Skip to content

v1.4.2

Choose a tag to compare

@mohijalili mohijalili released this 14 Jul 20:12
26c7ddd

What's changed

Supply chain & security hardening

  • Pin all GitHub Actions to full commit SHAs
  • Add Dependabot for GitHub Actions, Docker, and pip
  • Add Semgrep SAST and CodeQL analysis in CI
  • Hash-lock pip dependencies in the Docker image
  • Pin Docker base image by digest

Release

  • Pin action.yml to ghcr.io/fendora-io/sieve-action:v1.4.2 instead of :latest
  • Update README examples to @v1.4.2

Usage

- uses: fendora-io/sieve-action@v1.4.2

Full changelog: v1.4.1...v1.4.2