From 10aa5bdda34c59dac50567e56c96264b093415a9 Mon Sep 17 00:00:00 2001 From: Chris Nyhuis Date: Thu, 26 Mar 2026 12:25:20 -0400 Subject: [PATCH] fix: pin 13 unpinned action(s) Automated security fixes applied by Runner Guard (https://github.com/Vigilant-LLC/runner-guard). Changes: .github/workflows/app.yml | 6 +++--- .github/workflows/deploy_preview.yml | 4 ++-- .github/workflows/docker.yml | 10 +++++----- .github/workflows/issue-translator.yml | 2 +- .github/workflows/remove_deploy_preview.yml | 2 +- .github/workflows/sync.yml | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) --- .github/workflows/app.yml | 6 +++--- .github/workflows/deploy_preview.yml | 4 ++-- .github/workflows/docker.yml | 10 +++++----- .github/workflows/issue-translator.yml | 2 +- .github/workflows/remove_deploy_preview.yml | 2 +- .github/workflows/sync.yml | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/app.yml b/.github/workflows/app.yml index 7e74cf04595..65096f4e122 100644 --- a/.github/workflows/app.yml +++ b/.github/workflows/app.yml @@ -59,10 +59,10 @@ jobs: node-version: 18 cache: 'yarn' - name: install Rust stable - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable with: targets: ${{ matrix.config.rust_target }} - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@e18b497796c12c097a38f9edb9d0641fb99eee32 # v2 with: key: ${{ matrix.config.os }} - name: install dependencies (ubuntu only) @@ -72,7 +72,7 @@ jobs: sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev librsvg2-dev patchelf - name: install frontend dependencies run: yarn install # change this to npm or pnpm depending on which one you use - - uses: tauri-apps/tauri-action@v0 + - uses: tauri-apps/tauri-action@84b9d35b5fc46c1e45415bdb6144030364f7ebc5 # v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} diff --git a/.github/workflows/deploy_preview.yml b/.github/workflows/deploy_preview.yml index b988452433b..a4887631b88 100644 --- a/.github/workflows/deploy_preview.yml +++ b/.github/workflows/deploy_preview.yml @@ -31,7 +31,7 @@ jobs: id: extract_branch - name: Hash branch name - uses: pplanel/hash-calculator-action@v1.3.1 + uses: pplanel/hash-calculator-action@5acf376a9ed10e8ca4a540c5c180ef7ef3ba582e # v1.3.1 id: hash_branch with: input: ${{ steps.extract_branch.outputs.branch }} @@ -74,7 +74,7 @@ jobs: echo "New alias URL: ${ALIAS_URL}" echo "VERCEL_URL=${ALIAS_URL}" >> "$GITHUB_OUTPUT" - - uses: mshick/add-pr-comment@v2 + - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2 with: message: | Your build has completed! diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8ac96f19356..bdd6e680639 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v3 - name: Log in to Docker Hub - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -23,7 +23,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4 with: images: yidadaa/chatgpt-next-web tags: | @@ -32,15 +32,15 @@ jobs: - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2 - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/issue-translator.yml b/.github/workflows/issue-translator.yml index 560f66d3443..97f08b820f1 100644 --- a/.github/workflows/issue-translator.yml +++ b/.github/workflows/issue-translator.yml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: usthe/issues-translate-action@v2.7 + - uses: usthe/issues-translate-action@b41f55ddc81d7d54bd542a4f289fe28ec081898e # v2.7 with: IS_MODIFY_TITLE: false CUSTOM_BOT_NOTE: Bot detected the issue body's language is not English, translate it automatically. diff --git a/.github/workflows/remove_deploy_preview.yml b/.github/workflows/remove_deploy_preview.yml index 4846cda2d6a..2ff56ccb7a6 100644 --- a/.github/workflows/remove_deploy_preview.yml +++ b/.github/workflows/remove_deploy_preview.yml @@ -27,7 +27,7 @@ jobs: id: extract_branch - name: Hash branch name - uses: pplanel/hash-calculator-action@v1.3.1 + uses: pplanel/hash-calculator-action@5acf376a9ed10e8ca4a540c5c180ef7ef3ba582e # v1.3.1 id: hash_branch with: input: ${{ steps.extract_branch.outputs.branch }} diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml index e04e30adbd6..75455796a54 100644 --- a/.github/workflows/sync.yml +++ b/.github/workflows/sync.yml @@ -22,7 +22,7 @@ jobs: # Step 2: run the sync action - name: Sync upstream changes id: sync - uses: aormsby/Fork-Sync-With-Upstream-action@v3.4 + uses: aormsby/Fork-Sync-With-Upstream-action@9e2e4fd0829a2fe8ca4b13693faac9230c414d51 # v3.4 with: upstream_sync_repo: ChatGPTNextWeb/ChatGPT-Next-Web upstream_sync_branch: main