For better reproductions and countering supply chain attacks it might be good idea to pin Node.js and Github Actions. Pinning part is easy but somehow the updating needs to be automated too. Dependabot has no support for either at the time of the writing.
Discussion on Discord: https://discord.com/channels/299182152161951744/784073459516964954/1488591620063629403
For better reproductions and countering supply chain attacks it might be good idea to pin Node.js and Github Actions. Pinning part is easy but somehow the updating needs to be automated too. Dependabot has no support for either at the time of the writing.
Discussion on Discord: https://discord.com/channels/299182152161951744/784073459516964954/1488591620063629403