manugarg
commented
11 months ago Thank you @joycebrum for consistent inputs to make pacparser more secure. Really appreciate it.
Closed joycebrum closed 11 months ago
manugarg
commented
11 months ago Thank you @joycebrum for consistent inputs to make pacparser more secure. Really appreciate it.
Closes #165
Hi manugarg, thanks for the return!
This PR is hash pinning the actions used on the workflows and also enabling dependabot to help keeping them up to date in a monthly pace (allowing new vulernabilities to be fixed before it even affects you).
Considering this it is also important to enable the Dependabot security updates option on Code security and analysis to receive out of schedule upgrades in case of a new security patch is released (avoiding being exposed for much time).
I've configured the dependabot to group updates on a single PR (the https://github.com/joycebrum/pacparser/pull/1 for example, instead of being 4 PRs, it is a single one with all the updates).