Skip to content

Commit

Permalink
chore(deps): update docker/login-action action to v3
Browse files Browse the repository at this point in the history 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@renovate
renovate[bot] authored Sep 14, 2023
1 parent 64ba590 commit 856a49b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
uses: sigstore/[email protected]

- name: Login to Registry
uses: docker/login-action@v2
uses: docker/login-action@v3

Check warning

Code scanning / Semgrep

Semgrep Finding: yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha Warning

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
Expand Down

0 comments on commit 856a49b

Please sign in to comment.