StepSecurity Bot 2154c13865 Pin actions to commit SHA (#10204) ... ## Summary This pull request is created by [Secure Repo](https://app.stepsecurity.io/securerepo) at the request of @zwass. Please merge the Pull Request to incorporate the requested changes. Please tag @zwass on your message if you have any questions related to the PR. You can also engage with the [StepSecurity](https://github.com/step-security) team by tagging @step-security-bot. ## Security Fixes ### Pinned Dependencies GitHub Action tags and Docker tags are mutable. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit. - [GitHub Security Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo). To create such PRs, please visit https://app.stepsecurity.io/securerepo. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>		2023-02-28 17:55:38 -08:00
..
ISSUE_TEMPLATE	tweaks and rename issue templae (#9970)	2023-02-21 02:32:11 -06:00
scripts	Check whether the infra dependencies are ready before E2E test (#870)	2021-06-02 16:56:44 -07:00
workflows	Pin actions to commit SHA (#10204)	2023-02-28 17:55:38 -08:00
dependabot.yml	Disable dependabot version updates for npm (#7697)	2022-09-13 10:17:40 -03:00
pull_request_template.md	update pull request template with link to docs on changes (#8400)	2022-10-21 11:34:44 -06:00