Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/release-rc.yml:62
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-cutoff.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/changelog-cutoff.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-e2e.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/console-e2e.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-branch.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/create-release-branch.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/general.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/general.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/go.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-triage.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/issue-triage.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/js.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/js.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/js.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergeability.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/mergeability.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labels.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/pr-labels.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/proto.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-rc.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rc.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rc.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rc.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-rc.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-rc.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-rc.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-snapshot.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-snapshot.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tag.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tag.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-tag.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/TheThingsNetwork/lorawan-stack/release-tag.yml/v3.33?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:15: pin your Docker image by updating alpine:3.21 to alpine:3.21@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
Info: 0 out of 34 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 25 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned