROM python:3.12.4-slim-bullseye@sha256:26ce493641ad3b1c8a6202117c31340c7bbb2dc126f1aeee8ea3972730a81dc6
 ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
diff --git a/apps/chatbot/docker/compose.test.yaml b/apps/chatbot/docker/compose.test.yaml
index b696d9e324..a44412dddb 100644
--- a/apps/chatbot/docker/compose.test.yaml
+++ b/apps/chatbot/docker/compose.test.yaml
@@ -20,7 +20,7 @@ services:
       - ntw
 
   dynamodb:
-    image: amazon/dynamodb-local:2.5.2
+    image: amazon/dynamodb-local:2.5.2@sha256:d7ebddeb60fa418bcda218a6c6a402a58441b2a20d54c9cb1d85fd5194341753
     environment:
       - AWS_ACCESS_KEY_ID=dummy
       - AWS_SECRET_ACCESS_KEY=dummy
@@ -34,7 +34,7 @@ services:
       - ntw
   
   redis:
-    image: redis/redis-stack:7.2.0-v13
+    image: redis/redis-stack:7.2.0-v13@sha256:2b000b938e407d14acafa9b7affd4c5a94ceeec572b25b15dcef0d3a6c064d7e
     networks:
       - ntw
 
diff --git a/apps/chatbot/docker/compose.yaml b/apps/chatbot/docker/compose.yaml
index 7f83597df1..a94c2eeec2 100644
--- a/apps/chatbot/docker/compose.yaml
+++ b/apps/chatbot/docker/compose.yaml
@@ -20,7 +20,7 @@ services:
       - ntw
 
   dynamodb:
-    image: amazon/dynamodb-local:2.5.2
+    image: amazon/dynamodb-local:2.5.2@sha256:d7ebddeb60fa418bcda218a6c6a402a58441b2a20d54c9cb1d85fd5194341753
     environment:
       - AWS_ACCESS_KEY_ID=dummy
       - AWS_SECRET_ACCESS_KEY=dummy
@@ -31,7 +31,7 @@ services:
       - ntw
 
   redis:
-    image: redis/redis-stack:7.2.0-v13
+    image: redis/redis-stack:7.2.0-v13@sha256:2b000b938e407d14acafa9b7affd4c5a94ceeec572b25b15dcef0d3a6c064d7e
     ports:
       - "6379:6379"
       - "8001:8001"
diff --git a/apps/chatbot/load-test/docker-compose.yml b/apps/chatbot/load-test/docker-compose.yml
index a5625277be..99cdff973a 100644
--- a/apps/chatbot/load-test/docker-compose.yml
+++ b/apps/chatbot/load-test/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   master:
-    image: locustio/locust:2.32.1
+    image: locustio/locust:2.32.1@sha256:d0bd7649b89fb2ee981e382d6e9ae2932d898110707943ecff0ef108569b6a5f
     ports:
       - "8089:8089"
     volumes:
@@ -12,7 +12,7 @@ services:
       - "host.docker.internal:host-gateway"
 
   worker:
-    image: locustio/locust:2.32.1
+    image: locustio/locust:2.32.1@sha256:d0bd7649b89fb2ee981e382d6e9ae2932d898110707943ecff0ef108569b6a5f
     volumes:
       - ./:/mnt/locust
     command: -f /mnt/locust/locustfile.py --worker --master-host master