[openstreetmap/openstreetmap-website] Lock GitHub Actions dependencies to SHAs for security and predictability (PR #6332)

Grant notifications at github.com
Mon Aug 18 15:12:48 UTC 2025


Firefishy left a comment (openstreetmap/openstreetmap-website#6332)

> So basically the end result is more work for us to merge PRs for minor version changes?

I think dependabot is able to handle the pinned versions without issue. [It also supports updating the version comments](https://github.com/dependabot/dependabot-core/pull/5951).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6332#issuecomment-3197335833
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/6332/c3197335833 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250818/f68097c8/attachment-0001.htm>


More information about the rails-dev mailing list