chore(renovate): add pinDigests for GitHub Actions SHA pinning
Adds pinDigests: true so Renovate pins all GitHub Actions references to full commit SHAs for supply-chain hardening. This repo extends config:recommended directly, so pinDigests must be set here explicitly — the org-level config alone is not sufficient. Recreated from main after closing stale PR #23 (branch was created before the dual-approval PR #22 landed). Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": ["config:recommended"],
|
||||
"pinDigests": true,
|
||||
"baseBranches": ["main"],
|
||||
"schedule": ["every weekend"],
|
||||
"prConcurrentLimit": 10,
|
||||
|
||||
Reference in New Issue
Block a user