chore(deps): pin dependencies

.github/actions/install/action.yml

@@ -4,7 +4,7 @@ description: Checkouts the repo and installs dependencies
 runs:
   using: 'composite'
   steps:
-    - uses: actions/setup-node@v4
+    - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4
       with:
         node-version: 18
 

.github/workflows/build.yml

@@ -10,14 +10,14 @@ jobs:
     steps:
       # Use GitHub App token as a workaround to allow bypassing branch-protection rules
       # https://github.com/orgs/community/discussions/13836#discussioncomment-8535364
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
         id: app-token
         with:
           app-id: ${{ vars.GH_TOKENS_APP_ID }}
           private-key: ${{ secrets.GH_TOKENS_APP_PRIVATE_KEY }}
 
       - name: checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0

.github/workflows/codeql-analysis.yml

@@ -25,11 +25,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3

.github/workflows/combine-prs.yml

@@ -46,7 +46,7 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
         id: create-combined-pr
         name: Create Combined PR
         with:

.github/workflows/edocs-dynamic-sync.yml

@@ -6,14 +6,14 @@ jobs:
     steps:
       # Use GitHub App token as a workaround to allow bypassing branch-protection rules
       # https://github.com/orgs/community/discussions/13836#discussioncomment-8535364
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
         id: app-token
         with:
           app-id: ${{ vars.GH_TOKENS_APP_ID }}
           private-key: ${{ secrets.GH_TOKENS_APP_PRIVATE_KEY }}
 
       - name: Checkout X mono-repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0
@@ -23,7 +23,7 @@ jobs:
         with:
           path: packages/x-components
       - name: Get branch name
-        uses: nelonoel/branch-name@v1.0.1
+        uses: nelonoel/branch-name@1ea5c86cb559a8c4e623da7f188496208232e49f # v1.0.1
       - name: Trigger eDocs repository action
         run: |
           curl --request POST \

.github/workflows/prepare-release.yml

@@ -4,12 +4,12 @@ jobs:
   prepare-release:
     runs-on: ubuntu-latest
     container:
-      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1
+      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1@sha256:78ca118a3ac93a551e43d6c6fe3e31e6f2f4bb034b56627be56005229bfc1790
       # https://github.com/cypress-io/github-action#firefox Cypress FF image needs this user permissions to be able to install dependencies
       options: --user 1001
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           fetch-depth: 0
 
@@ -31,7 +31,7 @@ jobs:
         run: pnpm run prepare-release:stable
 
       - name: create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
         with:
           token: ${{ github.token }}
           commit-message: "chore(release): prepare stable release"

.github/workflows/publish-release.yml

@@ -4,20 +4,20 @@ jobs:
   release:
     runs-on: ubuntu-latest
     container:
-      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1
+      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1@sha256:78ca118a3ac93a551e43d6c6fe3e31e6f2f4bb034b56627be56005229bfc1790
       # https://github.com/cypress-io/github-action#firefox Cypress FF image needs this user permissions to be able to install dependencies
       options: --user 1001
 
     steps:
       # Use GitHub App token as a workaround to allow bypassing branch-protection rules
       # https://github.com/orgs/community/discussions/13836#discussioncomment-8535364
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
         id: app-token
         with:
           app-id: ${{ vars.GH_TOKENS_APP_ID }}
           private-key: ${{ secrets.GH_TOKENS_APP_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0

.github/workflows/release-alpha.yml

@@ -10,21 +10,21 @@ jobs:
   release-alpha:
     runs-on: ubuntu-latest
     container:
-      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1
+      image: cypress/browsers:node-18.16.0-chrome-112.0.5615.121-1-ff-112.0.1-edge-112.0.1722.48-1@sha256:78ca118a3ac93a551e43d6c6fe3e31e6f2f4bb034b56627be56005229bfc1790
       # https://github.com/cypress-io/github-action#firefox Cypress FF image needs this user permissions to be able to install dependencies
       options: --user 1001
 
     steps:
       # Use GitHub App token as a workaround to allow bypassing branch-protection rules
       # https://github.com/orgs/community/discussions/13836#discussioncomment-8535364
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1
         id: app-token
         with:
           app-id: ${{ vars.GH_TOKENS_APP_ID }}
           private-key: ${{ secrets.GH_TOKENS_APP_PRIVATE_KEY }}
 
       - name: checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
         with:
           token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0

package.json

@@ -19,13 +19,13 @@
   "devDependencies": {
     "@empathyco/eslint-plugin-x": "file:packages/eslint-plugin-x",
     "colors": "1.4.0",
-    "conventional-changelog-conventionalcommits": "~5.0.0",
-    "cross-env": "~7.0.3",
-    "eslint": "~8.33.0",
-    "husky": "~8.0.3",
-    "lerna": "~6.6.0",
-    "lint-staged": "~13.3.0",
-    "prettier": "~2.8.3"
+    "conventional-changelog-conventionalcommits": "5.0.0",
+    "cross-env": "7.0.3",
+    "eslint": "8.33.0",
+    "husky": "8.0.3",
+    "lerna": "6.6.0",
+    "lint-staged": "13.3.0",
+    "prettier": "2.8.3"
   },
   "engines": {
     "node": ">=18",

packages/_vue3-migration-test/package.json

@@ -20,10 +20,10 @@
     "vuex": "4.0.2"
   },
   "devDependencies": {
-    "@vitejs/plugin-vue": "^5.0.4",
-    "@vue/runtime-dom": "^3.4.22",
-    "typescript": "~4.9.4",
-    "vite": "^4.5.0",
-    "vue-tsc": "^2.0.13"
+    "@vitejs/plugin-vue": "5.0.4",
+    "@vue/runtime-dom": "3.4.22",
+    "typescript": "4.9.4",
+    "vite": "4.5.0",
+    "vue-tsc": "2.0.13"
   }
 }

packages/deep-merge/package.json

@@ -42,12 +42,12 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "jest": "~27.5.0",
-    "rimraf": "~3.0.2",
-    "ts-jest": "~27.1.0",
-    "ts-node": "~10.9.1",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "jest": "27.5.0",
+    "rimraf": "3.0.2",
+    "ts-jest": "27.1.0",
+    "ts-node": "10.9.1",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/eslint-plugin-x/package.json

@@ -44,8 +44,8 @@
     "prettier-plugin-tailwindcss": "0.3.0"
   },
   "devDependencies": {
-    "eslint": "~8.32.0",
-    "prettier": "~2.8.3"
+    "eslint": "8.32.0",
+    "prettier": "2.8.3"
   },
   "peerDependencies": {
     "eslint": "~8.32.0",

packages/jest-utils/package.json

@@ -30,10 +30,10 @@
     "prepublishOnly": "pnpm run build"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "jest": "~27.5.0",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "jest": "27.5.0",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/logger/package.json

@@ -38,10 +38,10 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "jest": "~27.5.0",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "jest": "27.5.0",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/react-wrapper/package.json

@@ -46,19 +46,19 @@
     "vue": "^2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
+    "@types/jest": "27.5.0",
     "@types/react": "~16.9.0",
     "@types/react-dom": "~16.9.0",
-    "cypress": "~13.6.0",
-    "eslint-plugin-react": "~7.32.1",
-    "jest": "~27.5.0",
+    "cypress": "13.6.0",
+    "eslint-plugin-react": "7.32.1",
+    "jest": "27.5.0",
     "react": "~16.9.0",
     "react-dom": "~16.9.0",
-    "start-server-and-test": "~2.0.0",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4",
-    "vite": "~4.5.0",
-    "vue": "~2.7.14"
+    "start-server-and-test": "2.0.0",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4",
+    "vite": "4.5.0",
+    "vue": "2.7.14"
   },
   "publishConfig": {
     "access": "public"

packages/storage-service/package.json

@@ -44,10 +44,10 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "jest": "~27.5.0",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "jest": "27.5.0",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/x-adapter-platform/package.json

@@ -47,14 +47,14 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@microsoft/api-documenter": "~7.23.0",
-    "@microsoft/api-extractor": "~7.39.0",
-    "@types/jest": "~27.5.0",
-    "concurrently": "~8.2.0",
-    "jest": "~27.5.0",
-    "rimraf": "~3.0.2",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@microsoft/api-documenter": "7.23.12",
+    "@microsoft/api-extractor": "7.39.0",
+    "@types/jest": "27.5.0",
+    "concurrently": "8.2.0",
+    "jest": "27.5.0",
+    "rimraf": "3.0.2",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/x-adapter/package.json

@@ -42,12 +42,12 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "concurrently": "~8.2.0",
-    "jest": "~27.5.0",
-    "rimraf": "~3.0.2",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "concurrently": "8.2.0",
+    "jest": "27.5.0",
+    "rimraf": "3.0.2",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"

packages/x-archetype-utils/package.json

@@ -42,18 +42,18 @@
     "vue-i18n": "~8.28.2"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "@types/node": "~18.19.0",
+    "@types/jest": "27.5.0",
+    "@types/node": "18.19.3",
     "@vue/test-utils": "~1.0.3",
-    "jest": "~27.5.0",
-    "rimraf": "~3.0.2",
-    "rollup": "~4.9.1",
-    "rollup-plugin-copy": "~3.5.0",
-    "rollup-plugin-delete": "~2.0.0",
-    "rollup-plugin-typescript2": "~0.36.0",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4",
-    "vue": "~2.7.14"
+    "jest": "27.5.0",
+    "rimraf": "3.0.2",
+    "rollup": "4.9.1",
+    "rollup-plugin-copy": "3.5.0",
+    "rollup-plugin-delete": "2.0.0",
+    "rollup-plugin-typescript2": "0.36.0",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4",
+    "vue": "2.7.14"
   },
   "peerDependencies": {
     "vue": "^2.7.0",

packages/x-bus/package.json

@@ -45,12 +45,12 @@
     "tslib": "~2.6.0"
   },
   "devDependencies": {
-    "@types/jest": "~27.5.0",
-    "concurrently": "~8.2.0",
-    "jest": "~27.5.0",
-    "rimraf": "~3.0.2",
-    "ts-jest": "~27.1.0",
-    "typescript": "~4.9.4"
+    "@types/jest": "27.5.0",
+    "concurrently": "8.2.0",
+    "jest": "27.5.0",
+    "rimraf": "3.0.2",
+    "ts-jest": "27.1.0",
+    "typescript": "4.9.4"
   },
   "publishConfig": {
     "access": "public"