From 3407237c707e251ae2ea498a7eff8c4bf7273b9e Mon Sep 17 00:00:00 2001
From: "Mack (Maksym Iv)" <maksym@elastiflow.com>
Date: Thu, 26 Mar 2026 22:34:48 +0200
Subject: [PATCH 1/5] fix: Pin GitHub actions versions

---
 .github/workflows/ci.yml      | 4 ++--
 .github/workflows/release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8c4c3b07..6ac9a0b8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,10 +22,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: go.mod
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8f45f964..a7bda231 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,7 +21,7 @@ jobs:
       valid_tag: ${{ steps.set_standard_vars.outputs.valid_tag }}
       rc: ${{ steps.set_standard_vars.outputs.rc }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
       - name: set outputs with default values
         id: set_standard_vars
         run: |

From 0290e02bad243aafd85a59787f908c0e2b014b9f Mon Sep 17 00:00:00 2001
From: "Mack (Maksym Iv)" <maksym@elastiflow.com>
Date: Fri, 27 Mar 2026 01:54:59 +0200
Subject: [PATCH 2/5] chore: Ignore semgrep warning

---
 pkg/def/validate.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/def/validate.go b/pkg/def/validate.go
index d68e264d..9ba1adae 100644
--- a/pkg/def/validate.go
+++ b/pkg/def/validate.go
@@ -28,6 +28,7 @@ func validate[T any](definition T, schemaName string) error {
 	}
 
 	var v interface{}
+	// nosemgrep go-unsafe-deserialization-interface
 	if unmarshalErr := json.Unmarshal(data, &v); unmarshalErr != nil {
 		return fmt.Errorf("failed to unmarshal definition: %w", err)
 	}

From 906447bbd89762a50db12c312cc04f518c480cb2 Mon Sep 17 00:00:00 2001
From: "Mack (Maksym Iv)" <146473578+maksym-iv-ef@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:14:09 +0200
Subject: [PATCH 3/5] chore: Trigger GHA


From 3a2ceba245f73806f6bcfda5f92399eff2f44f05 Mon Sep 17 00:00:00 2001
From: "Mack (Maksym Iv)" <146473578+maksym-iv-ef@users.noreply.github.com>
Date: Fri, 27 Mar 2026 16:29:10 +0200
Subject: [PATCH 4/5] chore: Trigger GHA


From b5ac479da48127b901d446c07a2f6169fac4632a Mon Sep 17 00:00:00 2001
From: "Mack (Maksym Iv)" <maksym@elastiflow.com>
Date: Fri, 27 Mar 2026 16:32:21 +0200
Subject: [PATCH 5/5] chore: Ignore semgrep warning

---
 pkg/def/validate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/def/validate.go b/pkg/def/validate.go
index 9ba1adae..37f7c8c7 100644
--- a/pkg/def/validate.go
+++ b/pkg/def/validate.go
@@ -27,8 +27,8 @@ func validate[T any](definition T, schemaName string) error {
 		return fmt.Errorf("failed to marshal definition: %w", err)
 	}
 
+	// nosemgrep: go-unsafe-deserialization-interface
 	var v interface{}
-	// nosemgrep go-unsafe-deserialization-interface
 	if unmarshalErr := json.Unmarshal(data, &v); unmarshalErr != nil {
 		return fmt.Errorf("failed to unmarshal definition: %w", err)
 	}