chore(renovate): add pinDigests for GitHub Actions SHA pinning (#24)
Adds pinDigests: true so Renovate pins all GitHub Actions references to full commit SHAs for supply-chain hardening. This repo extends config:recommended directly, so pinDigests must be set here explicitly — the org-level config alone is not sufficient. Recreated from main after closing stale PR #23 (branch was created before the dual-approval PR #22 landed). Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.com> Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit was merged in pull request #24.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
8800d73d68
commit
7ad3069235
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": ["config:recommended"],
|
||||
"pinDigests": true,
|
||||
"baseBranches": ["main"],
|
||||
"schedule": ["every weekend"],
|
||||
"prConcurrentLimit": 10,
|
||||
|
||||
Reference in New Issue
Block a user