Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable renovate to pin Actions to sha1 and semver #175

Merged
merged 1 commit into from
Mar 17, 2025
Merged

Enable renovate to pin Actions to sha1 and semver #175

merged 1 commit into from
Mar 17, 2025

Conversation

dbast
Copy link
Contributor

@dbast dbast commented Mar 17, 2025

So e.g. actions/checkout@v4 is update to actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

For more context see:

Protects against attacks where version tags get mutated to point to malicious code to e.g. extract secrets via gh accounts be compromised.

@dbast
Enable renovate to pin Actions to sha1 and semver
cd85da1 
So e.g. `actions/checkout@v4` is update to `actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`

For more context see:

* Enable pinDigest to convert a major version to semver renovatebot/renovate#21901
* https://docs.renovatebot.com/presets-helpers/#helperspingithubactiondigeststosemver

Protects against attacks where version tags get mutated to point to
malicious code to e.g. extract secrets via gh accounts be compromised.
@esc
Copy link
Member

esc commented Mar 17, 2025

@dbast thank you for the patch

@esc esc merged commit 9539f2f into numba:main Mar 17, 2025
1 check passed
@esc esc mentioned this pull request Mar 17, 2025
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esc esc esc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dbast @esc