ci(security): bump Silleellie/pylint-github-action to v3
Closes Dependabot PR #2. v3 changelog: adds an optional commit-message parameter (we do not use it, default is fine), removes the Endbug dependency that caused issues on github-enterprise, and bumps its own internal checkout / setup-python actions. None of the inputs we pass (lint-path, python-version, requirements-path, pylintrc-path, readme-path, badge-text, color-*) changed. Re-pinned by full commit SHA, same hardening pattern as v2.1.
This commit is contained in:
parent
d7fab0fd89
commit
4d16704ede
1 changed files with 2 additions and 2 deletions
4
.github/workflows/pylint.yml
vendored
4
.github/workflows/pylint.yml
vendored
|
|
@ -36,10 +36,10 @@ jobs:
|
|||
run: pytest -q
|
||||
|
||||
- name: Run Pylint and update badge
|
||||
# Silleellie/pylint-github-action v2.1 pinned by commit SHA so a
|
||||
# Silleellie/pylint-github-action v3 pinned by commit SHA so a
|
||||
# compromised tag cannot run arbitrary code with our GITHUB_TOKEN.
|
||||
# Refresh the SHA when bumping the version.
|
||||
uses: Silleellie/pylint-github-action@00e742f459317509d4fd0ce94a676d0c098b0f4d
|
||||
uses: Silleellie/pylint-github-action@4a85cbe000de2eb3c919f0779dade29fa1f60fe2
|
||||
with:
|
||||
lint-path: "."
|
||||
python-version: "3.12"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue