fix: pin GitHub Actions to immutable SHA hashes to prevent supply chain attacks (#1088)

* chore: publish from staged * fix: pin GitHub Actions to immutable SHA hashes to prevent supply chain attacks Co-authored-by: simonkurtz-MSFT <84809797+simonkurtz-MSFT@users.noreply.github.com> * chore: publish from staged * Clean plugins * Clean plugins * Clean plugins * Fix gem-team plugin * Reset README.plugins.md --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-03-23 09:35:13 +00:00 · 2026-03-22 18:37:40 -05:00
parent 10e717202f
commit 919fdb3f8e
13 changed files with 52 additions and 50 deletions
--- a/.github/workflows/contributors.yml
+++ b/.github/workflows/contributors.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

@@ -25,7 +25,7 @@ jobs:
          echo "version=${NODE_VERSION}" >> "$GITHUB_OUTPUT"

      - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: ${{ steps.node-version.outputs.version }}

@@ -71,7 +71,7 @@ jobs:

      - name: Create Pull Request
        if: steps.verify-changed-files.outputs.changed == 'true'
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "docs: update contributors"