From 5e846233f5e55ddf9f9ba5fc31d53455036d50f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marius=20Co=C8=9Bofan=C4=83?= <marius.coto@gmail.com>
Date: Tue, 15 Apr 2025 15:43:17 +0200
Subject: [PATCH] SEC-3079 Pin workflow action versions

---
 .github/workflows/pages.yml        | 6 +++---
 .github/workflows/publish_pypi.yml | 2 +-
 .github/workflows/test.yml         | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml
index 830dca4..a562668 100644
--- a/.github/workflows/pages.yml
+++ b/.github/workflows/pages.yml
@@ -12,16 +12,16 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Configure Git Credentials
         run: |
           git config user.name github-actions[bot]
           git config user.email 41898282+github-actions[bot]@users.noreply.github.com
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: 3.x
       - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV 
-      - uses: actions/cache@v4
+      - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           key: mkdocs-material-${{ env.cache_id }}
           path: .cache
diff --git a/.github/workflows/publish_pypi.yml b/.github/workflows/publish_pypi.yml
index 9acf204..a65296d 100644
--- a/.github/workflows/publish_pypi.yml
+++ b/.github/workflows/publish_pypi.yml
@@ -8,7 +8,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Build and publish to pypi
         shell: bash
         env:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a3d393b..fa79762 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       # Runs a single command using the runners shell
       - name: Install dependencies