ci(deps): pin dependencies (#703)

This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | pinDigest | -> `a8a3f3a` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/actions/upload-artifact/badge)](https://securityscorecards.dev/viewer/?uri=github.com/actions/upload-artifact) | | [dawidd6/action-download-artifact](https://togithub.com/dawidd6/action-download-artifact) | action | pinDigest | -> `2686771` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/dawidd6/action-download-artifact/badge)](https://securityscorecards.dev/viewer/?uri=github.com/dawidd6/action-download-artifact) | | [googleapis/release-please-action](https://togithub.com/googleapis/release-please-action) | action | pinDigest | -> `a37ac6e` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/googleapis/release-please-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/googleapis/release-please-action) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).  Co-authored-by: mazi-renovate[bot] <161091290+mazi-renovate[bot]@users.noreply.github.com>
4m-mazi · May 14, 2024 · e57eaa8 · e57eaa8
1 parent ed1faa8
commit e57eaa8
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           app-id: ${{ secrets.MAZI_RELEASE_APP_ID }}
           private-key: ${{ secrets.MAZI_RELEASE_APP_PRIVATE_KEY }}
-      - uses: googleapis/[email protected]
+      - uses: googleapis/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0
         id: release
         with:
           token: ${{ steps.generate_token.outputs.token }}

diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -43,7 +43,7 @@ jobs:
       # cache wouldn't necessarily upload when it changes. actions/download-artifact also doesn't work
       # because it only handles artifacts uploaded in the same run, and we want to restore from the
       # previous successful run.
-      - uses: dawidd6/action-download-artifact@v2
+      - uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2
         if: github.event.inputs.repoCache != 'disabled'
         continue-on-error: true
         with:
@@ -92,7 +92,7 @@ jobs:
           # their full path, ultimately leading to a nested directory situation.
           # To solve *that*, we'd have to extract to root (/), which isn't safe.
           tar -czvf $cache_archive -C $cache_dir .
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
         if: github.event.inputs.repoCache != 'disabled'
         with:
           name: ${{ env.cache_key }}