While reviewing the code and findings via an adhoc semgrep scan, @shivasurya and I found that the versions in the github workflows were not pinned to a specific release, only to a general version. It is best practice to pin these to avoid any supply chain issues that may be introduced due to the external packages.
I have looked up and replaced the versions with the latest release for the version referenced in the original code.
While reviewing the code and findings via an adhoc semgrep scan, @shivasurya and I found that the versions in the github workflows were not pinned to a specific release, only to a general version. It is best practice to pin these to avoid any supply chain issues that may be introduced due to the external packages.
I have looked up and replaced the versions with the latest release for the version referenced in the original code.