From fcc530afccd77bac1e72911b4146e512c8c5ad49 Mon Sep 17 00:00:00 2001
From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com>
Date: Tue, 29 Oct 2024 13:35:53 +0100
Subject: [PATCH] Pinned deps to resolve security vuln

---
 .github/workflows/release.yml    | 5 ++++-
 .github/workflows/test.yml       | 2 +-
 .github/workflows/tpip-check.yml | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bb319d4..ce15cf0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,6 +10,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   test:
     uses: Open-CMSIS-Pack/cbuild2cmake/.github/workflows/test.yml@main
@@ -17,7 +20,7 @@ jobs:
   goreleaser:
     needs: test
     permissions:
-      contents: write
+      contents: write # for goreleaser/goreleaser-action to create a GitHub release
     runs-on: ubuntu-latest
     steps:
       - name: Download test results
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6db793a..20051f3 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -86,7 +86,7 @@ jobs:
           check-latest: true
 
       - name: Install go-junit-report
-        run: go install github.com/jstemmer/go-junit-report/v2@latest
+        run: go install github.com/jstemmer/go-junit-report/v2@14d61e6e75e3f3c74551d757ad936e8e88014464 # v2.1.0
 
       - name: Unit testing
         run: |
diff --git a/.github/workflows/tpip-check.yml b/.github/workflows/tpip-check.yml
index a882b72..4d52098 100644
--- a/.github/workflows/tpip-check.yml
+++ b/.github/workflows/tpip-check.yml
@@ -40,7 +40,7 @@ jobs:
         run:  go mod tidy
 
       - name: Install go-licenses
-        run:  go install github.com/google/go-licenses@latest
+        run:  go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e # v1.6.0
 
       - name: Generate TPIP Report
         run:  |