Hi @mm2! I'm Diogo from issues #366 and #383 and today another simple change that could improve security of you project.
I'd like to suggest you to configure a Dependency Update Tool (e.g. Dependabot or Renovatebot) to help you keep your GitHub Actions updated. The tools are usually also useful to keep any other dependencies updated,
At first, keeping the dependencies up to date is good because you'd have the newest enhancements at hand, but it's also important because it prevents huge conflicts in case you need to use a new release for some reason -- it can be needed in case a security update is needed, for example.
We can configure it to update all workflow dependencies in a single monthly PR, for example -- for security updates, the tool would immediately create the PRs regardless of the frequency set. For the case of the hash-pinning, the PRs would still keep a comment with the human-readable version used =).
As it's a simple change, I'll follow up on with a PR. I'd be happy to reply to any questions or concerns.
Hi @mm2! I'm Diogo from issues #366 and #383 and today another simple change that could improve security of you project.
I'd like to suggest you to configure a Dependency Update Tool (e.g. Dependabot or Renovatebot) to help you keep your GitHub Actions updated. The tools are usually also useful to keep any other dependencies updated,
At first, keeping the dependencies up to date is good because you'd have the newest enhancements at hand, but it's also important because it prevents huge conflicts in case you need to use a new release for some reason -- it can be needed in case a security update is needed, for example.
We can configure it to update all workflow dependencies in a single monthly PR, for example -- for security updates, the tool would immediately create the PRs regardless of the frequency set. For the case of the hash-pinning, the PRs would still keep a comment with the human-readable version used =).
As it's a simple change, I'll follow up on with a PR. I'd be happy to reply to any questions or concerns.
Cheers,