Pin our GitHub Actions dependencies (#18255) - matrix/thirdparty/synapse.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>	2025-03-19 14:16:04 +0000
committer	GitHub <noreply@github.com>	2025-03-19 14:16:04 +0000
commit	51deadec41979cd94e16b5d1e42a47fedc3da98c (patch)
tree	3aa52403d5601b0c8147229eac2bf99a1a01869d /docs/development/database_schema.md
parent	Add index to sliding sync membership snapshot table, to fix a performance iss... (diff)
download	synapse-51deadec41979cd94e16b5d1e42a47fedc3da98c.tar.xz

Pin our GitHub Actions dependencies (#18255)

After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup)
in `tj-actions/changed-files` and actions based on it, it's become clear
that relying on git tags to pin our dependencies is not enough (as tags
can simply be replaced). Therefore we need to switch to hashes.

Dependabot should continue to update these dependencies for us.

Best reviewed commit-by-commit. Though if CI passes, we're *probably*
fine.

Diffstat (limited to 'docs/development/database_schema.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: