SEC-090: Automated trusted workflow pinning (2023-08-02) (#11)

hashicorp-tsccr[bot] · web-flow · commit 9981de5632e1 · 2023-08-02T11:48:03.000+02:00
Co-authored-by: hashicorp-tsccr[bot] &lt;hashicorp-tsccr[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -19,13 +19,13 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           fetch-depth: 1
 
       # see https://github.com/snyk/actions/tree/master/node
       - name: Lint Code with Snyk
-        uses: snyk/actions/node@master # TSCCR: no entry for repository "snyk/actions"
+        uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0
         env:
           # see https://github.com/snyk/actions#getting-your-snyk-token
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -35,6 +35,6 @@ jobs:
 
       # see https://github.com/github/codeql-action/tree/main/upload-sarif
       - name: Upload Snyk IaC results to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2
+        uses: github/codeql-action/upload-sarif@85c77f1dfc42a47cc98299e8779c151d2159b120 # codeql-bundle-v2.14.0
         with:
           sarif_file: snyk.sarif
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
@@ -10,13 +10,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
 
       - name: Lint Code with Super-Linter
-        uses: github/super-linter@454ba4482ce2cd0c505bc592e83c06e1e37ade61 # v4.10.1
+        uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0
         env:
           VALIDATE_ALL_CODEBASE: true
           DEFAULT_BRANCH: "main"
diff --git a/.github/workflows/typescript.yml b/.github/workflows/typescript.yml
@@ -18,12 +18,12 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           fetch-depth: 1
 
       - name: Set up Node.js
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
