From 1897fa32516e20cb6835cc24faebf9a4a51eb8ad Mon Sep 17 00:00:00 2001
From: Travis Plunk <travis.plunk@microsoft.com>
Date: Wed, 15 Oct 2025 12:33:31 -0700
Subject: [PATCH] Cherry-pick PR #26193 with conflicts for manual resolution

---
 .github/workflows/AssignPrs.yml | 30 ------------------------------
 tools/download.sh               |  4 +++-
 tools/install-powershell.sh     |  6 ++++--
 3 files changed, 7 insertions(+), 33 deletions(-)
 delete mode 100644 .github/workflows/AssignPrs.yml

diff --git a/.github/workflows/AssignPrs.yml b/.github/workflows/AssignPrs.yml
deleted file mode 100644
index a01c0bb0950..00000000000
--- a/.github/workflows/AssignPrs.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-name: Auto Assign PR Maintainer
-on:
-  issues:
-    types: [opened, edited]
-permissions:
-  contents: read
-
-jobs:
-  run:
-    if: github.repository_owner == 'PowerShell'
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - uses: wow-actions/auto-assign@67fafa03df61d7e5f201734a2fa60d1ab111880d # v3.0.2
-        if: github.event.issue.pull_request
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # using the `org/team_slug` or `/team_slug` syntax to add git team as reviewers
-          assignees: |
-            TravisEz13
-            daxian-dbw
-            adityapatwardhan
-            iSazonov
-            SeeminglyScience
-          skipDraft: true
-          skipKeywords: wip, draft
-          addReviewers: false
-          numberOfAssignees: 1
diff --git a/tools/download.sh b/tools/download.sh
index 6a6c6436b4b..f1e8c42cdc3 100644
--- a/tools/download.sh
+++ b/tools/download.sh
@@ -1 +1,3 @@
-bash <(curl -s https://raw.githubusercontent.com/PowerShell/PowerShell/master/tools/install-powershell.sh)
+# Pin to specific commit for security (OpenSSF Scorecard requirement)
+# Pinned commit: 26bb188c8 - "Improve ValidateLength error message consistency and refactor validation tests" (2025-10-12)
+bash <(curl -s https://raw.githubusercontent.com/PowerShell/PowerShell/26bb188c8be0cda6cb548ce1a12840ebf67e1331/tools/install-powershell.sh)
diff --git a/tools/install-powershell.sh b/tools/install-powershell.sh
index dbe9206c460..1aed33da16b 100755
--- a/tools/install-powershell.sh
+++ b/tools/install-powershell.sh
@@ -26,7 +26,9 @@ install(){
     #gitrepo paths are overrideable to run from your own fork or branch for testing or private distribution
 
     local VERSION="1.2.0"
-    local gitreposubpath="PowerShell/PowerShell/master"
+    # Pin to specific commit for security (OpenSSF Scorecard requirement)
+    # Pinned commit: 26bb188c8 - "Improve ValidateLength error message consistency and refactor validation tests" (2025-10-12)
+    local gitreposubpath="PowerShell/PowerShell/26bb188c8be0cda6cb548ce1a12840ebf67e1331"
     local gitreposcriptroot="https://raw.githubusercontent.com/$gitreposubpath/tools"
     local gitscriptname="install-powershell.psh"
 
@@ -121,7 +123,7 @@ install(){
 			if [[ $osname = *SUSE* ]]; then
 				DistroBasedOn='suse'
 				REV=$(source /etc/os-release; echo $VERSION_ID)
-			fi			
+			fi
             OS=$(lowercase $OS)
             DistroBasedOn=$(lowercase $DistroBasedOn)
         fi