Y
Hacker News
new
|
ask
|
show
|
jobs
by
loginatnine
402 days ago
This is good, just bear in mind that if you put the hash of an external composite action and that action pulls on another one without a hash, you're still vulnerable on that transitive dependency.
1 comments
ebfe1
401 days ago
oh damn - that is a great point! thanks matey!
link