Done with pin-github-action https://github.com/mheap/pin-github-action
1.8.0 using npx pin-github-action .github/workflows/*.yml, and then
manually bumping the version tag to the relevant number.
This fixes the issue that it is common practice for GitHub Actions
authors to move major tags when releasing new minor versions.
Dependabot supports updating in the same fashion, bumping the version
tag when updating the hash.
Done with pin-github-action https://github.com/mheap/pin-github-action 1.8.0 using
npx pin-github-action .github/workflows/*.yml
, and then manually bumping the version tag to the relevant number.This fixes the issue that it is common practice for GitHub Actions authors to move major tags when releasing new minor versions.
Dependabot supports updating in the same fashion, bumping the version
tag when updating the hash.