Skip to content

Commit 060d1b0

Browse files
security: pin actions/github-script to commit SHA (SECCMP-1797)
actions/github-script@v7 was a mutable tag — a supply chain compromise of the upstream action could silently alter behavior. Pin to commit SHA for reproducible, tamper-evident builds. SHA: f28e40c7f34bde8b3046d885e986cb6290c5673b (v7) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 6e99037 commit 060d1b0

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/copyright-check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ jobs:
9595
- name: Post / Update PR comment with summary
9696
id: pr-comment
9797
if: always() && steps.changed-files.outputs.skip-validation != 'true'
98-
uses: actions/github-script@v7
98+
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
9999
env:
100100
VALIDATION_STATUS: ${{ steps.validate.outputs.status }}
101101
with:

0 commit comments

Comments
 (0)