fix: autopin dependencies

[thypon]

Summary

The sourcecode is functionally equivalent, and renovate will take care of updating these actions.

Context: threat actors exploiting github-actions supply-chain in the wild

Test plan

N/A

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: thypon / name: Andrea (7feab86)

[netlify]

✅ Deploy Preview for jestjs ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	7feab86
🔍 Latest deploy log	https://app.netlify.com/sites/jestjs/deploys/67f451076e445d00081807fd
😎 Deploy Preview	https://deploy-preview-15559--jestjs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[SimenB]

great, thanks! mind signing the CLA?

[thypon]

@SimenB it should be signed on our side. Not sure how to proceed else.

[SimenB]

Hmm, odd! Can you try to push an empty commit just to see if it triggers it to recheck or something? I tried to, but I'm not allowed to push to your fork

(just git commit -m 'trigger ci' --allow-empty)

EDIT: The force push 11 hours should have helped if new commit would, tho 🙁

[SimenB]

I wonder if it's OK to merge regardless tho as it's not a code change per se, and not something that's distributed. @bensternthal would you know? Or, even better, know why the CLA says it's unsigned if it is? I tried clicking the "details" think from the status check, but that just takes me to a page where I can sign the CLA myself

[bensternthal]

@SimenB you can always bypass CLA if you need to, however in this case @thypon should click the "Please click here to be authorized" link to see what it says.

If this is a corporate CLA, there are a variety of reasons why this might fail. However if this is an individual, usually the only reason for failure is that the person has not agreed to the CLA. I can help diagnose when we have more information.

[thypon]

whenever I try to sign as a corporation, it says that I should get the approval from the manager - that's me. If I go in the dashboard it looks already approved, and no extra requests are available. I can try to approve as an individual in case.

The code is only CI anyway, and it can be obtained automatically with pinact, in case you want to do that way.
I'm fine closing this one as well if you want to do that on your side. Alternatively renovate can handle this automatically with the following config.

[bensternthal]

@thypon let me poke around on this and potentially file an issue for our IT folks to help.

[bensternthal]

@thypon it looks like you have the signed corporate CLA but have not setup any approval criteria. Often companies set this to their corporate domain but you can also add users via email or via github username. More info can be found here.

If you need help please feel free to reach out to me via slack or email.

[thypon]

Looks like it worked now, thanks!

[thypon]

still missing something? @SimenB

[SimenB]

Perfect, thanks!