chore: update repo-governance actions to v0.4.0#87
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ffa004cdb7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| - name: Run PR intake gate | ||
| uses: heurema/repo-governance/actions/pr-intake-gate@a1f0c72edbbbe0513471b973e5afc799e7c51da1 | ||
| uses: heurema/repo-governance/actions/pr-intake-gate@v0.4.0 |
There was a problem hiding this comment.
In this pull_request_target workflow, the external action runs on untrusted PR events while the job has pull-requests: write and issues: write; replacing the prior commit SHA with the mutable v0.4.0 tag means a retagged or compromised upstream release can change the code executed with that token without any Punk-side diff. Please keep this action pinned to the audited v0.4.0 release commit SHA, or update it only by reviewing and pinning the new commit.
Useful? React with 👍 / 👎.
1 participant
Updates repo-governance action refs to the v0.4.0 release.
heurema/repo-governance/actions/...refs.