Pinned GH Action for migration PR workflow to a specific commit

no-issue
- The workflow runs in the pull_request_target context which has access to repo secrets even when triggered from a fork
- Pinned the GH Action to a specific version to guard against upstream changes to the Action which may abuse access to secrets
This commit is contained in:
Matt Hanley 2021-11-12 15:49:41 +00:00
parent a68854c3bd
commit 1477d2712b

View File

@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
name: Create checklist comment
steps:
- uses: peter-evans/create-or-update-comment@v1
- uses: peter-evans/create-or-update-comment@85a7ce63456c26d56a5ea525941e3d89f9e6e20a
with:
issue-number: ${{ github.event.pull_request.number }}
body: |