Open anastasialanz opened 11 months ago
This is a risk in using third-party GitHub actions so the following practices should be taken:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
mikefarah/yq@master can be updated to use a commit sha instead of master
mikefarah/yq@master
master
This is a risk in using third-party GitHub actions so the following practices should be taken:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions
Suggestions
mikefarah/yq@master
can be updated to use a commit sha instead ofmaster