goneall
commented
1 month ago I'm wondering if we should update to a later version for some of the actions - e.g. checkout is now past version 4.
@jspeed-meyers - what do you think?
Closed jspeed-meyers closed 1 month ago
goneall
commented
1 month ago I'm wondering if we should update to a later version for some of the actions - e.g. checkout is now past version 4.
@jspeed-meyers - what do you think?
jspeed-meyers
commented
1 month ago @goneall: Sounds good to me. My thinking: If this PR gets merged, then PR #207, once merged, should handle this proposed update smoothly. Therefore, merging these two PRs is equivalent to your proposal in the long run and has the benefit of making continued updates easier for the maintainers of this project.
goneall
commented
1 month ago @goneall: Sounds good to me. My thinking: If this PR gets merged, then PR #207, once merged, should handle this proposed update smoothly. Therefore, merging these two PRs is equivalent to your proposal in the long run and has the benefit of making continued updates easier for the maintainers of this project.
Agree - I'll go ahead and approve
jspeed-meyers
commented
1 month ago Thank you, @goneall. Also, I should have explained my thinking in the first place. Thank you for being thoughtful and asking questions!
Pin the GitHub Actions workflows to a fixed version. This is part of the requirements of OpenSSF Scorecards. See issue #192.