Commit 857b16a
chore(ci): SHA-pin actions/checkout to v6.0.2 commit (#260)
Follow-up to the prior actions/checkout upgrade that landed with major-tag
@v6. Convert all in-scope references to SHA-pinned form
(de0fac2e4500dabe0009e67214ff5f5447ce83dd = v6.0.2) per the workspace
tightening policy: pinning by commit eliminates the v6-tag-compromise
attack surface even on workflows that do not handle laterally-capable
secrets.
Trade-off accepted: future actions/checkout patches (v6.0.3+) require
manual SHA bumps. Mitigation: Dependabot for the github-actions ecosystem
(separate sweep) would auto-PR future bumps.
Part of the workspace-wide tightening completion across the Pendle repos.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 1d5eb31 commit 857b16a
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
| 14 | + | |
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
| |||
0 commit comments