From bb046b0700dd3724d3590051fd715dedbe1265d8 Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@git.wordpress.org>
Date: Tue, 2 Mar 2021 16:09:16 +0000
Subject: [PATCH] Build/Test Tools: Pin the `welcome-action` to a specific
 commit SHA.

Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input.

Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version.

Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur.

Props johnbillion.
See #52625.

git-svn-id: https://develop.svn.wordpress.org/trunk@50474 602fd350-edb4-49c9-b593-d223f7449a82
---
 .github/workflows/welcome-new-contributors.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/welcome-new-contributors.yml b/.github/workflows/welcome-new-contributors.yml
index 2522a5c4c2..366cf446e4 100644
--- a/.github/workflows/welcome-new-contributors.yml
+++ b/.github/workflows/welcome-new-contributors.yml
@@ -11,7 +11,7 @@ jobs:
     if: ${{ github.repository == 'WordPress/wordpress-develop' }}
 
     steps:
-      - uses: bubkoo/welcome-action@v1
+      - uses: bubkoo/welcome-action@8dbbac2540d155744c90e4e37da6b05ffc9c5e2c
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           FIRST_PR_COMMENT: >