Skip to content
This repository was archived by the owner on May 22, 2025. It is now read-only.

Pin dependencies #11

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Pin dependencies #11

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 30, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action pinDigest -> 11bd719
actions/setup-node action pinDigest -> 49933ea

Configuration

📅 Schedule: Branch creation - "* * * * 2-4" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 3f81bc0 to 352973e Compare September 19, 2024 19:42
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 352973e to 48b9a71 Compare October 7, 2024 18:06
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from f5156e7 to 164cceb Compare October 24, 2024 16:40
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 164cceb to e3aaedd Compare January 27, 2025 09:59
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from e3aaedd to 9a22f8b Compare March 17, 2025 05:43
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 9a22f8b to 1b54b21 Compare April 14, 2025 08:13
github-actions[bot]
github-actions bot reviewed Apr 14, 2025
View reviewed changes
.github/workflows/ci.yml
@@ -12,9 +12,9 @@ jobs:
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA or is missing the semver reference comment

You can use pinact - https://github.com/suzuki-shunsuke/pinact - to pin them

👍

uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1

👎

uses: actions/cache@v3
uses: actions/[email protected]

GHA Policies


Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/brave-third-party-action-not-pinned-to-commit-sha.yaml


Cc @thypon @kdenhartog

.github/workflows/ci.yml
- name: Install node
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reported by reviewdog 🐶
[semgrep] An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA or is missing the semver reference comment

You can use pinact - https://github.com/suzuki-shunsuke/pinact - to pin them

👍

uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1

👎

uses: actions/cache@v3
uses: actions/[email protected]

GHA Policies


Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/brave-third-party-action-not-pinned-to-commit-sha.yaml


Cc @thypon @kdenhartog

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@thypon thypon

@kdenhartog kdenhartog

Labels
needs-security-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thypon @kdenhartog