From a02a650ac6f0cc5929f623b5785def7e003aa8aa Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sun, 29 Dec 2024 07:16:15 -0800 Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#2013) Signed-off-by: StepSecurity Bot --- .github/workflows/Build and test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Build and test.yml b/.github/workflows/Build and test.yml index f5067d6cb..d16afff01 100644 --- a/.github/workflows/Build and test.yml +++ b/.github/workflows/Build and test.yml @@ -29,14 +29,14 @@ jobs: - run: yarn install --frozen-lockfile - run: yarn build-only - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 with: name: dist path: dist/ - run: tar -cvf node_modules.tar node_modules - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 with: name: node_modules path: node_modules.tar