-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: use hashes instead of tags for external actions #43284
Conversation
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment)
Review requested:
|
Isn't this also valid for |
|
Co-authored-by: Michaël Zasso <targos@protonmail.com>
glad that we're doing this :) |
Commit Queue failed- Loading data for nodejs/node/pull/43284 ✔ Done loading data for nodejs/node/pull/43284 ----------------------------------- PR info ------------------------------------ Title tools: use hashes instead of tags for external actions (#43284) ⚠ Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch aduh95:no-tags-for-external-actions -> nodejs:master Labels meta, author ready, commit-queue-squash Commits 2 - tools: use hashes instead of tags for external actions - Apply suggestions from code review Committers 2 - Antoine du Hamel - GitHub PR-URL: https://github.com/nodejs/node/pull/43284 Reviewed-By: Michaël Zasso Reviewed-By: Luigi Pinca ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/43284 Reviewed-By: Michaël Zasso Reviewed-By: Luigi Pinca -------------------------------------------------------------------------------- ℹ This PR was created on Wed, 01 Jun 2022 15:21:17 GMT ✔ Approvals: 2 ✔ - Michaël Zasso (@targos) (TSC): https://github.com/nodejs/node/pull/43284#pullrequestreview-993164651 ✔ - Luigi Pinca (@lpinca): https://github.com/nodejs/node/pull/43284#pullrequestreview-995322504 ✖ Last GitHub CI failed ℹ Green GitHub CI is sufficient -------------------------------------------------------------------------------- ✔ Aborted `git node land` session in /home/runner/work/node/node/.ncuhttps://github.com/nodejs/node/actions/runs/2444122549 |
Landed in c7c8d86 |
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: nodejs#43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: #43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to anything else. Refs: nodejs/corepack#117 (comment) PR-URL: nodejs/node#43284 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Using tags is a security risk, as they can be updated to point to
anything else.
Refs: nodejs/corepack#117 (comment)