Commit graph

3 commits

Author SHA1 Message Date
Tobias Bieniek
2ab29ef789
CI: Pin GitHub Actions to commit SHAs
This pins all third-party actions to immutable commit SHAs, with the
resolved version tag in a trailing comment. This prevents upstream
tags from silently changing under us.

- actions/checkout → v6.0.2 (bumped from v5 to reduce `artipacked`
  severity: v6 no longer stores credentials in `.git/config`)
- actions/setup-node → v6.3.0
- rust-lang/crates-io-auth-action → v1.0.4

See https://docs.zizmor.sh/audits/#unpinned-uses
2026-04-10 14:35:42 +02:00
Eric Huss
63b159741b Disable update-dependencies on forks
This disables the update-dependencies cron job in forks. It's not
uncommon for people to leave GitHub Actions enabled in a fork (which in
my experience seems to be the default?), and this unfortunately means
that this job will run in all those forks which is probably not what
people want.
2025-11-07 10:06:38 -08:00
Eric Huss
83c307be3c Add job to automatically update dependencies
This adds a job to automatically update cargo dependencies once a month.
I've added this script instead of using Renovate because I couldn't get
Renovate to update versions in `Cargo.toml`. I also wanted to batch
transitive dependency updates all in one PR.
2025-09-24 16:05:14 -07:00