Skip to content

chore: pin GitHub Actions to commit SHAs#3

Merged
chrismerck merged 1 commit into
mainfrom
security/pin-actions-shas
Apr 18, 2026
Merged

chore: pin GitHub Actions to commit SHAs#3
chrismerck merged 1 commit into
mainfrom
security/pin-actions-shas

Conversation

@chrismerck

Copy link
Copy Markdown
Contributor

Pin all uses: refs in .github/workflows/ to full 40-character commit SHAs, per
GitHub's secure-use guidance.

Version tags retained as trailing comments for readability. Ongoing updates can be
managed by Dependabot or pin-github-action.

Changes:

  • actions/checkout @v434e114876b0b11c390a56381ad16ebd13914f8d5 (v4.3.1)
  • dtolnay/rust-toolchain @stable29eef336d9b2848a0b548edc03f92a220660cdb8
  • actions/upload-pages-artifact @V356afc609e74202658d3ffba0e8f6dda462b719fa (v3.0.1)
  • actions/deploy-pages @v4d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e (v4.0.5)

Part of an org-wide supply chain remediation effort.

Replaces mutable tag/branch refs (@v4, @stable) with full 40-char commit SHAs
per GitHub's secure-use guidance. Version tags retained as trailing comments.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@chrismerck

Copy link
Copy Markdown
Contributor Author

merging. let's see if it works.

@chrismerck chrismerck merged commit ddb7925 into main Apr 18, 2026
1 check passed
@chrismerck chrismerck deleted the security/pin-actions-shas branch April 18, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant