|
|
4bc8c6e40f
|
feat: pin digest of GitHub action updates (#2)
CD / Release (push) Successful in 5s
We always want to pin GitHub actions to a digest, to avoid attack vectors where existing tags are being re-used and their implementation replaced with malicious code.
As described in [renovate's documentation](https://docs.renovatebot.com/modules/manager/github-actions/#digest-pinning-and-updating), adding the "helpers:pinGitHubActionDigests" to the extends automatically forces renovate to always pin digests.
Reviewed-on: #2
Reviewed-by: branch-buddy <branch-buddy@t00n.de>
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
0.2.0
|
2025-10-08 18:54:50 +02:00 |
|
