From 56d9a440ab2f167e5dd8c73f43d0b3d155a45c9d Mon Sep 17 00:00:00 2001
From: Patrick Kaeding <pkaeding@launchdarkly.com>
Date: Mon, 23 Mar 2026 13:54:51 -0400
Subject: [PATCH] [SEC-7924] chore: pin third-party GitHub Actions to commit
 SHAs

Pin all third-party GitHub Actions to full-length commit SHAs to prevent
supply chain attacks. Addresses findings from the
third-party-action-not-pinned-to-commit-sha Semgrep rule.
---
 .github/actions/install-boost/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/install-boost/action.yml b/.github/actions/install-boost/action.yml
index 6f918936d..9ad0c4e14 100644
--- a/.github/actions/install-boost/action.yml
+++ b/.github/actions/install-boost/action.yml
@@ -22,7 +22,7 @@ runs:
   steps:
     - name: Install boost using action
       if: runner.os == 'Linux'
-      uses: MarkusJx/install-boost@v2.4.4
+      uses: MarkusJx/install-boost@3039450bb3dd2e8630d1cf10ec39cb1da3054bbd # v2.4.4
       id: boost-action
       with:
         boost_version: 1.81.0