[StepSecurity] Apply security best practices

stepsecurity-app[bot] · web-flow · commit c61acedb18ac · 2026-02-05T20:14:19.000Z
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml
@@ -37,6 +37,6 @@ jobs:
           echo "files=${yamls[*]}" >> "${GITHUB_OUTPUT}"
 
       - name: Action lint
-        uses: reviewdog/action-actionlint@95395aac8c053577d0bc67eb7b74936c660c6f66 # v1.67.0
+        uses: step-security/action-actionlint@d364e70a116a460ed220d67b1ca2f2579c48a40a # v1.69.1
         with:
           actionlint_flags: ${{ steps.get_yamls.outputs.files }}
diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml
@@ -122,13 +122,13 @@ jobs:
       - uses: chainguard-dev/actions/eof-newline@cd899cc96227b82170571cad1c3d6378d8cba678 # v1.4.15
         if: ${{ always() }}
 
-      - uses: reviewdog/action-tflint@54a5e5aed57dcfbb4662ec548de876df33d6288d # v1.25.0
+      - uses: step-security/action-tflint@15c8d1fff9c8c2f40157254897d99ef4bb0c5e5d # v1.24.2
         if: ${{ always() }}
         with:
           github_token: ${{ secrets.github_token }}
           fail_level: warning
 
-      - uses: reviewdog/action-misspell@9daa94af4357dddb6fd3775de806bc0a8e98d3e4 # v1.26.3
+      - uses: step-security/action-misspell@185febccfc9a0598c17a34b579cc7e64a54afc6d # v1.27.1
         if: ${{ always() }}
         with:
           github_token: ${{ secrets.github_token }}
@@ -139,7 +139,7 @@ jobs:
             **/third_party/**
             ./*.yml
 
-      - uses: get-woke/woke-action-reviewdog@d71fd0115146a01c3181439ce714e21a69d75e31 # v0
+      - uses: step-security/woke-action-reviewdog@950b04a91ab83c38de67275fe6190a4eb977f261 # v0.1.1
         if: ${{ always() }}
         with:
           github-token: ${{ secrets.github_token }}
