From 9abd64fd4ce8111fe3201894727caa560591ba0c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 6 Feb 2024 20:16:08 +0000
Subject: [PATCH] Pin dependencies

---
 .github/actions/gradle-task-with-commit/action.yml | 4 ++--
 .github/workflows/publish-snapshot.yml             | 2 +-
 .github/workflows/validate-codeowners.yml          | 4 ++--
 .github/workflows/validate-documentation.yml       | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/actions/gradle-task-with-commit/action.yml b/.github/actions/gradle-task-with-commit/action.yml
index 78bce5ab2..e155ddc5f 100644
--- a/.github/actions/gradle-task-with-commit/action.yml
+++ b/.github/actions/gradle-task-with-commit/action.yml
@@ -45,7 +45,7 @@ runs:
 
     # ensure that we have the actual branch checked out.  By default, actions/checkout is headless.
     - name: check out with PAT
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       if: steps.can-push.outputs.can_push == 'true'
       with:
         token: ${{ inputs.personal-access-token }}
@@ -75,7 +75,7 @@ runs:
 
     - name: commit ${{ inputs.fix-task }} changes
       if: steps.can-push.outputs.can_push == 'true'
-      uses: stefanzweifel/git-auto-commit-action@v4
+      uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4
       with:
         commit_message: ${{ steps.set-commit-message.outputs.commit-message }}
         commit_options: '--no-verify --signoff'
diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml
index 252864073..2693d4190 100644
--- a/.github/workflows/publish-snapshot.yml
+++ b/.github/workflows/publish-snapshot.yml
@@ -13,7 +13,7 @@ jobs:
     timeout-minutes: 35
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Check for -SNAPSHOT version
         uses: ./.github/actions/gradle-task
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 75db9c567..d486f6eb9 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -12,9 +12,9 @@ jobs:
     name: Validate Codeowners
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       # https://github.com/marketplace/actions/github-codeowners-validator
-      - uses: mszostok/codeowners-validator@v0.7.4
+      - uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f # v0.7.4
         with:
           # TODO(https://github.com/square/workflow-kotlin/issues/316) Add the owners check
           # back once this is fixed, or we implement a workaround.
diff --git a/.github/workflows/validate-documentation.yml b/.github/workflows/validate-documentation.yml
index 105bebfc9..32d40b333 100644
--- a/.github/workflows/validate-documentation.yml
+++ b/.github/workflows/validate-documentation.yml
@@ -14,7 +14,7 @@ jobs:
     name: Lint Markdown files
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Set up Ruby 2.6
         uses: ruby/setup-ruby@v1
         with: