{{ message }}
gh-109110: Hash-pin GitHub Actions#109111
Closed
pnacht wants to merge 2 commits into
Closed
Conversation
Sorry, something went wrong.
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
|
All commit authors signed the Contributor License Agreement. |
Sorry, something went wrong.
|
Most changes to Python require a NEWS entry. Please add it using the blurb_it web app or the blurb command-line tool. |
Sorry, something went wrong.
ambv
reviewed
Sep 8, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reviewers
5 participants
This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.
Fixes #109110.
This PR hash-pins all GitHub Actions and configures dependabot to keep them up-to-date with a single monthly PR. This will increase the resiliency of the repo's workflows in the face of broken or malicious versions of any Actions.
I don't believe this change requires a NEWS entry, but let me know and I'll add one.