From 0538038bed797f2d933efd0fd1b7b473952dc01a Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 2 Mar 2024 07:31:16 +0800
Subject: [PATCH] fix(vyos-build): unpin actions remove commit spam lol if
 these official actions have supply chain issues a lot more people are fucked
 than my VyOS build workflow

---
 .github/workflows/vyos-build.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vyos-build.yaml b/.github/workflows/vyos-build.yaml
index 6059b06a..2a1f1666 100644
--- a/.github/workflows/vyos-build.yaml
+++ b/.github/workflows/vyos-build.yaml
@@ -49,14 +49,14 @@ jobs:
           echo "VYOS_VERSION=${{ github.event.inputs.version || env.VYOS_VERSION }}" >> "${GITHUB_ENV}"
 
       - name: "Generate Short Lived OAuth App Token (ghs_*)"
-        uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
+        uses: actions/create-github-app-token@v1
         id: oauth-token
         with:
           app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page
           private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v4
         with:
           token: "${{ steps.oauth-token.outputs.token }}"