Skip to content

Untrusted Actions Versioning #1614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gcatanese merged 1 commit into from
Dec 17, 2025
Merged

Untrusted Actions Versioning #1614

gcatanese merged 1 commit into from
Dec 17, 2025

Conversation

@gcatanese
Copy link
Contributor

@gcatanese gcatanese commented Dec 12, 2025

PR to address the vulnerability "Untrusted Actions Versioning".

Workflows have been update to use full commit SHA.

@gcatanese gcatanese requested review from a team as code owners December 12, 2025 11:05
@gcatanese gcatanese added the Fix Indicates a bug fix label Dec 12, 2025
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 12, 2025

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@gcatanese gcatanese enabled auto-merge (squash) December 12, 2025 11:57
Copilot AI mentioned this pull request Dec 12, 2025
Merged
@gcatanese gcatanese force-pushed the pin-github-action-dependencies branch from d7bd133 to 0f22640 Compare December 17, 2025 14:06
@gcatanese gcatanese merged commit e456038 into main Dec 17, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@galesky-a galesky-a galesky-a approved these changes

@jeandersonbc jeandersonbc Awaiting requested review from jeandersonbc

Assignees

No one assigned

Labels

Fix Indicates a bug fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gcatanese @galesky-a