Pin non-GitHub actions to full sha

kingthorin · web-flow · commit ff39598e4881 · 2024-12-04T08:20:43.000-05:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,7 +6,7 @@ updates:
   - package-ecosystem: "github-actions" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
-      interval: "weekly"
+      interval: "daily"
     groups:
       dependencies:
         applies-to: version-updates
diff --git a/.github/workflows/build-ebooks.yml b/.github/workflows/build-ebooks.yml
@@ -52,7 +52,7 @@ jobs:
     - name: Create Release
       if: github.event_name == 'push'
       id: create_release
-      uses: ncipollo/release-action@v1.14.0
+      uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
       with:
         name: Release ${{ steps.vars.outputs.tag }}
         artifacts: "./build/wstg-${{ steps.vars.outputs.tag }}.pdf, ./build/wstg-${{ steps.vars.outputs.tag }}.epub"
diff --git a/.github/workflows/md-link-check.yml b/.github/workflows/md-link-check.yml
@@ -32,7 +32,7 @@ jobs:
     - name: Changed Files Exporter
       if: github.event_name == 'pull_request'
       id: files
-      uses: umani/changed-files@v4.2.0
+      uses: umani/changed-files@d7f842d11479940a6036e3aacc6d35523e6ba978 # v4.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
     - name: PR link check
diff --git a/.github/workflows/md-textlint-check.yml b/.github/workflows/md-textlint-check.yml
@@ -41,7 +41,7 @@ jobs:
         npm install -g textlint-rule-terminology
     - name: Changed Files Exporter
       id: files
-      uses: umani/changed-files@v4.2.0
+      uses: umani/changed-files@d7f842d11479940a6036e3aacc6d35523e6ba978 # v4.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         pattern: '^.*\.(md)$'
