From 5dcd3c70ba02cbe615dbddb2903f351662e3472d Mon Sep 17 00:00:00 2001
From: murderteeth <89237203+murderteeth@users.noreply.github.com>
Date: Thu, 14 May 2026 06:13:58 +0000
Subject: [PATCH] Supply-chain hardening sweep
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1 PM config(s); pin 6 actions

🛡️ Automated
---
 .github/workflows/deploy-preprod.yml       | 4 ++--
 .github/workflows/deploy-production.yml    | 4 ++--
 .github/workflows/security-and-quality.yml | 4 ++--
 .npmrc                                     | 2 ++
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/deploy-preprod.yml b/.github/workflows/deploy-preprod.yml
index 66fb5fa..a3a06ce 100644
--- a/.github/workflows/deploy-preprod.yml
+++ b/.github/workflows/deploy-preprod.yml
@@ -21,12 +21,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           ref: ${{ inputs.ref }}
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version-file: ".nvmrc"
           cache: "npm"
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
index 9450b4d..1d9f21c 100644
--- a/.github/workflows/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -16,12 +16,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           ref: master
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version-file: ".nvmrc"
           cache: "npm"
diff --git a/.github/workflows/security-and-quality.yml b/.github/workflows/security-and-quality.yml
index 0785c97..92d5c58 100644
--- a/.github/workflows/security-and-quality.yml
+++ b/.github/workflows/security-and-quality.yml
@@ -12,10 +12,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version-file: ".nvmrc"
           cache: "npm"
diff --git a/.npmrc b/.npmrc
index feb25e9..a5ea16f 100644
--- a/.npmrc
+++ b/.npmrc
@@ -2,3 +2,5 @@ save-exact=true
 engine-strict=true
 audit=false
 fund=false
+min-release-age=7
+ignore-scripts=true