From f1f56b32bc63105d16bc673b58c0ff7192c0c38c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 10 Nov 2022 15:28:00 +0000 Subject: [PATCH] chore(deps): pin dependencies Signed-off-by: Renovate Bot --- .github/workflows/chromatic.yml | 4 ++-- .github/workflows/codeql.yml | 6 +++--- .github/workflows/codesee-arch-diagram.yml | 12 ++++++------ .github/workflows/cypress-steps.yml | 4 ++-- .github/workflows/jira.yml | 2 +- .github/workflows/labels.yml | 4 ++-- .github/workflows/lock.yml | 2 +- .github/workflows/pr-labels.yml | 2 +- .github/workflows/sonar-scan.yml | 2 +- .github/workflows/stale.yml | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index 0aadd717d7..bd3c0d515b 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -19,7 +19,7 @@ jobs: run: working-directory: packages/storybook steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 with: fetch-depth: 0 - name: Install dependencies @@ -27,7 +27,7 @@ jobs: # ๐Ÿ‘‡ Runs yarn in ./packages/storybook working-directory: packages/storybook - name: Publish to Chromatic - uses: chromaui/action@v1 + uses: chromaui/action@9f9e97cdc8598bb82e105073569d38527a7ac1f6 # v1 with: # ๐Ÿ‘‡ Runs Chromatic CLI in ./packages/storybook workingDir: packages/storybook diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4b5e310811..4acea69038 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -13,8 +13,8 @@ jobs: runs-on: ubuntu-latest steps: - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v3 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - name: ๐Ÿ— Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2 - name: ๐Ÿš€ Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2 diff --git a/.github/workflows/codesee-arch-diagram.yml b/.github/workflows/codesee-arch-diagram.yml index d6a4639f5f..5c09a467e5 100644 --- a/.github/workflows/codesee-arch-diagram.yml +++ b/.github/workflows/codesee-arch-diagram.yml @@ -16,7 +16,7 @@ jobs: steps: - name: checkout id: checkout - uses: actions/checkout@v3 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -28,7 +28,7 @@ jobs: uses: Codesee-io/codesee-detect-languages-action@latest - name: Configure JDK 16 - uses: actions/setup-java@v3 + uses: actions/setup-java@de1bb2b0c5634f0fc4438d7aa9944e68f9bf86cc # v3 if: ${{ fromJSON(steps.detect-languages.outputs.languages).java }} with: java-version: '16' @@ -37,27 +37,27 @@ jobs: # CodeSee Maps Go support uses a static binary so there's no setup step required. - name: Configure Node.js 14 - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 if: ${{ fromJSON(steps.detect-languages.outputs.languages).javascript }} with: node-version: '14' - name: Configure Python 3.x - uses: actions/setup-python@v4 + uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # v4 if: ${{ fromJSON(steps.detect-languages.outputs.languages).python }} with: python-version: '3.10' architecture: 'x64' - name: Configure Ruby '3.x' - uses: ruby/setup-ruby@v1.120.0 + uses: ruby/setup-ruby@8ddb7b3348b3951590db24c346e94ebafdabc926 # v1.121.0 if: ${{ fromJSON(steps.detect-languages.outputs.languages).ruby }} with: ruby-version: '3.0' # We need the rust toolchain because it uses rustc and cargo to inspect the package - name: Configure Rust 1.x stable - uses: actions-rs/toolchain@v1 + uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1 if: ${{ fromJSON(steps.detect-languages.outputs.languages).rust }} with: toolchain: stable diff --git a/.github/workflows/cypress-steps.yml b/.github/workflows/cypress-steps.yml index 50d0de7548..b8c8ad4a1c 100644 --- a/.github/workflows/cypress-steps.yml +++ b/.github/workflows/cypress-steps.yml @@ -5,11 +5,11 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - name: Install PNPM run: npm i -g pnpm - name: Cypress run - uses: cypress-io/github-action@v4.2.0 + uses: cypress-io/github-action@30008f1458a5a2c97054bfe118fe33d75976c482 # v4.2.0 with: command: npm run cypress:run:steps record: true diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml index 70722412f9..f22c9e5bcb 100644 --- a/.github/workflows/jira.yml +++ b/.github/workflows/jira.yml @@ -10,7 +10,7 @@ jobs: name: Create Jira Issue steps: - name: Login - uses: atlassian/gajira-login@v2.0.0 + uses: atlassian/gajira-login@90a599561baaf8c05b080645ed73db7391c246ed # v2.0.0 env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 5e847ded1f..d863eefb42 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -14,8 +14,8 @@ jobs: runs-on: ubuntu-latest steps: - name: โคต๏ธ Check out code from GitHub - uses: actions/checkout@v3 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - name: ๐Ÿš€ Run Label Syncer - uses: micnncim/action-label-syncer@v1.3.0 + uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index ba421e7724..2a3f8fe8d0 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -11,7 +11,7 @@ jobs: name: ๐Ÿ”’ Lock closed issues and PRs runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v3.0.0 + - uses: dessant/lock-threads@e460dfeb36e731f3aeb214be6b0c9a9d9a67eda6 # v3.0.0 with: github-token: ${{ github.token }} issue-inactive-days: '30' diff --git a/.github/workflows/pr-labels.yml b/.github/workflows/pr-labels.yml index dac53a085e..373eef91e9 100644 --- a/.github/workflows/pr-labels.yml +++ b/.github/workflows/pr-labels.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: ๐Ÿท Verify PR has a valid label - uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + uses: jesusvasquez333/verify-pr-label-action@657d111bbbe13e22bbd55870f1813c699bde1401 # v1.4.0 with: github-token: '${{ secrets.GITHUB_TOKEN }}' valid-labels: >- diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml index d66940fbda..27516855b6 100644 --- a/.github/workflows/sonar-scan.yml +++ b/.github/workflows/sonar-scan.yml @@ -10,7 +10,7 @@ jobs: name: SonarCloud runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: SonarCloud Scan diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9acc837fa5..a2f9ebf69e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: ๐Ÿš€ Run stale - uses: actions/stale@v6 + uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # v6 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30