Merge pull request #127 from step-security-bot/stepsecurity_remediation_1687641140
[StepSecurity] ci: Harden GitHub Actions
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 2dc3d38..daae084 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -45,7 +45,7 @@
persist-credentials: false
- name: "Run analysis"
- uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # 2.1.3
+ uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # 2.2.0
with:
results_file: results.sarif
results_format: sarif
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 44c8cea..8c180d7 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -83,6 +83,8 @@
<action issue="OGNL-6" type="update" dev="simonetripodi">Upgrade groupId/artifactId/version on pom</action>
<action issue="OGNL-2" type="update" dev="">Update legals to all OGNL file</action>
<action issue="OGNL-1" type="update" dev="lukaszlenart">Import the OGNL codebase</action>
+ <!-- FIX -->
+ <action type="fix" dev="ggregory" due-to="step-security-bot, Gary Gregory">[StepSecurity] ci: Harden GitHub Actions #127.</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary Gregory">Bump actions/cache from 3.0.5 to 3.0.8.</action>
<action type="update" dev="ggregory" due-to="Dependabot">Bump actions/setup-java from 2 to 3 #70.</action>