From 12e11609a99c44ec56fdb9b0385a22c4bc355503 Mon Sep 17 00:00:00 2001 From: Blake Irvin Date: Sat, 4 Sep 2021 11:24:37 +0200 Subject: [PATCH] pin 3rd-party Actions dep by full SHA This change follows GitHub's security-hardening guidance. By pinning to a full SHA, we reduce our exposure to supply-chain attacks where a malicious party could compromise the 3rd-party Actions repo, commit malicious code, and then mutate an existing git tag to redirect to a SHA containing the malicious commit. See https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions for more. --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 44c546237..d35063a45 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c with: distribution: 'adopt' java-version: 11