Commit 0da00cf
authored
fix(ci): SHA-pin third-party GitHub Actions (#72)
Pin all third-party actions to their current commit SHA to prevent
tag-repoint attacks. Mutable tags (release/v1, v7, etc.) are kept as
trailing comments for readability and Dependabot version tracking.
Actions pinned:
.github/workflows/pypi-publish-on-release.yml1 parent 18b7cb6 commit 0da00cf
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
92 | 92 | | |
93 | 93 | | |
94 | 94 | | |
95 | | - | |
| 95 | + | |
0 commit comments