From fbb3ee39a772473f608670ecd6f20ca0da7cad3e Mon Sep 17 00:00:00 2001
From: Gaius <gaius.qi@gmail.com>
Date: Thu, 19 Sep 2024 20:26:07 +0800
Subject: [PATCH] chore: fixed Pinned-Dependencies in actions (#3521)

Signed-off-by: Gaius <gaius.qi@gmail.com>
---
 .github/workflows/docker.yml     | 2 +-
 .github/workflows/scorecards.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index a46ce817016..cc5c7f32453 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -66,7 +66,7 @@ jobs:
             ${{ runner.os }}-buildx-
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
 
       - name: Login Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index aae147aef49..9b48cf65ebd 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -64,6 +64,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d
         with:
           sarif_file: results.sarif