Pinning GitHub Actions is considered best practices by e.g. GitHub. There are tools like pinact helping with it.
There are also some under-specified npm dependencies used in Actions, e.g.
|
run: npx dot-json@1 "$DIRECTORY/manifest.json" version "$DAILY_VERSION" |
Pinning GitHub Actions is considered best practices by e.g. GitHub. There are tools like pinact helping with it.
There are also some under-specified npm dependencies used in Actions, e.g.
refined-github/.github/workflows/release.yml
Line 31 in 022ef03