bpmn-io / actions

The custom github actions used by the bpmn-io team
Other
0 stars 5 forks source link

ci: use full commit hash #1

Closed barmac closed 2 years ago

barmac commented 2 years ago

Pinning action to a branch poses a security threat.

Cf. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions