Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/pull_request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/pull_request.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/push.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/graphql-kit/graphql-voyager/scorecard.yml/main?enable=pin
Warn: containerImage not pinned by hash: example/express-server/Dockerfile:3: pin your Docker image by updating node:20 to node:20@sha256:4f8a144afc2dd9d7145b4847e6d4c04ffc7eacff500610a53cf81bb86d1c1bd1
Warn: containerImage not pinned by hash: example/webpack/Dockerfile:3: pin your Docker image by updating node:20 to node:20@sha256:4f8a144afc2dd9d7145b4847e6d4c04ffc7eacff500610a53cf81bb86d1c1bd1
Warn: containerImage not pinned by hash: tests/Dockerfile:3: pin your Docker image by updating mcr.microsoft.com/playwright:v1.47.2 to mcr.microsoft.com/playwright:v1.47.2@sha256:f640d04686ef8fcca228955dc73f36b86ccd2228eda488fb2b32f3f037639f09
Warn: containerImage not pinned by hash: worker/Dockerfile:3: pin your Docker image by updating emscripten/emsdk:3.1.35 to emscripten/emsdk:3.1.35@sha256:4a3bb630cba91d59fc434a38e3025b447d3c07e52bc20c5b3297540df29039ca
Warn: npmCommand not pinned by hash: example/express-server/Dockerfile:12
Warn: npmCommand not pinned by hash: example/webpack/Dockerfile:12
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:121
Info: 2 out of 29 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 2 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned
Info: 7 out of 10 npmCommand dependencies pinned