File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2626 # Tags can be silently repointed to malicious commits (as happened with trivy-action in March 2026).
2727 # To update an action: find the new SHA via `gh api repos/<owner>/<repo>/git/ref/tags/<tag>`
2828
29- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
29+ - uses : actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
3030
3131 - uses : actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
3232 with :
@@ -227,7 +227,7 @@ jobs:
227227 FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 : true
228228
229229 steps :
230- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
230+ - uses : actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
231231
232232 - name : Read current alpine tag from Dockerfile on main
233233 id : current
You can’t perform that action at this time.
0 commit comments