From 369c2f9da548f1eb171017cb8d1c5fd82b5de4e3 Mon Sep 17 00:00:00 2001
From: Suneha Bose <suneha.bose@gmail.com>
Date: Fri, 28 Feb 2025 12:04:09 -0800
Subject: [PATCH] pin dependencies

---
 .github/workflows/ci-go.yml                | 14 +++++++-------
 .github/workflows/ci-guardrailpolicies.yml |  2 +-
 .github/workflows/ci-python.yml            |  2 +-
 .github/workflows/codeql-analysis.yml      | 10 +++++-----
 .github/workflows/maintenance.yml          |  2 +-
 .github/workflows/npm-audit.yml            |  8 ++++----
 .github/workflows/release-note.yml         |  4 ++--
 .github/workflows/yamllint.yml             |  4 ++--
 8 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml
index b7ad23124de..056d184cc87 100644
--- a/.github/workflows/ci-go.yml
+++ b/.github/workflows/ci-go.yml
@@ -18,7 +18,7 @@ jobs:
       image: registry.access.redhat.com/ubi8/go-toolset:1.22.9-2
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
     - name: Add GOBIN to PATH
       run: |
         echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
@@ -32,7 +32,7 @@ jobs:
       image: registry.access.redhat.com/ubi8/go-toolset:1.22.9-2
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
     - name: Add GOBIN to PATH
       run: |
         echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
@@ -46,15 +46,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # pin@v5
       with:
         go-version-file: go.mod
 
     - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@v6
+      uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # pin@v6
       with:
         version: v1.64.5
         args: -v --timeout 15m
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # pin@v5
       with:
         go-version-file: go.mod
 
diff --git a/.github/workflows/ci-guardrailpolicies.yml b/.github/workflows/ci-guardrailpolicies.yml
index 75913492dce..5f81aaa7f5e 100644
--- a/.github/workflows/ci-guardrailpolicies.yml
+++ b/.github/workflows/ci-guardrailpolicies.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: Install opa binary
       run: |
diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml
index 395424deb22..21807600e38 100644
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -19,7 +19,7 @@ jobs:
       image: registry.access.redhat.com/ubi8/python-311:latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
       - name: validate
         run: |
           make test-python
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0db5adc16f3..faf58905e5a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -36,24 +36,24 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: Set up Go
       if: matrix.language == 'go'
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # pin@v5
       with:
         go-version-file: go.mod
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # pin@v3
       with:
         languages: ${{ matrix.language }}
         config-file: ./.github/codeql/codeql-config-${{matrix.language}}.yml
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # pin@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # pin@v3
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml
index e8b3501379a..4a13f1530b0 100644
--- a/.github/workflows/maintenance.yml
+++ b/.github/workflows/maintenance.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check if prs are dirty
-        uses: eps1lon/actions-label-merge-conflict@releases/2.x
+        uses: eps1lon/actions-label-merge-conflict@fd1f295ee7443d13745804bc49fe158e240f6c6e # pin@releases/2.x
         with:
           dirtyLabel: needs-rebase
           removeOnDirtyLabel: ready-for-review
diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml
index f671fa18d76..5140f5a7933 100644
--- a/.github/workflows/npm-audit.yml
+++ b/.github/workflows/npm-audit.yml
@@ -17,10 +17,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: setup Node.JS
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # pin@v4
       with:
         node-version: 16.16.0
 
@@ -33,10 +33,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: setup Node.JS
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # pin@v4
       with:
         node-version: 16.16.0
 
diff --git a/.github/workflows/release-note.yml b/.github/workflows/release-note.yml
index 2ed5de5146e..925d5421227 100644
--- a/.github/workflows/release-note.yml
+++ b/.github/workflows/release-note.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
       with:
         ref: ${{ github.ref }}
         fetch-depth: 0
@@ -25,7 +25,7 @@ jobs:
       run: ./.github/generate_release_note.sh ${{ github.workspace }}/CHANGELOG.txt
 
     - name: Release
-      uses: softprops/action-gh-release@v2
+      uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # pin@v2
       with:
         body_path: ${{ github.workspace }}/CHANGELOG.txt
         name: Release ${{ github.ref_name }}
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
index aa7301a9ff7..a92d561363c 100644
--- a/.github/workflows/yamllint.yml
+++ b/.github/workflows/yamllint.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v4
 
     - name: yamllint
-      uses: oxsecurity/megalinter/flavors/ci_light@v8
+      uses: oxsecurity/megalinter/flavors/ci_light@ec124f7998718d79379a3c5b39f5359952baf21d # pin@v8