aria-at icon indicating copy to clipboard operation
aria-at copied to clipboard

Published 20 hours ago verified publisher icon w3c

ci: pin GitHub Actions to SHAs

Open nschonni opened this issue 7 months ago • 1 comments

Preview Tests

There was a ecosystem issue by tj-actions the other week which caused secrets to be spilled from CI logs. That action didn't affect this repo, but since it is part of the recommended hardening, I run npx pin-github-action .github/workflows/ to pin them. Dependabot should still create PRs to bump them as needed

nschonni avatar Mar 24 '25 00:03 nschonni

@nschonni very interesting! I had only seen this notice in passing but didn't check further.

Thanks for sharing this. As stated, this repo doesn't seem affected but will monitor the discourse around it and see if we should move this forward (or in any other repos, ha)

howard-e avatar Mar 27 '25 15:03 howard-e