pin-github-action
pin-github-action copied to clipboard
mheap
Pin your GitHub actions to a specific hash
Closes #153 Adjust the implementation of the CLI to leverage the `actions` output list from the main library instead of the `workflow` output to rewrite the input file. In particular,...
Bumps the development-dependencies group with 3 updates: [eslint](https://github.com/eslint/eslint), [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [nock](https://github.com/nock/nock). Updates `eslint` from 8.25.0 to 8.57.0 Release notes Sourced from eslint's releases. v8.57.0 Features 1120b9b feat: Add loadESLint() API...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [commander](https://github.com/tj/commander.js) from 9.4.1 to 12.0.0. Release notes Sourced from commander's releases. v12.0.0 Added .addHelpOption() as another way of configuring built-in help option (#2006) .helpCommand() for configuring built-in help command...
Hi, Would it be possible to output YAML in a way that doesn't clash with `prettier`? `pin-github-actions` wants files formatted like this: ```diff - needs: [changed-files] + needs: [ changed-files...
To help the reader avoid mistakes/surprises which I ran into.
Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.12.0 to 20.0.2. Release notes Sourced from @octokit/rest's releases. v20.0.2 20.0.2 (2023-09-25) Bug Fixes deps: update octokit monorepo (major) (#363) (258bf80) v20.0.1 20.0.1 (2023-07-11) Bug Fixes deps:...
The original comment format is not compatible with [Dependabot](https://github.com/mheap/pin-github-action/issues/140#issuecomment-1822238465) and [Renovate](https://github.com/mheap/pin-github-action/issues/140), but `--comment=" {ref}"` is. These tools are very popular, so it would make sense to change the default to...
…so it can be used: - for repos with workflows and composite actions, to “fix”/pin their own files. - on repos with “reusable workflows”
Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3. Release notes Sourced from json5's releases. v2.2.3 Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299) v2.2.2 Fix: Properties...
Bumps [prettier](https://github.com/prettier/prettier) from 2.7.1 to 3.1.0. Release notes Sourced from prettier's releases. 3.1.0 diff 🔗 Release note 3.0.3 🔗 Changelog 3.0.2 🔗 Changelog 3.0.1 🔗 Changelog 3.0.0 diff 🔗 Release...