Skip to content

Update GitHub Actions, pin SHA hashes, add Actions Dependabot with cooldown #85

Open
#87
Open
Update GitHub Actions, pin SHA hashes, add Actions Dependabot with cooldown#85
#87
@pacharanero

Description

@pacharanero
pacharanero
opened on Jun 2, 2026
  • Actions are out of date, need to update them.
  • Dependabot will update actions but only if explicitly set up to do so
  • Using latest Actions, or a version tag, can be a vector for supply chain attacks, so we will instead pin to an explicit hash.
  • Dependabot will update automatically after a week's cooldown.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions