From 97388e415b8dd3af431ffb9c868073360e14ff7a Mon Sep 17 00:00:00 2001
From: Juraj Hilje <juraj.hilje@gmail.com>
Date: Tue, 3 Mar 2026 17:17:02 +0100
Subject: [PATCH] ci: update github actions

---
 .github/workflows/linter.yml    | 5 ++++-
 .github/workflows/mobsfscan.yml | 7 +++++--
 .github/workflows/stale.yml     | 2 +-
 .github/workflows/swiftlint.yml | 7 +++++--
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 1db78a5d8..9cf485a54 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -5,13 +5,16 @@ on:
     branches: [ "main", "develop" ]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Lint Code Base
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Lint Code Base
         uses: docker://github/super-linter:v3.13.1
         env:
diff --git a/.github/workflows/mobsfscan.yml b/.github/workflows/mobsfscan.yml
index 978b06890..92ccfcaa5 100644
--- a/.github/workflows/mobsfscan.yml
+++ b/.github/workflows/mobsfscan.yml
@@ -5,13 +5,16 @@ on:
     branches: [ "main", "develop" ]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     name: mobsfscan
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
     - name: mobsfscan
-      uses: MobSF/mobsfscan@main
+      uses: MobSF/mobsfscan@ec2927a8cfab6626a67f26b223be3aba52a34b70 # main
       with:
         args: '. --json'
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 9996f72f7..12f317730 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'
diff --git a/.github/workflows/swiftlint.yml b/.github/workflows/swiftlint.yml
index 67489858d..02ecea335 100644
--- a/.github/workflows/swiftlint.yml
+++ b/.github/workflows/swiftlint.yml
@@ -9,10 +9,13 @@ on:
       - '.swiftlint.yml'
       - '**/*.swift'
 
+permissions:
+  contents: read
+
 jobs:
   SwiftLint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: GitHub Action for SwiftLint
-        uses: norio-nomura/action-swiftlint@3.1.0
+        uses: norio-nomura/action-swiftlint@f3d1a1dab62b6f107450590dc94e845efa244c7e # 3.1.0