From 007a44ef9f323b14dc43949348e2ae6f47f203c1 Mon Sep 17 00:00:00 2001
From: Boosted-Bonobo <boostedbonobo1@outlook.com>
Date: Mon, 15 Dec 2025 12:57:53 +0200
Subject: [PATCH] pin github actions

---
 .github/workflows/check-dist.yml              |  6 +++---
 .github/workflows/codeql-analysis.yml         |  8 ++++----
 .github/workflows/licensed.yml                |  2 +-
 .../workflows/publish-immutable-actions.yml   |  4 ++--
 .../workflows/release-new-action-version.yml  |  2 +-
 .github/workflows/test.yml                    | 20 +++++++++----------
 6 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index dec03b65..06789fd8 100644
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -22,10 +22,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: Setup Node 20
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 20.x
           cache: 'npm'
@@ -46,7 +46,7 @@ jobs:
         id: diff
 
       # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0ee0f279..e78be262 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -17,11 +17,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@f47c8e6a9bd05ef3ee422fc8d8663be7fe4bdc61 # v3.31.8
diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml
index 6c8fe65d..8a8a40bc 100644
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Check licenses
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - run: npm ci
       - name: Install licensed
         run: |
diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml
index 87c02072..2e09eb98 100644
--- a/.github/workflows/publish-immutable-actions.yml
+++ b/.github/workflows/publish-immutable-actions.yml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checking out
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: Publish
         id: publish
-        uses: actions/publish-immutable-action@0.0.3
+        uses: actions/publish-immutable-action@4b1aa5c1cde5fedc80d52746c9546cb5560e5f53 # v0.0.3
diff --git a/.github/workflows/release-new-action-version.yml b/.github/workflows/release-new-action-version.yml
index 0b64c97f..ef73408b 100644
--- a/.github/workflows/release-new-action-version.yml
+++ b/.github/workflows/release-new-action-version.yml
@@ -22,7 +22,7 @@ jobs:
     steps:
     - name: Update the ${{ env.TAG_NAME }} tag
       id: update-major-tag
-      uses: actions/publish-action@v0.3.0
+      uses: actions/publish-action@f784495ce78a41bac4ed7e34a73f0034015764bb # v0.3.0
       with:
         source-tag: ${{ env.TAG_NAME }}
         slack-webhook: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 273baa9c..188f36c8 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,10 +23,10 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
     - name: Setup Node 20
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version: 20.x
         cache: 'npm'
@@ -94,7 +94,7 @@ jobs:
 
     # Download Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: 'Artifact-A-${{ matrix.runs-on }}'
         path: some/new/path
@@ -114,7 +114,7 @@ jobs:
 
     # Download Artifact #2 and verify the correctness of the content
     - name: 'Download artifact #2'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: 'Artifact-Wildcard-${{ matrix.runs-on }}'
         path: some/other/path
@@ -135,7 +135,7 @@ jobs:
 
     # Download Artifact #4 and verify the correctness of the content
     - name: 'Download artifact #4'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: 'Multi-Path-Artifact-${{ matrix.runs-on }}'
         path: multi/artifact
@@ -155,7 +155,7 @@ jobs:
       shell: pwsh
 
     - name: 'Download symlinked artifact'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: 'Symlinked-Artifact-${{ matrix.runs-on }}'
         path: from/symlink
@@ -196,7 +196,7 @@ jobs:
 
     # Download replaced Artifact #1 and verify the correctness of the content
     - name: 'Download artifact #1 again'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: 'Artifact-A-${{ matrix.runs-on }}'
         path: overwrite/some/new/path
@@ -220,7 +220,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
     # Merge all artifacts from previous jobs
     - name: Merge all artifacts in run
@@ -230,7 +230,7 @@ jobs:
         # easier to identify each of the merged artifacts
         separate-directories: true
     - name: 'Download merged artifacts'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: merged-artifacts
         path: all-merged-artifacts
@@ -266,7 +266,7 @@ jobs:
 
     # Download merged artifacts and verify the correctness of the content
     - name: 'Download merged artifacts'
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
       with:
         name: Merged-Artifact-As
         path: merged-artifact-a