lprimak opened a new issue, #2383: URL: https://github.com/apache/shiro/issues/2383
### Search before asking - [x] I had searched in the [issues](https://github.com/apache/shiro/issues?q=is%3Aissue) and found no similar issues. ### Enhancement Request It looks like there are new unpinned dependencies that are being reported against Shiro: ``` Pinned-Dependencies Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/shiro/labeler.yml/main?enable=pin Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/shiro/pre-commit.yml/main?enable=pin Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/shiro/pre-commit.yml/main?enable=pin Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/shiro/pre-commit.yml/main?enable=pin Warn: pipCommand not pinned by hash: .github/workflows/pre-commit.yml:42 Warn: pipCommand not pinned by hash: .github/workflows/pre-commit.yml:43 Info: 13 out of 17 GitHub-owned GitHubAction dependencies pinned Info: 1 out of 1 third-party GitHubAction dependencies pinned Info: 0 out of 2 pipCommand dependencies pinned ``` ### Describe the solution you'd like Fix this / pin with a hash ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
