Skip to content

Commit c5a0ac8

Browse files
committed
ci(security): pin 3rd-party actions to commit SHAs (CodeQL actions/unpinned-tag)
Pin NuGet/login -> v1.2.0 (8d19675) and dessant/lock-threads -> v6.0.2 (89ae32b) to commit SHAs with version comments, resolving the CodeQL unpinned-tag alerts. Renovate updates them via the version comments.
1 parent f9ac285 commit c5a0ac8

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

.github/workflows/lock.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
action:
1717
runs-on: ubuntu-latest
1818
steps:
19-
- uses: dessant/lock-threads@v6
19+
- uses: dessant/lock-threads@89ae32b08ed1a541efecbab17912962a5e38981c # v6.0.2
2020
with:
2121
github-token: ${{ github.token }}
2222
issue-inactive-days: '14'

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
- name: NuGet login (OIDC trusted publishing)
4848
id: nuget-login
49-
uses: NuGet/login@v1
49+
uses: NuGet/login@8d196754b4036150537f80ac539e15c2f1028841 # v1.2.0
5050
with:
5151
user: ${{ secrets.NUGET_USER }}
5252

0 commit comments

Comments
 (0)