aboutsummaryrefslogtreecommitdiff
path: root/src/liblzma/check/sha256.c
diff options
context:
space:
mode:
authorGabriela Gutierrez <gabigutierrez@google.com>2023-09-26 15:55:13 +0000
committerJia Tan <jiat0218@gmail.com>2023-10-13 20:03:13 +0800
commit37947d4a7565b87e4cec8b89229d35b0a3f8d2cd (patch)
tree1f18f2e04aa3b1e5202f1dd03bf8fcb1cff0feef /src/liblzma/check/sha256.c
parentCI: Bump and ref actions by commit SHA in ci.yml (diff)
downloadxz-37947d4a7565b87e4cec8b89229d35b0a3f8d2cd.tar.xz
CI: Bump and ref actions by commit SHA in windows-ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch. It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/msys2/setup-msys2/releases/tag/v2.20.1 https://github.com/msys2/setup-msys2/commit/27b3aa77f672cb6b3054121cfd80c3d22ceebb1d https://github.com/actions/checkout/releases/tag/v4.1.0 https://github.com/actions/checkout/commit/8ade135a41bc03ea155e62e844d188df1ea18608 https://github.com/actions/upload-artifact/releases/tag/v3.1.3 https://github.com/actions/upload-artifact/commit/a8a3f3ad30e3422c9c7b888a15615d19a852ae32 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Diffstat (limited to 'src/liblzma/check/sha256.c')
0 files changed, 0 insertions, 0 deletions