From 2f8aa08da53ab98bcb7cda17dc435ca2c882050d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristi=C3=A1n=20Maureira-Fredes?=
 <Cristian.Maureira-Fredes@qt.io>
Date: Sat, 15 Mar 2025 10:25:26 +0100
Subject: [PATCH] Pin hash to a previous version in order to avoid the exploit

This uses another version (v44) where I could find the hash
(we currently used v45).

In summary, the repo got compromised and all the tags versions
point to a malicius commit that includes a function to expose
the secrets on the github action logs, so people can fetch them.
---
 .github/workflows/main.yml       | 2 +-
 .github/workflows/pr-comment.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1c519fb344..f727f72190 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -52,7 +52,7 @@ jobs:
       - name: Obtiene la lista de archivos .po con cambios (sólo en PRs)
         if: github.event_name == 'pull_request'
         id: changed-po-files
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b
         with:
           files: |
              **/*.po
diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml
index f66cf799c9..659a83cf08 100644
--- a/.github/workflows/pr-comment.yml
+++ b/.github/workflows/pr-comment.yml
@@ -37,7 +37,7 @@ jobs:
           python -m pip install -r base-branch/requirements-own.txt
       - name: Obtiene lista de archivos con cambios
         id: changed-files
-        uses: tj-actions/changed-files@v45
+        uses: tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b
         with:
           files: |
             **/*.po