Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/answered.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/answered.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto_author_assign.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/auto_author_assign.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-report.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark-report.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark-report.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/benchmark.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-i18n.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-i18n.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-i18n.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-i18n.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/check-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/docker-test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/enforce-label.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/enforce-label.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata-update.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata-update.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata-update.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata-update.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata-update.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata-update.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata-update.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata-update.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/galata.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/galata.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/galata.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-header.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/license-header.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxjs-tests.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxjs-tests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxjs-tests.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxjs-tests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linuxtests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/linuxtests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/lock.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macostests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/macostests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/macostests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/macostests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prep-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/prep-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/prep-release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/prep-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-changelog.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-changelog.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-changelog.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-changelog.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-changelog.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-changelog.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/publish-release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reject-staging-changes.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/reject-staging-changes.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/reject-staging-changes.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/reject-staging-changes.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windowstests.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/windowstests.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/windowstests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/jupyterlab/jupyterlab/windowstests.yml/main?enable=pin
Warn: containerImage not pinned by hash: docker/Dockerfile:4
Warn: containerImage not pinned by hash: docker/Dockerfile:50
Warn: pipCommand not pinned by hash: binder/postBuild:23
Warn: pipCommand not pinned by hash: scripts/ci_install.sh:30
Warn: pipCommand not pinned by hash: scripts/ci_install.sh:33
Warn: pipCommand not pinned by hash: scripts/ci_install.sh:33
Warn: pipCommand not pinned by hash: scripts/ci_install.sh:39
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:50
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:105
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:233
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:235
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:237
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:282
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:397
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:421
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:445
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:456
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:457
Warn: pipCommand not pinned by hash: scripts/ci_script.sh:471
Warn: pipCommand not pinned by hash: scripts/release_prep.sh:25
Warn: pipCommand not pinned by hash: scripts/release_test.sh:21
Warn: pipCommand not pinned by hash: scripts/release_test.sh:45
Warn: pipCommand not pinned by hash: .github/workflows/check-i18n.yml:18
Warn: pipCommand not pinned by hash: .github/workflows/galata-update.yml:201
Warn: pipCommand not pinned by hash: .github/workflows/galata.yml:135
Warn: pipCommand not pinned by hash: .github/workflows/linuxtests.yml:112
Warn: pipCommand not pinned by hash: .github/workflows/linuxtests.yml:136
Warn: pipCommand not pinned by hash: .github/workflows/linuxtests.yml:137
Info: 0 out of 41 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 35 third-party GitHubAction dependencies pinned
Info: 0 out of 2 containerImage dependencies pinned
Info: 0 out of 26 pipCommand dependencies pinned