From b7a7674aad46e81270a1614b72a68a42994be1a1 Mon Sep 17 00:00:00 2001
From: mateonunez <mateonunez95@gmail.com>
Date: Fri, 31 Mar 2023 14:55:21 +0200
Subject: [PATCH 1/2] tools: add missing pinned dependencies

---
 .github/workflows/daily-wpt-fyi.yml  | 2 +-
 .github/workflows/notify-on-push.yml | 2 +-
 .github/workflows/update-openssl.yml | 6 +++---
 deps/openssl/config/Dockerfile       | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/daily-wpt-fyi.yml b/.github/workflows/daily-wpt-fyi.yml
index 0e2c3df9fcbacb..4c575b76ae2bb8 100644
--- a/.github/workflows/daily-wpt-fyi.yml
+++ b/.github/workflows/daily-wpt-fyi.yml
@@ -98,7 +98,7 @@ jobs:
         run: rm -rf deps/undici
       - name: Checkout undici
         if: ${{ env.WPT_REPORT != '' }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c  # v3.3.0
         with:
           repository: nodejs/undici
           persist-credentials: false
diff --git a/.github/workflows/notify-on-push.yml b/.github/workflows/notify-on-push.yml
index 36e62ee53c7334..c79f73cde349b6 100644
--- a/.github/workflows/notify-on-push.yml
+++ b/.github/workflows/notify-on-push.yml
@@ -34,7 +34,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c  # v3.3.0
         with:
           persist-credentials: false
       - name: Check commit message
diff --git a/.github/workflows/update-openssl.yml b/.github/workflows/update-openssl.yml
index c2f919c60f6dcb..583ba1a4a5b9d3 100644
--- a/.github/workflows/update-openssl.yml
+++ b/.github/workflows/update-openssl.yml
@@ -14,7 +14,7 @@ jobs:
     if: github.repository == 'nodejs/node'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c  # v3.3.0
         with:
           persist-credentials: false
       - name: Check if update branch already exists
@@ -38,7 +38,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
       - name: Create PR with first commit
         if: env.HAS_UPDATE
-        uses: gr2m/create-or-update-pull-request-action@v1
+        uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329  # v1.9.2
         # Creates a PR with the new OpenSSL source code committed
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
@@ -60,7 +60,7 @@ jobs:
       - name: Add second commit
         # Adds a second commit to the PR with the generated platform-dependent files
         if: env.HAS_UPDATE
-        uses: gr2m/create-or-update-pull-request-action@v1
+        uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329  # v1.9.2
         env:
           GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
         with:
diff --git a/deps/openssl/config/Dockerfile b/deps/openssl/config/Dockerfile
index 5133a88b0d33e2..8d51d42ec08a09 100644
--- a/deps/openssl/config/Dockerfile
+++ b/deps/openssl/config/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu@sha256:b39db7fc56971aac21dee02187e898db759c4f26b9b27b1d80b6ad32ff330c76
 
 VOLUME /node
 

From a70db914882db9d911020254764724a8ddad2bdc Mon Sep 17 00:00:00 2001
From: mateonunez <mateonunez95@gmail.com>
Date: Sun, 2 Apr 2023 13:40:11 +0200
Subject: [PATCH 2/2] tools: revert Dockerfile pinned dependency

Signed-off-by: mateonunez <mateonunez95@gmail.com>
---
 deps/openssl/config/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deps/openssl/config/Dockerfile b/deps/openssl/config/Dockerfile
index 8d51d42ec08a09..5133a88b0d33e2 100644
--- a/deps/openssl/config/Dockerfile
+++ b/deps/openssl/config/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu@sha256:b39db7fc56971aac21dee02187e898db759c4f26b9b27b1d80b6ad32ff330c76
+FROM ubuntu:20.04
 
 VOLUME /node