From b850765695e1cbad20a54beb4fea9db0fa76876f Mon Sep 17 00:00:00 2001 From: mpgn <5891788+mpgn@users.noreply.github.com> Date: Fri, 3 Apr 2026 13:19:17 +0200 Subject: [PATCH] security: fix zizmor workflow findings --- .github/workflows/dotnetcore.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dotnetcore.yml b/.github/workflows/dotnetcore.yml index 7646aee..75541fe 100644 --- a/.github/workflows/dotnetcore.yml +++ b/.github/workflows/dotnetcore.yml @@ -12,7 +12,7 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - run: git fetch --prune --unshallow - name: Dump globals @@ -26,13 +26,13 @@ jobs: GLOBAL_STEPS: ${{ toJson(steps) }} - name: Install GitVersion - uses: gittools/actions/gitversion/setup@v1.1.1 + uses: gittools/actions/gitversion/setup@8d68520cde93ca9226ee0e09870caaca033d2cd2 # v1.1.1 with: versionSpec: '5.12.0' - name: Use GitVersion id: gitversion # step id used as reference for output values - uses: gittools/actions/gitversion/execute@v1.1.1 + uses: gittools/actions/gitversion/execute@8d68520cde93ca9226ee0e09870caaca033d2cd2 # v1.1.1 - name: LocalDB run: | @@ -79,14 +79,14 @@ jobs: - name: Get release if: startsWith(github.ref, 'refs/tags/') id: get_release - uses: bruceadams/get-release@v1.2.2 + uses: bruceadams/get-release@f589ce0779c7bef1faf175f7488c972eb47dc046 # v1.2.2 env: GITHUB_TOKEN: ${{ github.token }} - name: Upload Release Asset if: startsWith(github.ref, 'refs/tags/') id: upload-release-asset - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: