From 1ebf2e9603e35b7e52edc0727ed9381e9a470208 Mon Sep 17 00:00:00 2001
From: Lam Nguyen <la.nguyen@f5.com>
Date: Tue, 23 Sep 2025 09:40:51 -0700
Subject: [PATCH 1/2] Security: Pin dep versions in workflows

---
 .github/workflows/biome-lint.yml | 2 +-
 .github/workflows/playwright.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/biome-lint.yml b/.github/workflows/biome-lint.yml
index 67eccc60..14f9157c 100644
--- a/.github/workflows/biome-lint.yml
+++ b/.github/workflows/biome-lint.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       # Checkout the repository so the workflow has access to the code
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       # Run the run-biome.sh script
       - name: Run run-biome.sh
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index f5282b7a..16236526 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -14,7 +14,7 @@ jobs:
         steps: 
           # Checkout the repository so the workflow has access to the code
           - name: Checkout code
-            uses: actions/checkout@v3
+            uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
           - name: Setup Hugo
             uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
             with:
@@ -30,7 +30,7 @@ jobs:
                 echo "Playwright tests failed. Please view the Playwright report to see full error."
                 exit 1
               fi
-          - uses: actions/upload-artifact@v4
+          - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
             id: artifact-upload
             if: ${{ !cancelled() && failure() && steps.test-ui.conclusion == 'failure' }}
             with:

From d101ace0c860da9bff6c0cf8c500971f9c80f15b Mon Sep 17 00:00:00 2001
From: Lam Nguyen <la.nguyen@f5.com>
Date: Tue, 23 Sep 2025 09:43:25 -0700
Subject: [PATCH 2/2] Security: Pin package.json versions

---
 tests/package-lock.json | 24 ++++++++++++------------
 tests/package.json      |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/tests/package-lock.json b/tests/package-lock.json
index ed364f1b..bd2cad20 100644
--- a/tests/package-lock.json
+++ b/tests/package-lock.json
@@ -8,17 +8,17 @@
       "name": "nginx-docs-theme-test",
       "version": "1.0.0",
       "devDependencies": {
-        "@playwright/test": "^1.48.0"
+        "@playwright/test": "1.48.0"
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.50.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.50.1.tgz",
-      "integrity": "sha512-Jii3aBg+CEDpgnuDxEp/h7BimHcUTDlpEtce89xEumlJ5ef2hqepZ+PWp1DDpYC/VO9fmWVI1IlEaoI5fK9FXQ==",
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.48.0.tgz",
+      "integrity": "sha512-W5lhqPUVPqhtc/ySvZI5Q8X2ztBOUgZ8LbAFy0JQgrXZs2xaILrUcNO3rQjwbLPfGK13+rZsDa1FpG+tqYkT5w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.50.1"
+        "playwright": "1.48.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -43,13 +43,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.50.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.50.1.tgz",
-      "integrity": "sha512-G8rwsOQJ63XG6BbKj2w5rHeavFjy5zynBA9zsJMMtBoe/Uf757oG12NXz6e6OirF7RCrTVAKFXbLmn1RbL7Qaw==",
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.48.0.tgz",
+      "integrity": "sha512-qPqFaMEHuY/ug8o0uteYJSRfMGFikhUysk8ZvAtfKmUK3kc/6oNl/y3EczF8OFGYIi/Ex2HspMfzYArk6+XQSA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.50.1"
+        "playwright-core": "1.48.0"
       },
       "bin": {
         "playwright": "cli.js"
@@ -62,9 +62,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.50.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.50.1.tgz",
-      "integrity": "sha512-ra9fsNWayuYumt+NiM069M6OkcRb1FZSK8bgi66AtpFoWkg2+y0bJSNmkFrWhMbEBbVKC/EruAHH3g0zmtwGmQ==",
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.48.0.tgz",
+      "integrity": "sha512-RBvzjM9rdpP7UUFrQzRwR8L/xR4HyC1QXMzGYTbf1vjw25/ya9NRAVnXi/0fvFopjebvyPzsmoK58xxeEOaVvA==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/tests/package.json b/tests/package.json
index c4e3dbfa..75cf054d 100644
--- a/tests/package.json
+++ b/tests/package.json
@@ -3,6 +3,6 @@
   "version": "1.0.0",
   "private": "true",
   "devDependencies": {
-    "@playwright/test": "^1.48.0"
+    "@playwright/test": "1.48.0"
   }
 }