Context
When the new GitHub policy to enforce actions to be pinned by full SHA is enabled then github-action-merge-dependabot stop working because the two dependencies in action.yml are not pinned.
The workflow throw with the following error
In the light of how impactful security issues (supply-chain attacks) with actions are nowadays I think this should be fixed.
Context
When the new GitHub policy to enforce actions to be pinned by full SHA is enabled then
github-action-merge-dependabotstop working because the two dependencies inaction.ymlare not pinned.The workflow throw with the following error
In the light of how impactful security issues (supply-chain attacks) with actions are nowadays I think this should be fixed.