diff --git a/.github/workflows/och-self-scan.yml b/.github/workflows/och-self-scan.yml index 9d6c58c..bd63d9b 100644 --- a/.github/workflows/och-self-scan.yml +++ b/.github/workflows/och-self-scan.yml @@ -31,7 +31,7 @@ jobs: - uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4 - name: Cache pnpm store - uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.local/share/pnpm/store key: pnpm-store-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a681da3..abeeba7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -245,7 +245,7 @@ jobs: path: artifacts/ - name: Attest build provenance for every released artifact - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-path: | artifacts/opencodehub-pack.tar.gz