ci: set persist-credentials: false for actions/checkout per zizmor suggestion#1204
Merged
Conversation
gthess
approved these changes
Dec 13, 2024
gthess
added a commit
that referenced
this pull request
Dec 13, 2024
- Merge #1204: ci: set persist-credentials: false for actions/checkout per zizmor suggestion.
Member
|
@maertsen , should I keep the branch around for future improvements or it can go away? |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this pull request
Dec 26, 2024
* nlnet/master: - For NLnetLabs#1207: [FR] Support for RESINFO RRType 261 (RFC9606), add LDNS_RR_TYPE_RESINFO similar to LDNS_RR_TYPE_TXT. Changelog entry for NLnetLabs#1204: - Merge NLnetLabs#1204: ci: set persist-credentials: false for actions/checkout per zizmor suggestion. set persist-credentials: false per zizmor suggestion - Fix typo in log_servfail.tdir test. Changelog entry for NLnetLabs#1187: - Merge NLnetLabs#1187: Create the SSL_CTX for QUIC before chroot and privilege drop. Create the SSL_CTX for QUIC before chroot and privilege drop (NLnetLabs#1187) - Safeguard alias loop while looking in the cache for expired answers. - Merge NLnetLabs#1198: Fix log-servfail with serve expired and no useful cache contents. - For NLnetLabs#1175, the default value of serve-expired-ttl is set to 86400 (1 day) as suggested by RFC8767. Changelog entry for NLnetLabs#1189, NLnetLabs#1197: - Merge NLnetLabs#1189: Fix the dname_str method to cause conversion errors when the domain name length is 255. - Merge NLnetLabs#1197: dname_str() fixes. - For NLnetLabs#1193, introduce log-servfail.tdir and cleanup the log-servfail setting from other tests. - Fix NLnetLabs#1193: log-servfail fails to log host SERVFAIL responses in Unbound 1.19.2 on Ubuntu 24.04.1 LTS, by not considering cached failures when trying to reply with expired data. - For NLnetLabs#1189, homogenize the input buffer size for dname_str(). - For NLnetLabs#1189, add unit tests for dname_str() and debug check the input buffer size. Fix the dname_str method to cause conversion errors when the domain name length is 255
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I don't think we currently have anything in CI that needs the (readonly) checkout credentials persisted to .git/config during the run.