Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:621: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:625: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:648: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:377: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:397: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:549: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:565: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:457: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:469: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:485: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_deploy.yml:593: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_deploy.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:545: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_and_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_reusable.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/build_reusable.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cancel.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/cancel.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/code_freeze.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/code_freeze.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/graphite_ci_optimizer.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/graphite_ci_optimizer.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_bankrupt.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_bankrupt.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue_lock.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_lock.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_stale.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_stale.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_version.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/issue_version.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify_release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/notify_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/popular.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/popular.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request_stats.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/pull_request_stats.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_deploy_test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_deploy_test.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/retry_test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/retry_test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/setup-nextjs-build.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/setup-nextjs-build.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-turbopack-rust-bench-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test-turbopack-rust-bench-test.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_e2e_deploy_release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_e2e_deploy_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test_examples.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/test_examples.yml/canary?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/triage.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/triage_with_ai.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/triage_with_ai.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger_release.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/trigger_release.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-build-integration-tests.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-build-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-nextjs-dev-integration-tests.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-nextjs-dev-integration-tests.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-update-tests-manifest.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-update-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-upload-tests-manifest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-upload-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/turbopack-upload-tests-manifest.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/turbopack-upload-tests-manifest.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_fonts_data.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_fonts_data.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_react.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vercel/next.js/update_react.yml/canary?enable=pin
Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5
Warn: containerImage not pinned by hash: .devcontainer/base.Dockerfile:5
Warn: containerImage not pinned by hash: .github/actions/next-stats-action/Dockerfile:3: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/dev.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod-without-multistage.Dockerfile:3: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:3
Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:6
Warn: containerImage not pinned by hash: examples/with-docker-compose/next-app/prod.Dockerfile:48
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:3
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:6
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:22
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/development/Dockerfile:31
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:3
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:6
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:23
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/production/Dockerfile:32
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:3
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:6
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:23
Warn: containerImage not pinned by hash: examples/with-docker-multi-env/docker/staging/Dockerfile:32
Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:3
Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:6
Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:22
Warn: containerImage not pinned by hash: examples/with-docker/Dockerfile:40
Warn: npmCommand not pinned by hash: .devcontainer/base.Dockerfile:22-47
Warn: downloadThenRun not pinned by hash: .github/actions/next-stats-action/Dockerfile:14
Warn: downloadThenRun not pinned by hash: scripts/setup-node.sh:5
Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:598
Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:409
Warn: downloadThenRun not pinned by hash: .github/workflows/build_and_deploy.yml:412
Warn: npmCommand not pinned by hash: .github/workflows/build_and_deploy.yml:542
Warn: npmCommand not pinned by hash: .github/workflows/build_reusable.yml:141
Warn: downloadThenRun not pinned by hash: .github/workflows/setup-nextjs-build.yml:108
Info: 0 out of 103 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 24 containerImage dependencies pinned
Info: 7 out of 12 npmCommand dependencies pinned
Info: 0 out of 4 downloadThenRun dependencies pinned