Commit cf49689
security: pin GitHub Actions to commit hashes
Pin third-party GitHub Actions to specific commit hashes to prevent
supply chain attacks and ensure immutable action versions:
- actions/setup-python@v5 → a26af69be951a213d495a4c3e4e4022e16d87065
- pre-commit/action@v3.0.1 → 2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd
This resolves the CodeQL Advanced Security warning:
"Unpinned tag for a non-immutable Action in workflow"
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>1 parent cf5260b commit cf49689
3 files changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| |||
0 commit comments