From 32a6ded49983ae7429fdaf1943af5aa2657f3b4b Mon Sep 17 00:00:00 2001
From: Micheal Wilkinson <micheal.wilkinson@createfuture.com>
Date: Sat, 21 Mar 2026 15:00:34 +0000
Subject: [PATCH] fix(ci): pin gosec and govulncheck-action to concrete version
 tags

---
 .gitea/workflows/prepare-release.yml | 4 ++--
 .gitea/workflows/push-validation.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/prepare-release.yml b/.gitea/workflows/prepare-release.yml
index ab4fe48..2d9fedd 100644
--- a/.gitea/workflows/prepare-release.yml
+++ b/.gitea/workflows/prepare-release.yml
@@ -49,12 +49,12 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2
+        uses: securego/gosec@v2.22.4
         with:
           args: ./...
 
       - name: Run govulncheck
-        uses: golang/govulncheck-action@v1
+        uses: golang/govulncheck-action@v1.1.4
         with:
           go-package: ./...
           cache: true
diff --git a/.gitea/workflows/push-validation.yml b/.gitea/workflows/push-validation.yml
index f55505e..2b64447 100644
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -45,12 +45,12 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2
+        uses: securego/gosec@v2.22.4
         with:
           args: ./...
 
       - name: Run govulncheck
-        uses: golang/govulncheck-action@v1
+        uses: golang/govulncheck-action@v1.1.4
         with:
           go-package: ./...
           cache: true