Skip to content

Commit

Permalink
chore(deps): bump actions/checkout from 3.5.2 to 4.1.1
Browse files Browse the repository at this point in the history 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v3.5.2...v4.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
  • Loading branch information
@dependabot
dependabot[bot] committed Nov 17, 2023
1 parent 63c68a3 commit 832f4d2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/veracode.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
verify-formatting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.5.2
- uses: actions/checkout@v4.1.1
with:
fetch-depth: 0
- uses: ./.github/actions/setup-java

Check warning on line 50 in .github/workflows/veracode.yml

View workflow job for this annotation

GitHub Actions / Analyze

[MEDIUM] Unpinned Actions Full Length Commit SHA 

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Expand Down

0 comments on commit 832f4d2

Please sign in to comment.