diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 97d5e3b7..ae6e38ac 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,7 @@ jobs: build: # make sure build/ci work properly and there is no faked build ncc built scripts runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - run: npm ci - run: npm run package - run: git status --porcelain @@ -30,7 +30,7 @@ jobs: os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: ./ @@ -60,7 +60,7 @@ jobs: ports: - 5000:5000 steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Build images run: | for distro in alpine centos debian; do @@ -73,7 +73,7 @@ jobs: test-as-action: # make sure the action works on a clean machine without building runs-on: ubuntu-latest steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: ./ diff --git a/.github/workflows/update-syft-release.yml b/.github/workflows/update-syft-release.yml index 78a043fc..9183eb4f 100644 --- a/.github/workflows/update-syft-release.yml +++ b/.github/workflows/update-syft-release.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'anchore/sbom-action' steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Get latest Syft version id: latest-version env: