Skip to content

Pin actions/github-script to exact commit SHA#862

Merged
gaiksaya merged 1 commit into
opensearch-project:mainfrom
shreyah963:fix/pin-github-script-action
May 21, 2026
Merged

Pin actions/github-script to exact commit SHA#862
gaiksaya merged 1 commit into
opensearch-project:mainfrom
shreyah963:fix/pin-github-script-action

Conversation

@shreyah963

@shreyah963 shreyah963 commented May 21, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Pin actions/github-script from v6 tag to exact commit SHA (3a2844b7e9c422d3c10d287c895573f7108da1b3), which points to v9.

Context

Mutable tags can be overwritten. Pinning to a specific commit SHA ensures the action code cannot change without a corresponding PR update.

Signed-off-by: shreyah963 <shreyab963@gmail.com>
@github-actions

Copy link
Copy Markdown

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 162de11.

PathLineSeverityDescription
.github/workflows/add-untriaged.yml14highGitHub Actions dependency changed from 'actions/github-script@v6' to a pinned commit SHA '3a2844b7e9c422d3c10d287c895573f7108da1b3'. While SHA pinning is generally a security best practice, this change must be verified to confirm the commit SHA corresponds to a legitimate, trusted version of actions/github-script and has not been substituted with a malicious commit. Maintainers should verify the SHA against the official actions/github-script repository.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 1 | Medium: 0 | Low: 0


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@gaiksaya gaiksaya merged commit 97f9769 into opensearch-project:main May 21, 2026
15 of 27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants