Commit 405b128
authored
🩹 [Patch]: Pin GitHub-Script action to specific version (#9)
The GitHub-Script action dependency is now pinned to a specific commit
SHA (v1.7.8) for improved security and reproducibility. This ensures
consistent builds and protects against potential supply chain attacks
where action tags could be moved to point to malicious code.
## Pin GitHub-Script action to specific SHA
Updated the action reference in `action.yml` from the previous SHA to
the latest version:
| Before | After |
|--------|-------|
| `PSModule/GitHub-Script@8b9d2739d6896975c0e5448d2021ae2b94b6766a`
(v1.7.6) |
`PSModule/GitHub-Script@2010983167dc7a41bcd84cb88e698ec18eccb7ca`
(v1.7.8) |
### Why pin to SHA?
Pinning actions to specific commit SHAs is a security best practice
that:
- **Prevents tag mutation attacks** - Tags can be moved, but SHAs are
immutable
- **Ensures reproducible builds** - The exact same code runs every time
- **Provides audit trail** - Changes to dependencies are explicit and
reviewable1 parent 28c1805 commit 405b128
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | | - | |
| 44 | + | |
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
| |||
0 commit comments