Skip to content

Commit 7e5b712

Browse files
committed
chore: add missed SHA pins (pinact silently no-op'd; using own resolver)
The original campaign run used pinact 4.0.0 which silently failed to pin third-party refs in this PR (transient API issue, zero exit code, no diff). This commit adds the missed pins using our own gh-api-backed resolver (see gha-security-audit/pin_resolver.py + test_pin_resolver.py). Tracking: DEVPROD-1072
1 parent 7064aa7 commit 7e5b712

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

.github/workflows/gradle-wrapper-validation.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,4 @@ jobs:
77
runs-on: ubuntu-latest
88
steps:
99
- uses: actions/checkout@v4
10-
- uses: gradle/actions/wrapper-validation@v4
10+
- uses: gradle/actions/wrapper-validation@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4

.github/workflows/submit-gradle-dependencies.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,4 @@ jobs:
1616
distribution: 'temurin'
1717
java-version: '17'
1818
- name: Setup Gradle to generate and submit dependency graphs
19-
uses: gradle/actions/dependency-submission@v4
19+
uses: gradle/actions/dependency-submission@48b5f213c81028ace310571dc5ec0fbbca0b2947 # v4

0 commit comments

Comments
 (0)