julia-actions/cache
1
0
Fork 0
mirror of https://github.com/julia-actions/cache.git synced 2026-02-16 19:16:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Pin third party action to hash (#106)

Browse Source 
Third party actions should never not be pinned to a hash. Otherwise, in case the action repo is taken over by a malicious actor, they can change what runs in all of the workflows that julia-actions/cache is used in as well. Pinning to a hash prevents that.
This commit is contained in:
Sascha Mann
2024-01-18 16:21:26 +01:00
committed by GitHub
parent 3e0649aaee
commit 216aaef29a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
action.yml
View File

@@ -52,7 +52,7 @@ runs:
using: 'composite' using: 'composite'
steps: steps:
- name: Install jq - name: Install jq
uses: dcarbone/install-jq-action@v2.1.0 uses: dcarbone/install-jq-action@8867ddb4788346d7c22b72ea2e2ffe4d514c7bcb
with: with:
force: false # Skip install when an existing `jq` is present force: false # Skip install when an existing `jq` is present