any-sync-node icon indicating copy to clipboard operation
any-sync-node copied to clipboard
verified publisher icon anyproto

Pin external actions for security

Open hellodword opened this issue 1 year ago • 0 comments

  • [x] I understand that contributing to this repository will require me to agree with the CLA

Description

Using the @master in GitHub Actions poses a security threat. There are actually more to consider, but it seems that fb929/github-action-fpm is maintained by an active developer of anyproto.

What type of PR is this? (check all applicable)

  • [ ] 🍕 Feature
  • [ ] 🐛 Bug Fix
  • [ ] 📝 Documentation Update
  • [ ] 🎨 Style
  • [ ] 🧑‍💻 Code Refactor
  • [ ] 🔥 Performance Improvements
  • [ ] ✅ Test
  • [ ] 🤖 Build
  • [x] 🔁 CI

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings

Added tests?

  • [ ] 👍 yes
  • [ ] 🙅 no, because they aren't needed
  • [ ] 🙋 no, because I need help

Added to documentation?

  • [ ] 📜 README.md
  • [ ] 📓 tech-docs
  • [ ] 🙅 no documentation needed

[optional] Are there any post-deployment tasks we need to perform?

hellodword avatar Jun 29 '24 12:06 hellodword