Skip to content

Commit e546f9a

Browse files
committed
s/v1.0.1.0.1.0.1/v1.0.1/ on the bandit-action pin comment
Dependabot nailed the SHA bump (67a458d really is v1.0.1) but garbled the trailing comment into v1.0.1.0.1.0.1. It got tripped up because the old line was already mislabeled: the comment said v1.0.1 while the pin sat on the v1.0.0 commit. The action runs fine either way -- the pin is the SHA, the comment is just for humans -- but a nonsense version tag is exactly the kind of thing future-me squints at six months from now. Checked the other eight pinned actions in the group against their upstream tags while I was in here: - every SHA matches the version its comment claims - this bandit line was the only casualty Comment only. No SHA changes.
1 parent 69264e5 commit e546f9a

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/bandit.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,6 @@ jobs:
2424
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2525

2626
- name: Perform Bandit Analysis
27-
uses: PyCQA/bandit-action@67a458d90fa11fb1463e91e7f4c8f068b5863c7f # v1.0.1.0.1.0.1
27+
uses: PyCQA/bandit-action@67a458d90fa11fb1463e91e7f4c8f068b5863c7f # v1.0.1
2828
with:
2929
targets: "bitmath/ tests/"

0 commit comments

Comments
 (0)