From c0f7f3c97ede30544e453652b240c662fd4d22a9 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Tue, 11 Nov 2025 09:04:23 +0000
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/protos.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/protos.yml b/.github/workflows/protos.yml
index 26eb547..719bd21 100644
--- a/.github/workflows/protos.yml
+++ b/.github/workflows/protos.yml
@@ -28,7 +28,7 @@ jobs:
 
        # Setup Buf CLI - will pull proto from buf.build/permifyco/permify
        - name: Setup Buf
-         uses: bufbuild/buf-action@v1
+         uses: bufbuild/buf-action@8f4a1456a0ab6a1eb80ba68e53832e6fcfacc16c # v1.3.0
          with:
            setup_only: true
            github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -52,7 +52,7 @@ jobs:
        # Create Pull Request only if there are changes
        - name: Create Pull Request
          if: steps.verify-changes.outputs.has_changes == 'true'
-         uses: peter-evans/create-pull-request@v7.0.8
+         uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
          with:
            token: ${{ secrets.GITHUB_TOKEN }}
            commit-message: "chore(proto): update generated SDK with latest Permify definitions"