chore(ci): harden workflows and bump packageManager to pnpm@11.1.1 #451
Annotations
6 errors, 2 warnings, and 3 notices
|
Run zizmor
Process completed with exit code 14.
|
|
Run zizmor:
.github/workflows/release.yml#L33
release.yml:33: unpinned action reference: action is not pinned to a hash (required by blanket policy)
|
|
Run zizmor:
.github/workflows/pr.yml#L58
pr.yml:58: unpinned action reference: action is not pinned to a hash (required by blanket policy)
|
|
Run zizmor:
.github/workflows/pr.yml#L28
pr.yml:28: unpinned action reference: action is not pinned to a hash (required by blanket policy)
|
|
Run zizmor:
.github/workflows/e2e-opportunistic-matrix.yml#L43
e2e-opportunistic-matrix.yml:43: unpinned action reference: action is not pinned to a hash (required by blanket policy)
|
|
Run zizmor:
.github/workflows/check-skills.yml#L113
check-skills.yml:113: code injection via template expansion: may expand into attacker-controllable code
|
|
Run zizmor:
.github/workflows/release.yml#L28
release.yml:28: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
|
|
Run zizmor:
.github/workflows/check-skills.yml#L29
check-skills.yml:29: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
|
|
Run zizmor:
.github/workflows/release.yml#L64
release.yml:64: code injection via template expansion: may expand into attacker-controllable code
|
|
Run zizmor:
.github/workflows/check-skills.yml#L138
check-skills.yml:138: code injection via template expansion: may expand into attacker-controllable code
|
|
Run zizmor:
.github/workflows/check-skills.yml#L129
check-skills.yml:129: code injection via template expansion: may expand into attacker-controllable code
|
background
wait
wait-all
cancel
Loading