https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/
SHA pinning is a supply chain best practice. We should adopt the policy. And I encourage Astral to adopt for other projects as well since all these projects are high priority targets due to their popularity and location low in the software stack.
https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/
SHA pinning is a supply chain best practice. We should adopt the policy. And I encourage Astral to adopt for other projects as well since all these projects are high priority targets due to their popularity and location low in the software stack.