Merge pull request #13 from step-security-bot/stepsecurity_remediation_1742395475

CI/CD Hardening: Fixing StepSecurity Flagged Issues

Author: areyou1or0

.github/workflows/pytest.yml

@@ -2,6 +2,9 @@ name: Python package
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   build:
 
@@ -11,9 +14,14 @@ jobs:
         python-version: ["3.9", "3.10", "3.11", "3.12"]
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies