]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 17fbed2)
GHA: pin dependencies
authorrenovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Wed, 15 May 2024 09:39:30 +0000 (09:39 +0000)
committerDaniel Stenberg <daniel@haxx.se>
Wed, 15 May 2024 11:35:45 +0000 (13:35 +0200)
Closes #13628

24 files changed:
.github/workflows/awslc.yml patch | blob | blame | history
.github/workflows/codeql-analysis.yml patch | blob | blame | history
.github/workflows/codespell.yml patch | blob | blame | history
.github/workflows/configure-vs-cmake.yml patch | blob | blame | history
.github/workflows/curl-for-win.yml patch | blob | blame | history
.github/workflows/distcheck.yml patch | blob | blame | history
.github/workflows/hacktoberfest-accepted.yml patch | blob | blame | history
.github/workflows/label.yml patch | blob | blame | history
.github/workflows/linkcheck.yml patch | blob | blame | history
.github/workflows/linux-old.yml patch | blob | blame | history
.github/workflows/linux.yml patch | blob | blame | history
.github/workflows/linux32.yml patch | blob | blame | history
.github/workflows/macos.yml patch | blob | blame | history
.github/workflows/man-examples.yml patch | blob | blame | history
.github/workflows/ngtcp2-linux.yml patch | blob | blame | history
.github/workflows/osslq-linux.yml patch | blob | blame | history
.github/workflows/proselint.yml patch | blob | blame | history
.github/workflows/quiche-linux.yml patch | blob | blame | history
.github/workflows/reuse.yml patch | blob | blame | history
.github/workflows/shellcheck.yml patch | blob | blame | history
.github/workflows/spellcheck.yml patch | blob | blame | history
.github/workflows/synopsis.yml patch | blob | blame | history
.github/workflows/torture.yml patch | blob | blame | history
.github/workflows/wolfssl.yml patch | blob | blame | history

diff --git a/.github/workflows/awslc.yml b/.github/workflows/awslc.yml
index e49b0f0635877d706ee1c574a416d41eda3bb283..f8a1246c0bb609c53e9a9aa12984eb757251aa3f 100644 (file)
--- a/.github/workflows/awslc.yml
+++ b/.github/workflows/awslc.yml
@@ -63,7 +63,7 @@ jobs:
         name: 'install prereqs and impacket'
 
       - name: cache awslc
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-awslc
         env:
           cache-name: cache-awslc
@@ -83,7 +83,7 @@ jobs:
           cmake --build . --parallel
           cmake --install .
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: autoreconf -fi
         name: 'autoreconf'
@@ -123,7 +123,7 @@ jobs:
         name: 'install prereqs and impacket'
 
       - name: cache awslc
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-awslc
         env:
           cache-name: cache-awslc
@@ -143,7 +143,7 @@ jobs:
           cmake --build . --parallel
           cmake --install .
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: cmake -Bbuild -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DOPENSSL_ROOT_DIR=$HOME/awslc -DBUILD_SHARED_LIBS=ON .
         name: 'cmake generate out-of-tree'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f98e4da4271f011ba10c6b2ffa32f1feaee36ebe..a4e83465362e6831ac84a10eb9380e334d60b188 100644 (file)
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -51,11 +51,11 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3
         with:
           languages: cpp
           queries: security-extended
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3
 
       # â„šī¸ Command-line programs to run using the OS shell.
       # đŸ“š https://git.io/JvXDl
@@ -77,4 +77,4 @@ jobs:
       #    make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index ddbe3265ff03f0854dd70bd28e4759133b89b101..01e64c433f955b7e143acb16c1a957d0e132e860 100644 (file)
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: install
         run: |
diff --git a/.github/workflows/configure-vs-cmake.yml b/.github/workflows/configure-vs-cmake.yml
index dc2273f7375e893b071c07833d9ee13f3cf04b7d..eca6cbc71535f0e8081a5bcfd6674e61333ecf0d 100644 (file)
--- a/.github/workflows/configure-vs-cmake.yml
+++ b/.github/workflows/configure-vs-cmake.yml
@@ -30,7 +30,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: run configure --with-openssl
         run: |
diff --git a/.github/workflows/curl-for-win.yml b/.github/workflows/curl-for-win.yml
index 559b3bb3f6d3b623450148edc00f1f8a8e9d3a90..97dc562a1e676b849020571752428ab12213022d 100644 (file)
--- a/.github/workflows/curl-for-win.yml
+++ b/.github/workflows/curl-for-win.yml
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           path: 'curl'
           fetch-depth: 8
@@ -55,7 +55,7 @@ jobs:
     runs-on: macos-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           path: 'curl'
           fetch-depth: 8
@@ -70,7 +70,7 @@ jobs:
   win-llvm:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           path: 'curl'
           fetch-depth: 8
diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml
index 765193c5083d067d58d5d1ec2f13a90bed7c33d3..b7a1d309846f79f0a0ee886740e2eecc29df5388 100644 (file)
--- a/.github/workflows/distcheck.yml
+++ b/.github/workflows/distcheck.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: sudo apt-get purge -y curl libcurl4 libcurl4-doc
         name: 'remove preinstalled curl libcurl4{-doc}'
@@ -50,7 +50,7 @@ jobs:
           mkdir run2; cp -p ./curl-99.98.97.* run2/
           diff run1 run2
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
         with:
           name: 'release-tgz'
           path: 'curl-99.98.97.tar.gz'
@@ -74,7 +74,7 @@ jobs:
     timeout-minutes: 30
     needs: maketgz-and-verify-in-tree
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
         with:
           name: 'release-tgz'
 
@@ -97,7 +97,7 @@ jobs:
     timeout-minutes: 30
     needs: maketgz-and-verify-in-tree
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
         with:
           name: 'release-tgz'
 
@@ -118,7 +118,7 @@ jobs:
     timeout-minutes: 30
     needs: maketgz-and-verify-in-tree
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4
         with:
           name: 'release-tgz'
 
diff --git a/.github/workflows/hacktoberfest-accepted.yml b/.github/workflows/hacktoberfest-accepted.yml
index 3c4ecd87c4d8b4b24a3e7f621d00ad4339fa50cc..17ab6557d0c097f8e749410ff4f693dfe952992a 100644 (file)
--- a/.github/workflows/hacktoberfest-accepted.yml
+++ b/.github/workflows/hacktoberfest-accepted.yml
@@ -26,7 +26,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           fetch-depth: 100
 
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
index b874c31b51a3fcdd7685793808d6ede90d0c86c1..de93ae26d793df7d636aaf8fa15044dd0c190135 100644 (file)
--- a/.github/workflows/label.yml
+++ b/.github/workflows/label.yml
@@ -21,6 +21,6 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/labeler@v5
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
index ba92efabb4138b64ac56c04e42fc06480394dde1..0b7e0879238c6d074d36edac96933eb9c33c8ad4 100644 (file)
--- a/.github/workflows/linkcheck.yml
+++ b/.github/workflows/linkcheck.yml
@@ -30,12 +30,12 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         name: checkout
 
       - name: trim the cmdline docs markdown files
         run: find docs/cmdline-opts -name "*.md" ! -name "_*" ! -name MANPAGE.md | xargs -n1 ./.github/scripts/cleancmd.pl
 
-      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+      - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
         with:
           use-quiet-mode: 'yes'
diff --git a/.github/workflows/linux-old.yml b/.github/workflows/linux-old.yml
index 24b708c8127b1d0f96194b6dab6e962ae6a1f57e..ff1663580a700f1a630811b5584482cb2af8f778 100644 (file)
--- a/.github/workflows/linux-old.yml
+++ b/.github/workflows/linux-old.yml
@@ -77,7 +77,7 @@ jobs:
           httrack --get https://security.debian.org/debian-security/pool/updates/main/g/glibc/libc6_2.28-10+deb10u3_amd64.deb
           dpkg -i libc6_2.28-10+deb10u3_amd64.deb
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: 'cmake build-only (out-of-tree, libssh2)'
         run: |
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 0b151eba57b87642d0489dbf675cf21617c343c0..af63e3e777b7422f56fbf228d0cc2f97ce7464b4 100644 (file)
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -204,7 +204,7 @@ jobs:
           apk add --no-cache build-base autoconf automake libtool perl openssl-dev libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev heimdal-dev libpsl-dev py3-impacket py3-asn1 py3-six py3-pycryptodomex perl-time-hires openssh stunnel sudo git
         name: 'install dependencies'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Fix kernel mmap rnd bits
         # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
@@ -226,7 +226,7 @@ jobs:
 
       - name: cache bearssl
         if: contains(matrix.build.install_steps, 'bearssl')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-bearssl
         env:
           cache-name: cache-bearssl
@@ -247,7 +247,7 @@ jobs:
 
       - name: cache libressl
         if: contains(matrix.build.install_steps, 'libressl')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-libressl
         env:
           cache-name: cache-libressl
@@ -266,7 +266,7 @@ jobs:
 
       - name: cache mbedtls
         if: contains(matrix.build.install_steps, 'mbedtls')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-mbedtls
         env:
           cache-name: cache-mbedtls
@@ -284,7 +284,7 @@ jobs:
 
       - name: cache openssl3
         if: contains(matrix.build.install_steps, 'openssl3')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-openssl3
         env:
           cache-name: cache-openssl3
@@ -302,7 +302,7 @@ jobs:
 
       - name: cache quictls
         if: contains(matrix.build.install_steps, 'quictls')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-quictls
         env:
           cache-name: cache-quictls
@@ -320,7 +320,7 @@ jobs:
 
       - name: cache msh3
         if: contains(matrix.build.install_steps, 'msh3')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-msh3
         env:
           cache-name: cache-msh3
@@ -347,7 +347,7 @@ jobs:
 
       - name: cache rustls
         if: contains(matrix.build.install_steps, 'rustls')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-rustls
         env:
           cache-name: cache-rustls
@@ -389,7 +389,7 @@ jobs:
 
       - name: cache mod_h2
         if: contains(matrix.build.install_steps, 'pytest')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-mod_h2
         env:
           cache-name: cache-mod_h2
diff --git a/.github/workflows/linux32.yml b/.github/workflows/linux32.yml
index 39fd9c90800a450b5b02f519efaffa1bbec7b711..a9a4d95358f8be1e34636a6145b9cb49ff0bfd79 100644 (file)
--- a/.github/workflows/linux32.yml
+++ b/.github/workflows/linux32.yml
@@ -68,7 +68,7 @@ jobs:
           sudo python3 -m pip install impacket
         name: 'install prereqs'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: autoreconf -fi
         name: 'autoreconf'
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 482e02b76f8b9e419119d753132f6241a98443b7..72b303d605e5c4351b67c5ff9996dd4dc454323b 100644 (file)
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -178,7 +178,7 @@ jobs:
           python3 -m pip install impacket
         name: 'pip3 install'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: rm -f $HOME/.curlrc
         name: remove $HOME/.curlrc
@@ -249,7 +249,7 @@ jobs:
           esac
         name: 'brew unlink openssl'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: cmake -B build -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DUSE_APPLE_IDN=ON ${{ matrix.build.generate }}
         name: 'cmake generate'
diff --git a/.github/workflows/man-examples.yml b/.github/workflows/man-examples.yml
index 2382b670a66d1fea437fcfb51d2186f2cf2b9045..b0e7902f44cdf36100ce82d9a18e60cbda3b8051 100644 (file)
--- a/.github/workflows/man-examples.yml
+++ b/.github/workflows/man-examples.yml
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: render nroff versions
         run: autoreconf -fi && ./configure --without-ssl --without-libpsl && make -C docs
diff --git a/.github/workflows/ngtcp2-linux.yml b/.github/workflows/ngtcp2-linux.yml
index f7ca7d24a93708e008773eeeeded119d5b8d4d9c..5df4b44628bed30e285366a1a75703a6ad804e9e 100644 (file)
--- a/.github/workflows/ngtcp2-linux.yml
+++ b/.github/workflows/ngtcp2-linux.yml
@@ -101,7 +101,7 @@ jobs:
         name: 'install prereqs and impacket, pytest, crypto, apache2'
 
       - name: cache quictls
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-quictls-no-deprecated
         env:
           cache-name: cache-quictls-no-deprecated
@@ -125,7 +125,7 @@ jobs:
 
 
       - name: cache gnutls
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-gnutls
         env:
           cache-name: cache-gnutls
@@ -152,7 +152,7 @@ jobs:
         name: 'install gnutls'
 
       - name: cache wolfssl
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-wolfssl
         env:
           cache-name: cache-wolfssl
@@ -178,7 +178,7 @@ jobs:
 
 
       - name: cache nghttp3
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-nghttp3
         env:
           cache-name: cache-nghttp3
@@ -221,7 +221,7 @@ jobs:
         name: 'install nghttp2'
 
       - name: cache mod_h2
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-mod_h2
         env:
           cache-name: cache-mod_h2
@@ -244,7 +244,7 @@ jobs:
           sudo make install
         name: 'install mod_h2'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: |
           sudo python3 -m pip install -r tests/requirements.txt -r tests/http/requirements.txt
diff --git a/.github/workflows/osslq-linux.yml b/.github/workflows/osslq-linux.yml
index dc2d58d821cf6b5b8f9badb77bfe2f4837e8e931..ea404cb0934f4b7b1aaa30e2fb1dfecf3485c535 100644 (file)
--- a/.github/workflows/osslq-linux.yml
+++ b/.github/workflows/osslq-linux.yml
@@ -90,7 +90,7 @@ jobs:
 
       - name: cache openssl3
         if: contains(matrix.build.install_steps, 'openssl3')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-openssl3
         env:
           cache-name: cache-openssl3
@@ -109,7 +109,7 @@ jobs:
 
       - name: cache quictls
         if: contains(matrix.build.install_steps, 'quictls')
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-quictls
         env:
           cache-name: cache-quictls
@@ -118,7 +118,7 @@ jobs:
           key: ${{ runner.os }}-build-${{ env.cache-name }}-quictls-${{ env.quictls-version }}
 
       - name: cache quictls
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-quictls-no-deprecated
         env:
           cache-name: cache-quictls-no-deprecated
@@ -142,7 +142,7 @@ jobs:
 
 
       - name: cache nghttp3
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-nghttp3
         env:
           cache-name: cache-nghttp3
@@ -185,7 +185,7 @@ jobs:
         name: 'install nghttp2'
 
       - name: cache mod_h2
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-mod_h2
         env:
           cache-name: cache-mod_h2
@@ -208,7 +208,7 @@ jobs:
           sudo make install
         name: 'install mod_h2'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: |
           sudo python3 -m pip install -r tests/requirements.txt -r tests/http/requirements.txt
diff --git a/.github/workflows/proselint.yml b/.github/workflows/proselint.yml
index 13d844f7a0f40199d843b4affe8dffc6332dbeb4..634e19bcc705dc5ed85b61c65e06756e3590f5e6 100644 (file)
--- a/.github/workflows/proselint.yml
+++ b/.github/workflows/proselint.yml
@@ -29,7 +29,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: install prereqs
         run: |
diff --git a/.github/workflows/quiche-linux.yml b/.github/workflows/quiche-linux.yml
index 98398d43407cdf19baa911c72f6337d2cbe2141c..214bbbef58b1909a8dc97bdbb2f4ad9beff701d9 100644 (file)
--- a/.github/workflows/quiche-linux.yml
+++ b/.github/workflows/quiche-linux.yml
@@ -89,7 +89,7 @@ jobs:
         name: 'install prereqs and impacket, pytest, crypto'
 
       - name: cache nghttpx
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-nghttpx
         env:
           cache-name: cache-nghttpx
@@ -134,7 +134,7 @@ jobs:
         name: 'install nghttp2'
 
       - name: cache quiche
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-quiche
         env:
           cache-name: cache-quiche
@@ -162,7 +162,7 @@ jobs:
         name: 'build quiche and boringssl'
 
       - name: cache mod_h2
-        uses: actions/cache@v4
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
         id: cache-mod_h2
         env:
           cache-name: cache-mod_h2
@@ -185,7 +185,7 @@ jobs:
           sudo make install
         name: 'install mod_h2'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: |
           sudo python3 -m pip install -r tests/requirements.txt -r tests/http/requirements.txt
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index 0818bfaabf0d5a4225e96b60ec24481a38495e5d..f8e196919db6b88a790ff8470991a4a308a1bb53 100644 (file)
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -24,6 +24,6 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v3
+        uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 # v3
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index a0beb71b00aca24c2f6f362bc14195b44f5a4a80..03b28ad6a55ca644ab89b63fe04864097ef9834f 100644 (file)
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -23,6 +23,6 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: 'shellcheck'
         run: .github/scripts/shellcheck.sh
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
index e78a36ca7abb8d906ce6ae56a69aa3684ee6e01c..ada4170291580b68c377efa3e0d86afe90a7f2cf 100644 (file)
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -27,7 +27,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: trim all man page *.md files
         run: find docs -name "*.md" ! -name "_*" | xargs -n1 ./.github/scripts/cleancmd.pl
@@ -45,6 +45,6 @@ jobs:
         run: grep -v '^#' .github/scripts/spellcheck.words >  wordlist.txt
 
       - name: Check Spelling
-        uses: rojopolis/spellcheck-github-actions@v0
+        uses: rojopolis/spellcheck-github-actions@dbd2f1da869c05ad874fffeb6fe1ed50cd1a6e98 # v0
         with:
           config_path: .github/scripts/spellcheck.yaml
diff --git a/.github/workflows/synopsis.yml b/.github/workflows/synopsis.yml
index 0e7f0a6d136e08164e215fd33622147fc7af3b30..4bd6c5b67e76d8fb71d272795e51027de20b7c48 100644 (file)
--- a/.github/workflows/synopsis.yml
+++ b/.github/workflows/synopsis.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: verify-synopsis
         run: ./.github/scripts/verify-synopsis.pl docs/libcurl/curl*.3
diff --git a/.github/workflows/torture.yml b/.github/workflows/torture.yml
index 5e8d59f75bae722093d57618e4c37cb8c04481d6..b5330776d1594c6dd80025ea345d8415faa2807b 100644 (file)
--- a/.github/workflows/torture.yml
+++ b/.github/workflows/torture.yml
@@ -73,7 +73,7 @@ jobs:
           sudo python3 -m pip install impacket
         name: 'install prereqs and impacket'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: autoreconf -fi
         name: 'autoreconf'
diff --git a/.github/workflows/wolfssl.yml b/.github/workflows/wolfssl.yml
index 0a483dbbe0262bc24dd5b58ea61c65cbc70dcdfd..9183a3a4c09b6bde71d9563cde9bfb8d61f91ec7 100644 (file)
--- a/.github/workflows/wolfssl.yml
+++ b/.github/workflows/wolfssl.yml
@@ -73,7 +73,7 @@ jobs:
           sudo python3 -m pip install impacket
         name: 'install prereqs and impacket'
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - run: |
           source .github/scripts/VERSIONS
Mirror of https://github.com/curl/curl.git