Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump-auxiliary-packages.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/bump-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-auxiliary-packages.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/bump-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-auxiliary-packages.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/bump-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/codeql.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/codeql.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cron-tasks.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/cron-tasks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-tasks.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/cron-tasks.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cron-tasks.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/cron-tasks.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/merge-release-tag.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/merge-release-tag.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/merge-release-tag.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/merge-release-tag.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-auxiliary-packages.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/publish-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-auxiliary-packages.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/publish-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-auxiliary-packages.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/publish-auxiliary-packages.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/smoke-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/smoke-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cta.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-cta.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cta.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-cta.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cta.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-cta.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-node-js.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-node-js.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-node-js.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-node-js.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-node-js.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mongodb-js/mongosh/update-node-js.yaml/main?enable=pin
Warn: containerImage not pinned by hash: packages/connectivity-tests/test/kerberos/Dockerfile.node20:1: pin your Docker image by updating node:20 to node:20@sha256:ba077fe891ce516b24bdbbd66d27d1e8e8c5a6e6b31ec7e7e559b45c3fca0643
Warn: containerImage not pinned by hash: packages/connectivity-tests/test/kerberos/Dockerfile.rocky8:1: pin your Docker image by updating rockylinux:8 to rockylinux:8@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
Warn: containerImage not pinned by hash: packages/connectivity-tests/test/kerberos/Dockerfile.rocky9:1: pin your Docker image by updating rockylinux:9 to rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6
Warn: containerImage not pinned by hash: packages/connectivity-tests/test/kerberos/Dockerfile.ubuntu2004:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214
Warn: containerImage not pinned by hash: packages/connectivity-tests/test/kerberos/Dockerfile.ubuntu2204:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/amazonlinux2-rpm.Dockerfile:1: pin your Docker image by updating amazonlinux:2 to amazonlinux:2@sha256:6ecd5c3906b455d4099691f82a3807f5c9863204ac96594f3568668b07f7ed1c
Warn: containerImage not pinned by hash: scripts/docker/amazonlinux2023-rpm.Dockerfile:1: pin your Docker image by updating amazonlinux:2023 to amazonlinux:2023@sha256:54064c8f8487b81679fa8b8ddfc75a8eff98d85bdd07b6b2ce9ed7cc18754fb2
Warn: containerImage not pinned by hash: scripts/docker/centos7-epel-rpm.Dockerfile:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: containerImage not pinned by hash: scripts/docker/centos7-rpm.Dockerfile:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Warn: containerImage not pinned by hash: scripts/docker/debian10-deb.Dockerfile:1: pin your Docker image by updating debian:10 to debian:10@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225
Warn: containerImage not pinned by hash: scripts/docker/debian11-deb.Dockerfile:1: pin your Docker image by updating debian:11 to debian:11@sha256:0d3279ff38fb2024358b2f24fbb99122f9a9a40618bb526b614527e998bcda28
Warn: containerImage not pinned by hash: scripts/docker/debian12-deb.Dockerfile:1: pin your Docker image by updating debian:12 to debian:12@sha256:0d8498a0e9e6a60011df39aab78534cfe940785e7c59d19dfae1eb53ea59babe
Warn: containerImage not pinned by hash: scripts/docker/fedora34-rpm.Dockerfile:1: pin your Docker image by updating fedora:34 to fedora:34@sha256:55a74d948c47bb002edff3c7a9a7e864152c686d7c2dc8e3df1ac4d611a20898
Warn: containerImage not pinned by hash: scripts/docker/oraclelinux9-rpm.Dockerfile:1: pin your Docker image by updating oraclelinux:9 to oraclelinux:9@sha256:1c34cc9ccbbbab1d97f2552f5e0f77be7ce052d92e6f75404e37ee889cab78aa
Warn: containerImage not pinned by hash: scripts/docker/rocky8-epel-rpm.Dockerfile:1: pin your Docker image by updating rockylinux:8 to rockylinux:8@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
Warn: containerImage not pinned by hash: scripts/docker/rocky8-package.Dockerfile:1: pin your Docker image by updating rockylinux:8 to rockylinux:8@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
Warn: containerImage not pinned by hash: scripts/docker/rocky8-rpm.Dockerfile:1: pin your Docker image by updating rockylinux:8 to rockylinux:8@sha256:9794037624aaa6212aeada1d28861ef5e0a935adaf93e4ef79837119f2a2d04c
Warn: containerImage not pinned by hash: scripts/docker/rocky9-fips-rpm.Dockerfile:1: pin your Docker image by updating rockylinux:9 to rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6
Warn: containerImage not pinned by hash: scripts/docker/rocky9-rpm.Dockerfile:1: pin your Docker image by updating rockylinux:9 to rockylinux:9@sha256:d7be1c094cc5845ee815d4632fe377514ee6ebcf8efaed6892889657e5ddaaa6
Warn: containerImage not pinned by hash: scripts/docker/suse12-rpm.Dockerfile:1: pin your Docker image by updating registry.suse.com/suse/sles12sp5 to registry.suse.com/suse/sles12sp5@sha256:51280921c24d1aeb6fe2d396e92d43912ba5b03c006407de20ef21592425c21a
Warn: containerImage not pinned by hash: scripts/docker/suse15-rpm.Dockerfile:1: pin your Docker image by updating registry.suse.com/suse/sle15 to registry.suse.com/suse/sle15@sha256:8d6ab07de996bdc7e5ec4beb35109ca29d707a908c6e1a42d55e3e749df3fd84
Warn: containerImage not pinned by hash: scripts/docker/ubuntu-homebrew.Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214
Warn: containerImage not pinned by hash: scripts/docker/ubuntu18.04-deb.Dockerfile:1: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
Warn: containerImage not pinned by hash: scripts/docker/ubuntu20.04-deb.Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214
Warn: containerImage not pinned by hash: scripts/docker/ubuntu20.04-tgz.Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214
Warn: containerImage not pinned by hash: scripts/docker/ubuntu22.04-deb.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/ubuntu22.04-fips-deb.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/ubuntu22.04-nohome-deb.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/ubuntu22.04-qemu-deb.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/ubuntu22.04-xvfb.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee
Warn: containerImage not pinned by hash: scripts/docker/ubuntu24.04-deb.Dockerfile:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:b59d21599a2b151e23eea5f6602f4af4d7d31c4e236d22bf0b62b86d2e386b8f
Warn: downloadThenRun not pinned by hash: scripts/docker/rocky8-package.Dockerfile:10
Warn: npmCommand not pinned by hash: scripts/docker/rocky8-package.Dockerfile:12
Warn: npmCommand not pinned by hash: .evergreen/install-node.sh:11
Warn: downloadThenRun not pinned by hash: .evergreen/install-node.sh:19
Warn: npmCommand not pinned by hash: .evergreen/install-npm-deps.sh:21
Warn: npmCommand not pinned by hash: scripts/docker/build.sh:8
Warn: npmCommand not pinned by hash: testing/test-vscode.sh:15
Warn: npmCommand not pinned by hash: .github/workflows/bump-auxiliary-packages.yml:43
Warn: npmCommand not pinned by hash: .github/workflows/cron-tasks.yml:46
Warn: npmCommand not pinned by hash: .github/workflows/publish-auxiliary-packages.yml:54
Warn: npmCommand not pinned by hash: .github/workflows/smoke-tests.yml:34
Warn: npmCommand not pinned by hash: .github/workflows/update-node-js.yaml:36
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 5 out of 11 third-party GitHubAction dependencies pinned
Info: 8 out of 18 npmCommand dependencies pinned
Info: 0 out of 31 containerImage dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned