chore: more remediations from oss scorecard

- [x] github action versions via hashes - [x] include hashes for each pip dependency - `python3 -m pip download [dependency==version]` - `python3 -m pip hash [downloaded package name]` Signed-off-by: jmeridth <jmeridth@gmail.com>
github · May 4, 2024 · 99d0c71 · 99d0c71
1 parent b496b7d
commit 99d0c71
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 16 deletions.
diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
       - name: version
         id: version
         run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -62,7 +62,7 @@
             registry: ${{ env.REGISTRY }}
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: actions/checkout@v4
+        - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
         - name: Push Docker Image
           if: ${{ success() }}
           uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0

diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e
         with:
           stale-issue-message: 'This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days.'
           close-issue-message: 'This issue was closed because it has been stalled for 35 days with no activity.'

diff --git a/.github/workflows/use-action.yml b/.github/workflows/use-action.yml
@@ -23,7 +23,7 @@ jobs:
       packages: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
       - name: Run stale_repos tool
         uses: docker://ghcr.io/github/stale_repos:v1
         env:

diff --git a/requirements-test.txt b/requirements-test.txt
@@ -1,9 +1,9 @@
-black==24.4.2
-flake8==7.0.0
-mypy==1.10.0
-mypy-extensions==1.0.0
-pylint==3.1.0
-pytest==8.2.0
-pytest-cov==5.0.0
-types-python-dateutil==2.9.0.20240316
-types-requests==2.31.0.20240406
+black==24.4.2 --hash=sha256:88c57dc656038f1ab9f92b3eb5335ee9b021412feaa46330d5eba4e51fe49b04
+flake8==7.0.0 --hash=sha256:a6dfbb75e03252917f2473ea9653f7cd799c3064e54d4c8140044c5c065f53c3
+mypy==1.10.0 --hash=sha256:b808e12113505b97d9023b0b5e0c0705a90571c6feefc6f215c1df9381256e30
+mypy-extensions==1.0.0 --hash=sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d
+pylint==3.1.0 --hash=sha256:507a5b60953874766d8a366e8e8c7af63e058b26345cfcb5f91f89d987fd6b74
+pytest==8.2.0 --hash=sha256:1733f0620f6cda4095bbf0d9ff8022486e91892245bb9e7d5542c018f612f233
+pytest-cov==5.0.0 --hash=sha256:4f0764a1219df53214206bf1feea4633c3b558a2925c8b59f144f682861ce652
+types-python-dateutil==2.9.0.20240316 --hash=sha256:6b8cb66d960771ce5ff974e9dd45e38facb81718cc1e208b10b1baccbfdbee3b
+types-requests==2.31.0.20240406 --hash=sha256:6216cdac377c6b9a040ac1c0404f7284bd13199c0e1bb235f4324627e8898cf5
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,3 @@
-github3.py==4.0.1
-python-dotenv==1.0.1
-python_dateutil==2.9.0.post0
+github3.py==4.0.1 --hash=sha256:a89af7de25650612d1da2f0609622bcdeb07ee8a45a1c06b2d16a05e4234e753
+python-dotenv==1.0.1 --hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
+python_dateutil==2.9.0.post0 --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427