Hi!
This action cannot be used with GitHub's new policy to require SHA pinning (https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/) because it is a composite using an unpinned action, e.g., pinning this action still means that an unpinned action is used.
Consequently, we have to migrate off the action astral-sh/python-build-standalone#771
I'd recommend pinning the child action's commit so users can have more secure invocations.
Hi!
This action cannot be used with GitHub's new policy to require SHA pinning (https://github.blog/changelog/2025-08-15-github-actions-policy-now-supports-blocking-and-sha-pinning-actions/) because it is a composite using an unpinned action, e.g., pinning this action still means that an unpinned action is used.
Consequently, we have to migrate off the action astral-sh/python-build-standalone#771
I'd recommend pinning the child action's commit so users can have more secure invocations.