dependabot-sha-comment-ac
dependabot-sha-comment-action
dependabot-sha-comment-ac | dependabot-sha-comment-action | |
---|---|---|
1 | 1 | |
- | 2 | |
- | - | |
- | 0.9 | |
- | over 1 year ago | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dependabot-sha-comment-ac
-
GitHub Actions by Example
Def a real concern.
If anyone is interested to mitigate it yourself, these are helpful :)
https://docs.github.com/en/actions/creating-actions/about-cu...
https://github.com/dependabot/dependabot-core/issues/2835
https://github.com/zgosalvez/github-actions-ensure-sha-pinne...
https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...
dependabot-sha-comment-action
-
GitHub Actions by Example
Def a real concern.
If anyone is interested to mitigate it yourself, these are helpful :)
https://docs.github.com/en/actions/creating-actions/about-cu...
https://github.com/dependabot/dependabot-core/issues/2835
https://github.com/zgosalvez/github-actions-ensure-sha-pinne...
https://github.com/timmeinerzhagen/dependabot-sha-comment-ac...
What are some alternatives?
setup-msys2 - GitHub Action to setup MSYS2
github-actions-ensure-sha-pinne
tiny-differentiable-simulator - Tiny Differentiable Simulator is a header-only C++ and CUDA physics library for reinforcement learning and robotics with zero dependencies.
github-actions-ensure-sha-pinned-actions - A Github Action to ensure that actions are pinned to full length commit SHAs
toast - Containerize your development and continuous integration environments. 🥂
ghactionsbyexample - GitHub Actions by Example