[openstreetmap/openstreetmap-website] Lock GitHub Actions dependencies to SHAs for security and predictability (PR #6332)
Grant
notifications at github.com
Mon Aug 18 15:12:48 UTC 2025
Firefishy left a comment (openstreetmap/openstreetmap-website#6332)
> So basically the end result is more work for us to merge PRs for minor version changes?
I think dependabot is able to handle the pinned versions without issue. [It also supports updating the version comments](https://github.com/dependabot/dependabot-core/pull/5951).
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6332#issuecomment-3197335833
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/6332/c3197335833 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250818/f68097c8/attachment-0001.htm>
More information about the rails-dev
mailing list