From 4fd3f21dec16ff633b33c4e45254423ad200eca6 Mon Sep 17 00:00:00 2001
From: Daan Timmer <8293597+daantimmer@users.noreply.github.com>
Date: Tue, 19 Aug 2025 13:34:24 +0200
Subject: [PATCH] pin actions/cache to a full-length commit SHA

As per https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions it is recommended to pin actions to sha's instead of versions to increase security.
---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 39b39f2..2752f5d 100644
--- a/action.yml
+++ b/action.yml
@@ -33,7 +33,7 @@ runs:
         INPUT_SCANNERVERSION: ${{ inputs.scannerVersion }}
     - name: Load Sonar Scanner CLI from cache
       id: sonar-scanner-cli
-      uses: actions/cache@v4
+      uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4
       env:
         # The default value is 60mins. Reaching timeout is treated the same as a cache miss.
         SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1