From 3a00dd057ffa81ed57393d35fb75ba236712d513 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Sat, 4 May 2024 01:14:12 -0500
Subject: [PATCH] chore: more remediations from oss scorecard

- [x] github action versions via hashes
- [x] include hashes for each pip dependency
  - `python3 -m pip download [dependency==version]`
  - `python3 -m pip hash [downloaded package name]`

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/workflows/major-version-updater.yml |  2 +-
 .github/workflows/release.yml               |  2 +-
 .github/workflows/stale.yaml                |  2 +-
 .github/workflows/use-action.yml            |  2 +-
 requirements-test.txt                       | 18 +++++++++---------
 requirements.txt                            |  7 ++++---
 6 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index 97d7276..efc38c5 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
       - name: version
         id: version
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ee9954f..9de2c30 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@
             registry: ${{ env.REGISTRY }}
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: actions/checkout@v4
+        - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
         - name: Push Docker Image
           if: ${{ success() }}
           uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index bad2aeb..5a0bc41 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e
         with:
           stale-issue-message: 'This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days.'
           close-issue-message: 'This issue was closed because it has been stalled for 35 days with no activity.'
diff --git a/.github/workflows/use-action.yml b/.github/workflows/use-action.yml
index 00362cc..7035a24 100644
--- a/.github/workflows/use-action.yml
+++ b/.github/workflows/use-action.yml
@@ -23,7 +23,7 @@ jobs:
       packages: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
       - name: Run stale_repos tool
         uses: docker://ghcr.io/github/stale_repos:v1
         env:
diff --git a/requirements-test.txt b/requirements-test.txt
index 133f40b..29d2bb5 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,9 +1,9 @@
-black==24.4.2
-flake8==7.0.0
-mypy==1.10.0
-mypy-extensions==1.0.0
-pylint==3.1.0
-pytest==8.2.0
-pytest-cov==5.0.0
-types-python-dateutil==2.9.0.20240316
-types-requests==2.31.0.20240406
+black==24.4.2 --hash=sha256:88c57dc656038f1ab9f92b3eb5335ee9b021412feaa46330d5eba4e51fe49b04
+flake8==7.0.0 --hash=sha256:a6dfbb75e03252917f2473ea9653f7cd799c3064e54d4c8140044c5c065f53c3
+mypy==1.10.0 --hash=sha256:b808e12113505b97d9023b0b5e0c0705a90571c6feefc6f215c1df9381256e30
+mypy-extensions==1.0.0 --hash=sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d
+pylint==3.1.0 --hash=sha256:507a5b60953874766d8a366e8e8c7af63e058b26345cfcb5f91f89d987fd6b74
+pytest==8.2.0 --hash=sha256:1733f0620f6cda4095bbf0d9ff8022486e91892245bb9e7d5542c018f612f233
+pytest-cov==5.0.0 --hash=sha256:4f0764a1219df53214206bf1feea4633c3b558a2925c8b59f144f682861ce652
+types-python-dateutil==2.9.0.20240316 --hash=sha256:6b8cb66d960771ce5ff974e9dd45e38facb81718cc1e208b10b1baccbfdbee3b
+types-requests==2.31.0.20240406 --hash=sha256:6216cdac377c6b9a040ac1c0404f7284bd13199c0e1bb235f4324627e8898cf5
diff --git a/requirements.txt b/requirements.txt
index 99ea149..a9dbe65 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
-github3.py==4.0.1
-python-dotenv==1.0.1
-python_dateutil==2.9.0.post0
+github3.py==4.0.1 --hash=sha256:a89af7de25650612d1da2f0609622bcdeb07ee8a45a1c06b2d16a05e4234e753
+PyJWT==2.8.0 --hash=sha256:59127c392cc44c2da5bb3192169a91f429924e17aff6534d70fdc02ab3e04320
+python-dotenv==1.0.1 --hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
+python_dateutil==2.9.0.post0 --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427