Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f598fe1

Browse filesBrowse files
aduh95danielleadams
aduh95
authored and
danielleadams
committed
tools: use hashes instead of tags for external actions (#43284)
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
1 parent f3188c1 commit f598fe1
Copy full SHA for f598fe1

File tree

Expand file treeCollapse file tree

7 files changed

+17
-7
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

7 files changed

+17
-7
lines changed
Open diff view settings
Collapse file

‎.github/workflows/authors.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/authors.yml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,9 @@ jobs:
1616
fetch-depth: '0' # This is required to actually get all the authors
1717
persist-credentials: false
1818
- run: tools/update-authors.mjs # Run the AUTHORS tool
19-
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
19+
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
20+
# Creates a PR or update the Action's existing PR, or
21+
# no-op if the base branch is already up-to-date.
2022
env:
2123
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
2224
with:
Collapse file

‎.github/workflows/find-inactive-collaborators.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/find-inactive-collaborators.yml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,9 @@ jobs:
3030
run: tools/find-inactive-collaborators.mjs
3131

3232
- name: Open pull request
33-
uses: gr2m/create-or-update-pull-request-action@v1
33+
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
34+
# Creates a PR or update the Action's existing PR, or
35+
# no-op if the base branch is already up-to-date.
3436
env:
3537
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
3638
with:
Collapse file

‎.github/workflows/find-inactive-tsc.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/find-inactive-tsc.yml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,9 @@ jobs:
3939
run: tools/find-inactive-tsc.mjs >> $GITHUB_ENV
4040

4141
- name: Open pull request
42-
uses: gr2m/create-or-update-pull-request-action@v1
42+
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
43+
# Creates a PR or update the Action's existing PR, or
44+
# no-op if the base branch is already up-to-date.
4345
env:
4446
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
4547
with:
Collapse file

‎.github/workflows/license-builder.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/license-builder.yml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@ jobs:
1515
with:
1616
persist-credentials: false
1717
- run: ./tools/license-builder.sh # Run the license builder tool
18-
- uses: gr2m/create-or-update-pull-request-action@v1.x # Create a PR or update the Action's existing PR
18+
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
19+
# Creates a PR or update the Action's existing PR, or
20+
# no-op if the base branch is already up-to-date.
1921
env:
2022
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2123
with:
Collapse file

‎.github/workflows/linters.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/linters.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -164,7 +164,7 @@ jobs:
164164
- uses: actions/checkout@v3
165165
with:
166166
persist-credentials: false
167-
- uses: mszostok/codeowners-validator@v0.6.0
167+
- uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f
168168
with:
169169
checks: files,duppatterns
170170
lint-pr-url:
Collapse file

‎.github/workflows/notify-force-push.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/notify-force-push.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
runs-on: ubuntu-latest
1313
steps:
1414
- name: Slack Notification
15-
uses: rtCamp/action-slack-notify@master
15+
uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
1616
env:
1717
SLACK_COLOR: '#DE512A'
1818
SLACK_ICON: https://github.com/nodejs.png?size=48
Collapse file

‎.github/workflows/tools.yml‎

Copy file name to clipboardExpand all lines: .github/workflows/tools.yml
+3-1Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,9 @@ jobs:
8080
with:
8181
persist-credentials: false
8282
- run: ${{ matrix.run }}
83-
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
83+
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
84+
# Creates a PR or update the Action's existing PR, or
85+
# no-op if the base branch is already up-to-date.
8486
env:
8587
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
8688
with:

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.