From 48f1616b77ede02e8de75a98980359e4d41f517c Mon Sep 17 00:00:00 2001
From: Boosted-Bonobo <boostedbonobo1@outlook.com>
Date: Mon, 15 Dec 2025 12:17:06 +0200
Subject: [PATCH] pin github actions

---
 .github/workflows/basic-validation.yml    | 6 +++---
 .github/workflows/check-dist.yml          | 6 +++---
 .github/workflows/codeql-analysis.yml     | 8 ++++----
 .github/workflows/licensed.yml            | 4 ++--
 .github/workflows/update-config-files.yml | 6 +++---
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/basic-validation.yml b/.github/workflows/basic-validation.yml
index 810dd45..e0176fc 100644
--- a/.github/workflows/basic-validation.yml
+++ b/.github/workflows/basic-validation.yml
@@ -40,10 +40,10 @@ jobs:
         operating-systems: ${{fromJson(inputs.operating-systems)}}
     steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
     - name: Setup Node.js ${{inputs.node-version}}
-      uses: actions/setup-node@v6
+      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
       with:
         node-version: ${{inputs.node-version}}
         cache: ${{inputs.node-caching}}
@@ -65,4 +65,4 @@ jobs:
 
     - name: Audit packages
       run: npm audit --audit-level=high
-      if: ${{inputs.enable-audit}}
\ No newline at end of file
+      if: ${{inputs.enable-audit}}
diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index 9b19a07..2f27798 100644
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -29,10 +29,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
       - name: Setup Node.js ${{inputs.node-version}}
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: ${{inputs.node-version}}
           cache: ${{inputs.node-caching}}
@@ -55,7 +55,7 @@ jobs:
       # If inners of the dist directory were different than expected, upload the expected version as an artifact
       - name: Upload artifact
         if: ${{failure() && steps.diff.conclusion == 'failure'}}
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: dist
           path: ${{inputs.dist-path}}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index da0ed20..2176c72 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -37,11 +37,11 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
       with:
         languages: ${{matrix.language}}
         config-file: ${{inputs.codeql-cfg-path}}
@@ -50,7 +50,7 @@ jobs:
     # If this step fails, configure a build command manually using build-command input. This command will be executed in the corresponding step.
     - name: Autobuild
       if: ${{!inputs.build-command}}
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
 
     - name: Manual build
       if: ${{inputs.build-command}}
@@ -58,4 +58,4 @@ jobs:
         ${{inputs.build-command}}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml
index 61f4415..e07fbce 100644
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
       - name: Install dependencies
         run: npm ci --ignore-scripts
@@ -26,4 +26,4 @@ jobs:
           sudo mv licensed /usr/local/bin/licensed
 
       - name: Check cached dependency records
-        run: licensed status
\ No newline at end of file
+        run: licensed status
diff --git a/.github/workflows/update-config-files.yml b/.github/workflows/update-config-files.yml
index 03b1572..982bae1 100644
--- a/.github/workflows/update-config-files.yml
+++ b/.github/workflows/update-config-files.yml
@@ -32,13 +32,13 @@ jobs:
     runs-on: "ubuntu-latest"
     steps:
       - name: Checkout ${{github.repository}} repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           ref: "${{inputs.base-pr-branch}}"
           path: "target"
 
       - name: Checkout actions/reusable-workflows repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
         with:
           repository: "actions/reusable-workflows"
           ref: "main"
@@ -84,7 +84,7 @@ jobs:
 
       - name: Install Node.js
         if: ${{ steps.successful-update.outputs.STATUS == 'true' }}
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           node-version: 24