Skip to content

Commit 36a177b

Browse files
cevhericlaude
andauthored
ci(npm): pin oven-sh/setup-bun to a SHA (#62)
Resolves CodeQL actions/unpinned-tag (#76, #77) — both setup-bun steps now use the same pinned commit (# v2) already used by ci.yml and docker-build-push.yml. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent ad65d5d commit 36a177b

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

.github/workflows/npm-publish.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
uses: actions/checkout@v4
2929

3030
- name: Setup Bun
31-
uses: oven-sh/setup-bun@v2
31+
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
3232
with:
3333
bun-version: "1.3.9"
3434

@@ -63,7 +63,7 @@ jobs:
6363
uses: actions/checkout@v4
6464

6565
- name: Setup Bun
66-
uses: oven-sh/setup-bun@v2
66+
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
6767
with:
6868
bun-version: "1.3.9"
6969

0 commit comments

Comments
 (0)