Merge pull request #65 from geoserver/renovate/pin-dependencies

chore(deps): pin dependencies
2024-07-30 12:03:05 +02:00 · 2024-07-30 12:03:05 +02:00 · 4faba95621
parent 9ae7c75cc4 83d131be39
commit 4faba95621
3 changed files with 4 additions and 4 deletions
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
      - name: Build image
        run: docker build -t geoserver-docker.osgeo.org/geoserver:${{ github.sha }} .
      - name: Run trivy
@ -22,6 +22,6 @@ jobs:
          severity: 'CRITICAL,HIGH'
          vuln-type: 'os,library'
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@3e0e84636c6f5df46a2cb232ae1dd1384713150d # v2
        with:
          sarif_file: 'trivy-results.sarif'
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM tomcat:9.0.91-jdk11-temurin-jammy
+FROM tomcat:9.0.91-jdk11-temurin-jammy@sha256:773822dc3543ae612d1710fe68ea4d21455edde94aa0ad216c3d769723b53c42
 LABEL vendor="osgeo.org"

 # Build arguments
--- a/docker-compose-demo.yml
+++ b/docker-compose-demo.yml
@ -29,7 +29,7 @@ services:
      retries: 3
      timeout: 20s
  postgis:
-    image: postgis/postgis:16-3.4-alpine
+    image: postgis/postgis:16-3.4-alpine@sha256:5cc92acec6cb62b56e55f5b74d065f29c1ebfc9a6e7edc8b443b9f9d17edab0d
    ports:
      - "5555:5432"
    environment: