mirror of
git://develop.git.wordpress.org/
synced 2025-01-17 12:58:25 +01:00
bb046b0700
Some GitHub Action scripts require additional permissions to perform the desired operations. This permission is usually given by passing a personal access token (PAT) to the action as an input. Because PATs grant access to sensitive information about the repository and actions with PATs become trusted actors, 3rd party actions should not be installed by specifying a major or minor version. Instead, specifying a full length commit SHA will use the 3rd party action as an immutable release, ensuring the workflows within the repository are not affected by upstream security problems should they occur. Props johnbillion. See #52625. git-svn-id: https://develop.svn.wordpress.org/trunk@50474 602fd350-edb4-49c9-b593-d223f7449a82