Pin github actions to hashes

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • Go Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      Context

      Only recently github allowed releases to be immutable, by default actions are mutable even when specifying a version.

      Definition of done

      Pin github action steps to hashes for their release to prevent any potential attacks hidden in github actions.

            Assignee:
            Qingyang Hu
            Reporter:
            Rafael Cenzano
            None
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: