SEC-090: Automated trusted workflow pinning (2023-04-21)

[hashicorp-tsccr]

Hello,
This PR was auto-generated to pin the Actions workflow files in this repository to use trusted SHAs.
This is in support of RFC SEC-090 which is due to be implemented by EOQ2 FY24.

Please do the following:

• Approve and merge this PR if you are happy with the changes.
• Check if there are any untrusted third-party Actions in the workflow files and onboard them to the TSCCR.
• The yaml comments "# TSCCR: no entry for repository..." or "# TSCCR: no version of..." in the workflow files identifies an untrusted Action.
• If you have to onboard any third-party Actions, update and pin your workflows using the tsccr-helper tool after the Actions have been onboarded OR reach out to #team-prodsec and we can run this automation again.
• Verify that your Actions are still working as expected after pinning.

Please reach out to #team-prodsec if you have any questions.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8abdaf0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
react-components	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 21, 2023 11:32am