From 56fa64bef95d6e09cbd23708983ae4480506f5ec Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Feb 2026 16:31:09 +0000
Subject: [PATCH 1/4] Initial plan


From f14348cade8a196cb006ad2c65ef3789aa7e5ae8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Feb 2026 16:33:01 +0000
Subject: [PATCH 2/4] Replace peter-murray/workflow-application-token-action
 with actions/create-github-app-token@v2

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
---
 .github/workflows/pr-markdown.yml | 6 +++---
 .github/workflows/validate.yml    | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/pr-markdown.yml b/.github/workflows/pr-markdown.yml
index f4239994..3feacab3 100644
--- a/.github/workflows/pr-markdown.yml
+++ b/.github/workflows/pr-markdown.yml
@@ -16,10 +16,10 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 #v3.0.0
+        uses: actions/create-github-app-token@v2
         with:
-          application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
-          application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
+          app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
+          private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
 
       - name: Generate Markdown
         uses: advanced-security/secret-scanning-tools@v1
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index d806f48a..a717206e 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -20,10 +20,10 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 #v3.0.0
+        uses: actions/create-github-app-token@v2
         with:
-          application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
-          application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
+          app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
+          private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
 
       - name: Validate results against snapshot
         uses: advanced-security/secret-scanning-tools@v1

From 6351a68957e66be0cd03423443b80301ee9606ad Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Feb 2026 16:34:25 +0000
Subject: [PATCH 3/4] Pin action to specific commit SHA for security and
 reproducibility

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
---
 .github/workflows/pr-markdown.yml | 2 +-
 .github/workflows/validate.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-markdown.yml b/.github/workflows/pr-markdown.yml
index 3feacab3..a98e840c 100644
--- a/.github/workflows/pr-markdown.yml
+++ b/.github/workflows/pr-markdown.yml
@@ -16,7 +16,7 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@29824e64a8bfe573206ff59ef199e74d2aaf6ecf # v2.2.1
         with:
           app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index a717206e..d31dbf10 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -20,7 +20,7 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: actions/create-github-app-token@v2
+        uses: actions/create-github-app-token@29824e64a8bfe573206ff59ef199e74d2aaf6ecf # v2.2.1
         with:
           app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}

From cd0995618ce2ab8fd92826675f7f884d8dfc446b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Feb 2026 16:56:26 +0000
Subject: [PATCH 4/4] Use @v2 version reference for trusted GitHub action

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
---
 .github/workflows/pr-markdown.yml | 2 +-
 .github/workflows/validate.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-markdown.yml b/.github/workflows/pr-markdown.yml
index a98e840c..3feacab3 100644
--- a/.github/workflows/pr-markdown.yml
+++ b/.github/workflows/pr-markdown.yml
@@ -16,7 +16,7 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: actions/create-github-app-token@29824e64a8bfe573206ff59ef199e74d2aaf6ecf # v2.2.1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index d31dbf10..a717206e 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -20,7 +20,7 @@ jobs:
 
       - name: Get Token
         id: get_workflow_token
-        uses: actions/create-github-app-token@29824e64a8bfe573206ff59ef199e74d2aaf6ecf # v2.2.1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
           private-key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}