Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deb.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/deb.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deb.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/deb.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/linter.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/linter.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/linter.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semgrep.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/semgrep.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/semgrep.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/semgrep.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sign.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/sign.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/yujia1256/city/test.yml/master?enable=pin
Warn: goCommand not pinned by hash: .github/workflows/release.yml:186
Warn: goCommand not pinned by hash: .github/workflows/test.yml:43
Warn: downloadThenRun not pinned by hash: .github/workflows/test.yml:49
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 third-party GitHubAction dependencies pinned
Info: 0 out of 2 goCommand dependencies pinned
Info: 0 out of 1 downloadThenRun dependencies pinned