From b8f81dede502a4b6dbcd1787d6a35008e8d3e5be Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Sun, 17 Dec 2023 17:01:17 -0800
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#3759)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/cifuzz.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index f87899d08d9c..ae2d6b2ada9f 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -10,13 +10,13 @@ jobs:
     steps:
     - name: Build Fuzzers
       id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@061583ebb5a96653e42feb3a97ee513eedc18078 # master
       with:
         oss-fuzz-project-name: 'fmt'
         dry-run: false
         language: c++
     - name: Run Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@061583ebb5a96653e42feb3a97ee513eedc18078 # master
       with:
         oss-fuzz-project-name: 'fmt'
         fuzz-seconds: 300