From 4a1c553389a2fb9401673c1979322f3adb4e62b5 Mon Sep 17 00:00:00 2001
From: GaltRanch <bruno@nexocore.uy>
Date: Sun, 24 May 2026 12:00:31 -0300
Subject: [PATCH] ci: pin third-party Actions to commit SHAs (CWE-829)

Signed-off-by: GaltRanch <bruno@nexocore.uy>
---
 .github/workflows/mcdc.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/mcdc.yml b/.github/workflows/mcdc.yml
index 3b6931c1f..6dec2f8d3 100644
--- a/.github/workflows/mcdc.yml
+++ b/.github/workflows/mcdc.yml
@@ -146,7 +146,7 @@ jobs:
 
       - name: Download latest main branch artifact
         continue-on-error: true
-        uses: dawidd6/action-download-artifact@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: mcdc-internal.yml