Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/android.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/android.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/android.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/android.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/android.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/android.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/android.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chrome.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/chrome.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/chrome.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/chrome.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/ios.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ios.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/ios.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/cordova-plugin-device-motion/lint.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/android.yml:125
Warn: npmCommand not pinned by hash: .github/workflows/android.yml:131
Warn: npmCommand not pinned by hash: .github/workflows/chrome.yml:60
Warn: npmCommand not pinned by hash: .github/workflows/chrome.yml:66
Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:84
Warn: npmCommand not pinned by hash: .github/workflows/ios.yml:90
Info: 0 out of 9 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 3 third-party GitHubAction dependencies pinned
Info: 4 out of 10 npmCommand dependencies pinned