pin gha (#60948)

* pin gha

* use detailed tag

* Update .github/workflows/backport.yml

Co-authored-by: Jeff Handley <[email protected]>

* Update .github/workflows/inter-branch-merge-flow.yml

Co-authored-by: Jeff Handley <[email protected]>

---------

Co-authored-by: Jeff Handley <[email protected]>

.github/workflows/backport.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   backport:
-    uses: dotnet/arcade/.github/workflows/backport-base.yml@main
+    uses: dotnet/arcade/.github/workflows/backport-base.yml@66269f6a88f6062f2cccf6eb84660a8a6f5cc5ec # 2025-01-13
     with:
       pr_description_template: |
         Backport of #%source_pr_number% to %target_branch%

.github/workflows/inter-branch-merge-flow.yml

@@ -10,4 +10,4 @@ permissions:
 
 jobs:
   Merge:
-    uses: dotnet/arcade/.github/workflows/inter-branch-merge-base.yml@main
+    uses: dotnet/arcade/.github/workflows/backport-base.yml@2e09b2a8a74223d25086d947e2d070827f6c556e# 2024-06-24

.github/workflows/locker.yml

@@ -23,7 +23,7 @@ jobs:
     if: ${{ github.repository_owner == 'dotnet' }}
     steps:
       - name: Checkout Actions
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: "microsoft/vscode-github-triage-actions"
           path: ./actions

.github/workflows/markdownlint.yml

@@ -16,9 +16,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Use Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
       with:
         node-version: 16.x
     - name: Run Markdownlint

.github/workflows/runtime-sync.yml

@@ -21,14 +21,14 @@ jobs:
     runs-on: windows-latest
     steps:
     - name: Checkout aspnetcore
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         # Test this script using changes in a fork
         repository: 'dotnet/aspnetcore'
         path: aspnetcore
         ref: main
     - name: Checkout runtime
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         # Test this script using changes in a fork
         repository: 'dotnet/runtime'
@@ -47,7 +47,7 @@ jobs:
         mkdir ..\artifacts
         git status > ..\artifacts\status.txt
         git diff > ..\artifacts\diff.txt
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
       with:
         name: results
         path: artifacts
@@ -64,7 +64,7 @@ jobs:
     - name: Send PR
       if: steps.check.outputs.sendpr == 'true'
       # https://github.com/marketplace/actions/create-pull-request
-      uses: dotnet/actions-create-pull-request@v4
+      uses: dotnet/actions-create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         path: .\aspnetcore

.github/workflows/update-jquery-validate.yml

@@ -16,10 +16,10 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: '20.x'
 
@@ -39,7 +39,7 @@ jobs:
         run: node update-jquery-validate.mjs
 
       - name: Create Pull Request
-        uses: dotnet/actions-create-pull-request@v4
+        uses: dotnet/actions-create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Update jquery.validate to ${{ env.JQUERY_VALIDATE_VERSION }}

.github/workflows/update-sdk.yml

@@ -19,7 +19,7 @@ jobs:
     name: Update .NET SDK
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - uses: martincostello/update-dotnet-sdk@76e2c0df2303d4f6a404228105ebb7d60ace0556 # v3.4.0
       with:
         quality: 'daily'

.github/workflows/update-selenium-and-playwright-dependencies.yml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Update dependencies
         run: pwsh eng/scripts/update-selenium-and-playwright-versions.ps1

.github/workflows/validate-npm-package-lock-json.yml

@@ -14,13 +14,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           submodules: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 20.x
 

src/submodules/googletest

@@ -1 +1 @@
-Subproject commit 4902ea2d7c6faed89b6facee00baa34bb108fc0d
+Subproject commit 2b6b042a77446ff322cd7522ca068d9f2a21c1d1