What happened?
PR #17 accidentally reverted a lot of security enhancements in GitHub workflows, which leaves this project more vulnerable to attacks.
What did you expect instead?
Workflows to be only updated with necessary changes, and this new changes to have the same security hardening as the existing workflow code (like pinning actions using hashes).
Affected version(s)
No response
Affected part(s)
Build script, CI, dependencies, etc. (part:tooling)
Extra information
More context in the PR #17.
What happened?
PR #17 accidentally reverted a lot of security enhancements in GitHub workflows, which leaves this project more vulnerable to attacks.
What did you expect instead?
Workflows to be only updated with necessary changes, and this new changes to have the same security hardening as the existing workflow code (like pinning actions using hashes).
Affected version(s)
No response
Affected part(s)
Build script, CI, dependencies, etc. (part:tooling)
Extra information
More context in the PR #17.