chore(deps): bump the github-actions-dependencies group across 1 directory with 3 updates

.github/workflows/__greetings.yml

@@ -13,4 +13,4 @@ permissions:
 
 jobs:
   greetings:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0

.github/workflows/__main-ci.yml

@@ -25,7 +25,7 @@ jobs:
 
   release:
     needs: ci
-    uses: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml@0.3.2
+    uses: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml@c4cef36590a837182788f2e1b02dee17a3647be6 # 0.4.0
     with:
       update-all: ${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' }}
       github-app-id: ${{ vars.CI_BOT_APP_ID }}

.github/workflows/__need-fix-to-issue.yml

@@ -20,7 +20,7 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
     with:
       manual-commit-ref: ${{ inputs.manual-commit-ref }}
       manual-base-ref: ${{ inputs.manual-base-ref }}

.github/workflows/__shared-ci.yml

@@ -12,7 +12,7 @@ permissions:
 
 jobs:
   linter:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
 
   test-action-get-package-manager:
     name: Test action "get-package-manager"

.github/workflows/__stale.yml

@@ -10,4 +10,4 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0

.github/workflows/__test-action-get-package-manager.yml

@@ -11,7 +11,7 @@ jobs:
     name: Tests with Yarn package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: rm -f package-lock.json
 
@@ -29,7 +29,7 @@ jobs:
     name: Tests with Npm package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: rm -f yarn.lock
 

.github/workflows/__test-action-has-installed-dependencies.yml

@@ -11,7 +11,7 @@ jobs:
     name: Tests with Yarn package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: rm -f package-lock.json
 
@@ -29,7 +29,7 @@ jobs:
             unknown
 
       - name: Check "has-installed-dependencies" outputs
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
@@ -64,7 +64,7 @@ jobs:
     name: Tests with Npm package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: rm -f yarn.lock
 
@@ -81,7 +81,7 @@ jobs:
             unknown
 
       - name: Check "has-installed-dependencies" outputs
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             // jscpd:ignore-start

.github/workflows/__test-action-setup-node.yml

@@ -11,7 +11,7 @@ jobs:
     name: Tests with Yarn package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: |
           rm -f package-lock.json
@@ -31,7 +31,7 @@ jobs:
     name: Tests with Npm package manager
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - run: |
           rm -f yarn.lock

.github/workflows/__test-workflow-continuous-integration.yml

@@ -24,8 +24,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: act
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           name: build
           path: "/"

.github/workflows/continuous-integration.md

@@ -101,7 +101,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.2.2
 
       - name: Setup NodeJS
         uses: hoverkraft-tech/ci-github-nodejs/actions/[email protected]

.github/workflows/continuous-integration.yml

@@ -61,11 +61,11 @@ jobs:
       security-events: write
     runs-on: "ubuntu-latest"
     steps:
-      - uses: hoverkraft-tech/ci-github-common/actions/checkout@0.18.0
-      - uses: github/codeql-action/[email protected].12
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
+      - uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
         with:
           languages: ${{ inputs.code-ql }}
-      - uses: github/codeql-action/[email protected].12
+      - uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13
 
   dependency-review:
     name: 🛡️ Dependency Review
@@ -74,8 +74,8 @@ jobs:
       contents: read
     runs-on: "ubuntu-latest"
     steps:
-      - uses: hoverkraft-tech/ci-github-common/actions/checkout@0.18.0
-      - uses: actions/dependency-review-action@v4
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
+      - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
 
   setup:
     name: ⚙️ Setup
@@ -88,13 +88,13 @@ jobs:
       build-commands: ${{ steps.build-variables.outputs.commands }}
       build-artifact: ${{ steps.build-variables.outputs.artifact }}
     steps:
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
+
       # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       # jscpd:ignore-start
-      - uses: hoverkraft-tech/ci-github-common/actions/[email protected]
-
       - id: oidc
-        uses: ChristopherHX/oidc@v3
-      - uses: actions/checkout@v4 # checks out called workflow
+        uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: ./self-workflow
           repository: ${{ steps.oidc.outputs.job_workflow_repo_name_and_owner }}
@@ -106,7 +106,7 @@ jobs:
 
       - id: build-variables
         if: inputs.build != ''
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const buildInput = `${{ inputs.build }}`.trim();
@@ -161,12 +161,12 @@ jobs:
       contents: read
       id-token: write
     steps:
-      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
-      - uses: hoverkraft-tech/ci-github-common/actions/[email protected]
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
 
+      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
-        uses: ChristopherHX/oidc@v3
-      - uses: actions/checkout@v4 # checks out called workflow
+        uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: ./self-workflow
           repository: ${{ steps.oidc.outputs.job_workflow_repo_name_and_owner }}
@@ -190,19 +190,19 @@ jobs:
     runs-on: "ubuntu-latest"
     needs: setup
     # jscpd:ignore-start
-    # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
     permissions:
+      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       contents: read
       id-token: write
     steps:
-      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
-      - uses: hoverkraft-tech/ci-github-common/actions/[email protected]
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
         if: needs.setup.outputs.build-commands
 
+      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
         if: needs.setup.outputs.build-commands
-        uses: ChristopherHX/oidc@v3
-      - uses: actions/checkout@v4 # checks out called workflow
+        uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         if: needs.setup.outputs.build-commands
         with:
           path: ./self-workflow
@@ -239,7 +239,7 @@ jobs:
           NX_REJECT_UNKNOWN_LOCAL_CACHE: "0"
 
       - if: needs.setup.outputs.build-commands && needs.setup.outputs.build-artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: build
           path: ${{ needs.setup.outputs.build-artifact }}
@@ -256,18 +256,17 @@ jobs:
       contents: read
       id-token: write
     steps:
-      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
-      - uses: hoverkraft-tech/ci-github-common/actions/[email protected]
+      - uses: hoverkraft-tech/ci-github-common/actions/checkout@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
 
       - if: needs.setup.outputs.build-artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
         with:
           name: build
           path: "/"
-
+      # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
       - id: oidc
-        uses: ChristopherHX/oidc@v3
-      - uses: actions/checkout@v4 # checks out called workflow
+        uses: ChristopherHX/oidc@73eee1ff03fdfce10eda179f617131532209edbd # v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           path: ./self-workflow
           repository: ${{ steps.oidc.outputs.job_workflow_repo_name_and_owner }}
@@ -287,7 +286,7 @@ jobs:
 
       - name: 📊 Code coverage
         if: inputs.coverage == 'codecov'
-        uses: codecov/[email protected]
+        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
         with:
           use_oidc: true
           disable_telem: true

actions/dependencies-cache/action.yml

@@ -29,7 +29,7 @@ runs:
 
     - name: ♻️ NX cache
       if: fromJson(steps.has-installed-dependencies.outputs.installed-dependencies).nx == true
-      uses: actions/[email protected]
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: node_modules/.cache/nx
         key: ${{ runner.os }}-cache-nx-${{ github.sha }}
@@ -38,7 +38,7 @@ runs:
 
     - name: ♻️ Prettier cache
       if: fromJson(steps.has-installed-dependencies.outputs.installed-dependencies).prettier == true
-      uses: actions/[email protected]
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: node_modules/.cache/prettier
         key: ${{ runner.os }}-cache-prettier-${{ github.sha }}
@@ -47,7 +47,7 @@ runs:
 
     - name: ♻️ Gatsby cache
       if: fromJson(steps.has-installed-dependencies.outputs.installed-dependencies).gatsby == true
-      uses: actions/[email protected]
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: |
           .cache
@@ -58,7 +58,7 @@ runs:
 
     - name: ♻️ Storybook cache
       if: fromJson(steps.has-installed-dependencies.outputs.installed-dependencies).storybook == true
-      uses: actions/[email protected]
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: node_modules/.cache/storybook
         key: ${{ runner.os }}-cache-storybook-${{ github.sha }}
@@ -75,7 +75,7 @@ runs:
 
     - name: ♻️ Test cache
       if: steps.jest-cache-dir-path.outputs.dir
-      uses: actions/[email protected]
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
       with:
         path: ${{ steps.jest-cache-dir-path.outputs.dir }}
         key: ${{ runner.os }}-test-${{ github.sha }}

actions/has-installed-dependencies/action.yml

@@ -32,7 +32,7 @@ runs:
         rm -fr ./self-actions
 
     - id: has-dependencies
-      uses: actions/[email protected]
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       with:
         script: |
           const dependenciesPatterns = {

actions/setup-node/action.yml

@@ -39,7 +39,7 @@ runs:
           exit 0
         fi
 
-    - uses: actions/[email protected]
+    - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
       with:
         node-version-file: ${{ steps.get-node-version-file.outputs.node-version-file }}
         cache: ${{ steps.get-package-manager.outputs.package-manager }}