chore: pin github actions to specific SHAs to mitigate supply chain attacks (#442)

2025-03-29 11:36:18 -10:00
parent 33332d9ec0
commit b69c865738
4 changed files with 29 additions and 29 deletions
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -11,9 +11,9 @@ jobs:
  labels:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
        with:
          python-version: 3.8
      - name: Install labels