From fe11d2dc5e0d23336ae79f326cfbdc46a44ab925 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Nov 2024 07:12:50 -0600
Subject: [PATCH 01/11] chore(deps): Bump dcarbone/install-jq-action from 2.1.0
 to 3.0.1 (#794)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/flow-publish-release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index 97da8d6b..916031f9 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -56,7 +56,7 @@ jobs:
           echo "::endgroup::"
 
       - name: Setup JQ
-        uses: dcarbone/install-jq-action@8867ddb4788346d7c22b72ea2e2ffe4d514c7bcb # v2.1.0
+        uses: dcarbone/install-jq-action@e397bd87438d72198f81efd21f876461183d383a # v3.0.1
         with:
           version: 1.7
 

From 22d934362ba313decf4b4902d8d424043f52997f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:45:39 -0600
Subject: [PATCH 02/11] chore(deps): Bump codecov/codecov-action from 4.3.0 to
 5.0.4 (#798)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/zxc-analyze-snap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index d782d41c..7389b1d1 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -80,7 +80,7 @@ jobs:
           files: "packages/${{ inputs.snap-package-dir }}/**/junit-snap.xml"
 
       - name: Publish Coverage to CodeCov
-        uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+        uses: codecov/codecov-action@985343d70564a82044c1b7fcb84c2fa05405c1a2 # v5.0.4
         with:
           token: ${{ secrets.codecov-token }}
           slug: hashgraph/hedera-metamask-snaps

From 7e638cadedc9a720354c1ff8ebec1ca30a40130c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:47:10 -0600
Subject: [PATCH 03/11] chore(deps): Bump step-security/harden-runner from
 2.10.1 to 2.10.2 (#796)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/flow-publish-release.yaml | 6 +++---
 .github/workflows/zxc-analyze-snap.yaml     | 2 +-
 .github/workflows/zxc-lint-snap.yaml        | 2 +-
 .github/workflows/zxc-test-snap.yaml        | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index 916031f9..40191389 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -33,7 +33,7 @@ jobs:
       prerelease: ${{ steps.tag.outputs.prerelease }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
@@ -106,7 +106,7 @@ jobs:
         working-directory: "./packages/${{ github.event.inputs.snap-package-dir }}/packages/snap"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
@@ -141,7 +141,7 @@ jobs:
     if: ${{ github.actor == 'NanaEC' || github.actor == 'nathanklick' || github.actor == 'kpachhai' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index 7389b1d1..6c825da4 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -45,7 +45,7 @@ jobs:
     runs-on: smart-contracts-linux-medium
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
           disable-sudo: true
diff --git a/.github/workflows/zxc-lint-snap.yaml b/.github/workflows/zxc-lint-snap.yaml
index ad36b293..05d4c502 100644
--- a/.github/workflows/zxc-lint-snap.yaml
+++ b/.github/workflows/zxc-lint-snap.yaml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
           disable-sudo: true
diff --git a/.github/workflows/zxc-test-snap.yaml b/.github/workflows/zxc-test-snap.yaml
index ed6ed27b..4077a75d 100644
--- a/.github/workflows/zxc-test-snap.yaml
+++ b/.github/workflows/zxc-test-snap.yaml
@@ -34,7 +34,7 @@ jobs:
     runs-on: smart-contracts-linux-medium
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
           disable-sudo: true

From 218ab74b95313637a5e70fe15950c9886a0123eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:47:28 -0600
Subject: [PATCH 04/11] chore(deps): Bump actions/checkout from 4.1.7 to 4.2.2
 (#766)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/flow-publish-release.yaml | 6 +++---
 .github/workflows/zxc-analyze-snap.yaml     | 2 +-
 .github/workflows/zxc-lint-snap.yaml        | 2 +-
 .github/workflows/zxc-test-snap.yaml        | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index 40191389..bfd6881e 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -38,7 +38,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.tag || '' }}
           fetch-depth: 0
@@ -111,7 +111,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.tag || '' }}
 
@@ -146,7 +146,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.tag || '' }}
 
diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index 6c825da4..bbb8b45e 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -51,7 +51,7 @@ jobs:
           disable-sudo: true
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
diff --git a/.github/workflows/zxc-lint-snap.yaml b/.github/workflows/zxc-lint-snap.yaml
index 05d4c502..7ab32311 100644
--- a/.github/workflows/zxc-lint-snap.yaml
+++ b/.github/workflows/zxc-lint-snap.yaml
@@ -36,7 +36,7 @@ jobs:
           disable-sudo: true
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
diff --git a/.github/workflows/zxc-test-snap.yaml b/.github/workflows/zxc-test-snap.yaml
index 4077a75d..cbbd9b35 100644
--- a/.github/workflows/zxc-test-snap.yaml
+++ b/.github/workflows/zxc-test-snap.yaml
@@ -40,7 +40,7 @@ jobs:
           disable-sudo: true
 
       - name: Checkout Code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

From 7051b880c226b954f0f9478217c6b25418da59e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:47:47 -0600
Subject: [PATCH 05/11] chore(deps): Bump actions/cache from 4.0.2 to 4.1.2
 (#762)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/zxc-lint-snap.yaml | 4 ++--
 .github/workflows/zxc-test-snap.yaml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/zxc-lint-snap.yaml b/.github/workflows/zxc-lint-snap.yaml
index 7ab32311..e5889c95 100644
--- a/.github/workflows/zxc-lint-snap.yaml
+++ b/.github/workflows/zxc-lint-snap.yaml
@@ -47,7 +47,7 @@ jobs:
         run: npm install -g corepack && corepack enable
 
       - name: Yarn Cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: ${{ env.PROJECT_DIRECTORY }}/.yarn/cache
           key: yarn-cache-${{ runner.os }}-${{ runner.arch }}-${{ inputs.snap-package-dir }}-${{ hashFiles(format('packages/{0}/yarn.lock', inputs.snap-package-dir)) }}
@@ -56,7 +56,7 @@ jobs:
             yarn-cache-${{ runner.os }}-${{ inputs.snap-package-dir }}-
 
       - name: Node Modules Cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: |
             ${{ env.PROJECT_DIRECTORY }}/node_modules
diff --git a/.github/workflows/zxc-test-snap.yaml b/.github/workflows/zxc-test-snap.yaml
index cbbd9b35..fb5a0005 100644
--- a/.github/workflows/zxc-test-snap.yaml
+++ b/.github/workflows/zxc-test-snap.yaml
@@ -51,7 +51,7 @@ jobs:
         run: npm install -g corepack && corepack enable
 
       - name: Yarn Cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: ${{ env.PROJECT_DIRECTORY }}/.yarn/cache
           key: yarn-cache-${{ runner.os }}-${{ runner.arch }}-${{ inputs.snap-package-dir }}-${{ hashFiles(format('packages/{0}/yarn.lock', inputs.snap-package-dir)) }}
@@ -60,7 +60,7 @@ jobs:
             yarn-cache-${{ runner.os }}-${{ inputs.snap-package-dir }}-
 
       - name: Node Modules Cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: |
             ${{ env.PROJECT_DIRECTORY }}/node_modules

From 75f92f49aa326441780294ed59fc5ec190bef33c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:48:09 -0600
Subject: [PATCH 06/11] chore(deps): Bump actions/upload-artifact from 4.4.2 to
 4.4.3 (#729)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/zxc-test-snap.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/zxc-test-snap.yaml b/.github/workflows/zxc-test-snap.yaml
index fb5a0005..aa9d8daf 100644
--- a/.github/workflows/zxc-test-snap.yaml
+++ b/.github/workflows/zxc-test-snap.yaml
@@ -80,13 +80,13 @@ jobs:
         run: yarn test
 
       - name: Publish Snap Unit Test Reports
-        uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ inputs.snap-report-name }} Unit Test Reports
           path: ${{ env.SNAP_DIRECTORY }}/junit*.xml
 
       - name: Publish Snap Coverage Reports
-        uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ inputs.snap-report-name }} Coverage Reports
           path: ${{ env.SNAP_DIRECTORY }}/coverage

From 0720eec0d22e25a5893f0576c17be1f56f1b61de Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 02:48:28 -0600
Subject: [PATCH 07/11] chore(deps): Bump pnpm/action-setup from 3.0.0 to 4.0.0
 (#363)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/flow-publish-release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index bfd6881e..53c69248 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -151,7 +151,7 @@ jobs:
           ref: ${{ github.event.inputs.tag || '' }}
 
       - name: Install PNPM
-        uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
+        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
         with:
           version: 8.10.0
 

From 20ee6d1ae96b5bf7d357afcbff0099bf54809332 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:31:39 -0600
Subject: [PATCH 08/11] chore(deps): Bump actions/setup-node from 4.0.2 to
 4.1.0 (#770)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/flow-publish-release.yaml | 4 ++--
 .github/workflows/zxc-analyze-snap.yaml     | 2 +-
 .github/workflows/zxc-lint-snap.yaml        | 2 +-
 .github/workflows/zxc-test-snap.yaml        | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index 53c69248..a9da49f0 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -116,7 +116,7 @@ jobs:
           ref: ${{ github.event.inputs.tag || '' }}
 
       - name: Setup Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 18
 
@@ -156,7 +156,7 @@ jobs:
           version: 8.10.0
 
       - name: Setup Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 18
 
diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index bbb8b45e..0355ad2a 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -54,7 +54,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 20
 
diff --git a/.github/workflows/zxc-lint-snap.yaml b/.github/workflows/zxc-lint-snap.yaml
index e5889c95..af5a609c 100644
--- a/.github/workflows/zxc-lint-snap.yaml
+++ b/.github/workflows/zxc-lint-snap.yaml
@@ -39,7 +39,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 18
 
diff --git a/.github/workflows/zxc-test-snap.yaml b/.github/workflows/zxc-test-snap.yaml
index aa9d8daf..32ccebb9 100644
--- a/.github/workflows/zxc-test-snap.yaml
+++ b/.github/workflows/zxc-test-snap.yaml
@@ -43,7 +43,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Node
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: 18
 

From c8e94d681c071b5b9a26e717cc34b13cd47163e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Nov 2024 09:14:21 -0600
Subject: [PATCH 09/11] chore(deps): Bump codecov/codecov-action from 5.0.4 to
 5.0.7 (#804)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/zxc-analyze-snap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index 0355ad2a..02fcb170 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -80,7 +80,7 @@ jobs:
           files: "packages/${{ inputs.snap-package-dir }}/**/junit-snap.xml"
 
       - name: Publish Coverage to CodeCov
-        uses: codecov/codecov-action@985343d70564a82044c1b7fcb84c2fa05405c1a2 # v5.0.4
+        uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
         with:
           token: ${{ secrets.codecov-token }}
           slug: hashgraph/hedera-metamask-snaps

From 865076c5610f20f22fcc0b4658b96fc9fe184f57 Mon Sep 17 00:00:00 2001
From: Pavel Borisov <37436896+PavelSBorisov@users.noreply.github.com>
Date: Mon, 2 Dec 2024 12:02:30 +0200
Subject: [PATCH 10/11] chore: replace pnpm/action-setup with a step-security
 maintained one (#822)

Signed-off-by: PavelSBorisov <pavel.s.borisov@gmail.com>
---
 .github/workflows/flow-publish-release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/flow-publish-release.yaml b/.github/workflows/flow-publish-release.yaml
index a9da49f0..4db058ff 100644
--- a/.github/workflows/flow-publish-release.yaml
+++ b/.github/workflows/flow-publish-release.yaml
@@ -151,7 +151,7 @@ jobs:
           ref: ${{ github.event.inputs.tag || '' }}
 
       - name: Install PNPM
-        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
+        uses: step-security/action-setup@303e8a1dabc4295b9b4ca0f4198fd42f7861406e # v4.0.0
         with:
           version: 8.10.0
 

From f8a95841090da126e88605b88235494cba9544d2 Mon Sep 17 00:00:00 2001
From: Mihail Mihov <mihail.mihov@limechain.tech>
Date: Tue, 3 Dec 2024 17:03:14 +0200
Subject: [PATCH 11/11] ci: Downgrade codecov-action to a stable version (#826)

Signed-off-by: Mihail Mihov <mihail.mihov@limechain.tech>
---
 .github/workflows/zxc-analyze-snap.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/zxc-analyze-snap.yaml b/.github/workflows/zxc-analyze-snap.yaml
index 02fcb170..07964d98 100644
--- a/.github/workflows/zxc-analyze-snap.yaml
+++ b/.github/workflows/zxc-analyze-snap.yaml
@@ -80,7 +80,7 @@ jobs:
           files: "packages/${{ inputs.snap-package-dir }}/**/junit-snap.xml"
 
       - name: Publish Coverage to CodeCov
-        uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
+        uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
         with:
           token: ${{ secrets.codecov-token }}
           slug: hashgraph/hedera-metamask-snaps