From 4da89bd99716bf6c1d7d788f3cdaec4cee7403e9 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 15 Mar 2025 14:25:01 +0800
Subject: [PATCH] fix(ci): pin tj-actions/changed-files due to compromise
 (#2874)

Ideally it's be swapped out for an alternative but for now this is to mitigate.
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 94904d0a1..d187cfe8c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -430,7 +430,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - uses: tj-actions/changed-files@v45
+      - uses: tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b # pin to v45.0.8 due to https://github.com/tj-actions/changed-files/issues/2463 https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
         id: changed-files
         with:
           json: true