(chore) pin dependencies for workflows and Docker base images#238
Open
smoy wants to merge 2 commits into
Open
Conversation
Signed-off-by: Steven Moy <github@stevenmoy.com>
Signed-off-by: Steven Moy <github@stevenmoy.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addressing two of the three issues from ossf/scorecard
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:71
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:9: pin your Docker image by updating python:3.12-slim-bookworm to python:3.12-slim-bookworm@sha256:8a7e7cc04fd3e2bd787f7f24e22d5d119aa590d429b50c95dfe12b3abe52f48b
Warn: pipCommand not pinned by hash: Dockerfile:7