Skip to content

chore: pin third-party GitHub Actions to SHAs + enable Dependabot#142

Merged
mahangu merged 1 commit into
mainfrom
chore/pin-and-enable-dependabot
Jun 1, 2026
Merged

chore: pin third-party GitHub Actions to SHAs + enable Dependabot#142
mahangu merged 1 commit into
mainfrom
chore/pin-and-enable-dependabot

Conversation

@mahangu

@mahangu mahangu commented May 31, 2026

Copy link
Copy Markdown
Contributor

Two-in-one hardening:

  1. Pin third-party GitHub Actions in this repo to commit SHAs (tag preserved as trailing comment).
  2. (Dependabot github-actions ecosystem already configured in this repo; left as-is.)

Tracking: DEVPROD-1072.

Hardens against supply-chain risk on mutable tags. Dependabot keeps
the pinned SHAs fresh weekly, with major bumps held under cooldown.

Tracking: DEVPROD-1072
@mahangu mahangu merged commit f27d1fd into main Jun 1, 2026
9 checks passed
@mahangu mahangu deleted the chore/pin-and-enable-dependabot branch June 1, 2026 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants