diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml index 5f999cec..056dd48e 100644 --- a/.github/workflows/_test.yml +++ b/.github/workflows/_test.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout securesystemslib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 05137400..611a879d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -19,7 +19,7 @@ jobs: needs: test steps: - name: Checkout release tag - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: ${{ github.event.workflow_run.head_branch }} @@ -54,7 +54,7 @@ jobs: release_id: ${{ steps.gh-release.outputs.result }} steps: - name: Fetch build artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: build-artifacts path: dist @@ -98,7 +98,7 @@ jobs: id-token: write # to authenticate as Trusted Publisher to pypi.org steps: - name: Fetch build artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: build-artifacts path: dist diff --git a/.github/workflows/check-upstream-ed25519.yml b/.github/workflows/check-upstream-ed25519.yml index 48480e21..963ced5d 100644 --- a/.github/workflows/check-upstream-ed25519.yml +++ b/.github/workflows/check-upstream-ed25519.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false - name: Test if ed25519 upstream main HEAD is what we expect diff --git a/.github/workflows/test-kms-aws.yml b/.github/workflows/test-kms-aws.yml index 6b9c2992..946c8604 100644 --- a/.github/workflows/test-kms-aws.yml +++ b/.github/workflows/test-kms-aws.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Checkout securesystemslib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false diff --git a/.github/workflows/test-kms.yml b/.github/workflows/test-kms.yml index 4ac45ef3..fac70f13 100644 --- a/.github/workflows/test-kms.yml +++ b/.github/workflows/test-kms.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout securesystemslib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false diff --git a/.github/workflows/test-sigstore.yml b/.github/workflows/test-sigstore.yml index 9da0de62..6422faad 100644 --- a/.github/workflows/test-sigstore.yml +++ b/.github/workflows/test-sigstore.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout securesystemslib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false diff --git a/.github/workflows/test-vault.yaml b/.github/workflows/test-vault.yaml index 0fe3fd22..1e9bdec5 100644 --- a/.github/workflows/test-vault.yaml +++ b/.github/workflows/test-vault.yaml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Checkout securesystemslib - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: false