Merge pull request #1356 from thewtex/security-action

thewtex · web-flow · commit 46883fe85971 · 2025-03-19T17:06:15.000-04:00
security action
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -1,8 +1,4 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
+name: Scorecard analysis workflow
 on:
   # For Branch-Protection check. Only the default branch is supported. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
@@ -32,7 +28,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
@@ -56,10 +52,11 @@ jobs:
           #     of the value entered here.
           publish_results: true
 
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
+      # Upload the results as artifacts (optional). Commenting out will disable
+      # uploads of run results in SARIF format to the repository Actions tab.
+      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: SARIF file
           path: results.sarif
@@ -68,6 +65,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           sarif_file: results.sarif
diff --git a/docs/introduction/parts.md b/docs/introduction/parts.md
@@ -68,7 +68,7 @@ The `itkwasm` Python package provides:
 2. A bridge to NumPy and ITK
 3. A plugin system for accelerator packages
 
-Both system execution and browser execution are supported, with the latter enabled by [Pyodide](https://pyodide.org).
+Both system execution and browser execution are supported, with the former enabled by [wasmtime-py](https://github.com/bytecodealliance/wasmtime-py) and latter enabled by [Pyodide](https://pyodide.org).
 
 (cxx-core)=
 ## 🧑‍💻 C++ core
@@ -122,4 +122,4 @@ These images include not only the CMake pre-configured toolchains, but pre-built
 [`itkwasm/wasi`]: https://hub.docker.com/r/itkwasm/wasi
 [Web3]: https://en.wikipedia.org/wiki/Web3
 [dockcross]: https://github.com/dockcross/dockcross
-[CMake]: https://cmake.org
+[CMake]: https://cmake.org
