search

redhat-developer / vscode-rsp-ui

A unified UI for all RSP servers and RSP server-providers to integrate with
Eclipse Public License 2.0
38 stars 21 forks source link

Pin 3rd-party actions to SHA1 #261

Closed fbricon closed 1 year ago

fbricon commented 1 year ago

Hi!

Following the GH Action Security Hardening guide we should use the commit SHA instead of the branch or tag for any third-party untrusted action.

This PR was submitted by a script.

codecov-commenter commented 1 year ago

Codecov Report

Base: 66.21% // Head: 66.21% // No change to project coverage :thumbsup:

Coverage data is based on head (843f74b) compared to base (53b4ed0). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #261 +/- ## ======================================= Coverage 66.21% 66.21% ======================================= Files 17 17 Lines 1545 1545 Branches 376 376 ======================================= Hits 1023 1023 Misses 522 522 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=redhat-developer)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.