Y
Hacker News
new
|
ask
|
show
|
jobs
by
chippiewill
134 days ago
It doesn't work for transitive dependencies, so you're reliant on third party composite actions doing their own SHA locking.