You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@commons.apache.org by gg...@apache.org on 2023/06/24 17:54:41 UTC

[commons-csv] branch master updated: [StepSecurity] ci: Harden GitHub Actions

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-csv.git


The following commit(s) were added to refs/heads/master by this push:
     new 62f4c6db [StepSecurity] ci: Harden GitHub Actions
     new 0a6e08ac Merge pull request #329 from step-security-bot/stepsecurity_remediation_1687629086
62f4c6db is described below

commit 62f4c6db313686ae626f56029a0865a26126c66b
Author: StepSecurity Bot <bo...@stepsecurity.io>
AuthorDate: Sat Jun 24 17:51:28 2023 +0000

    [StepSecurity] ci: Harden GitHub Actions
    
    Signed-off-by: StepSecurity Bot <bo...@stepsecurity.io>
---
 .github/workflows/maven.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 5cefdeb3..62cf5a11 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -37,14 +37,14 @@ jobs:
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
       with:
         persist-credentials: false
-    - uses: actions/cache@v3.3.1
+    - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
         restore-keys: |
           ${{ runner.os }}-maven-
     - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@v3.11.0
+      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
       with:
         distribution: 'temurin'
         java-version: ${{ matrix.java }}