[StepSecurity] ci: Harden GitHub Actions (#225)

step-security-bot · web-flow · commit 9363bf774117 · 2023-10-18T10:06:27.000+01:00
Signed-off-by: StepSecurity Bot &lt;bot@stepsecurity.io&gt;
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -29,7 +29,7 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
         with:
           fail-on-severity: moderate
           comment-summary-in-pr: always
