Skip to content

Comments

Pin astral-sh/setup-uv to commit SHA in setup-python-env action#20

Merged
pmalarme merged 2 commits intofeature/add-documentation-and-copilot-instructionsfrom
copilot/sub-pr-18-again
Feb 19, 2026
Merged

Pin astral-sh/setup-uv to commit SHA in setup-python-env action#20
pmalarme merged 2 commits intofeature/add-documentation-and-copilot-instructionsfrom
copilot/sub-pr-18-again

Conversation

Copy link
Contributor

Copilot AI commented Feb 19, 2026

Summary

astral-sh/setup-uv@v5 used a mutable tag, allowing silent tag overwrites and potential supply-chain compromise. Pinned to an immutable commit SHA, consistent with the pattern already used in security-review.lock.yml.

- name: Set up uv
  uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v5.4.2

Testing

  • Not run (config-only change — no executable code modified)

Checklist

  • Linked issue or task reference
  • Added/updated tests where relevant
  • Updated docs/README if needed
  • No secrets or sensitive data added
  • Considered backward compatibility and deployment impact

Additional context


✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Co-authored-by: pmalarme <686568+pmalarme@users.noreply.github.com>
Copilot AI changed the title [WIP] Update documentation and Copilot instructions based on feedback Pin astral-sh/setup-uv to commit SHA in setup-python-env action Feb 19, 2026
Copilot AI requested a review from pmalarme February 19, 2026 11:48
@pmalarme pmalarme marked this pull request as ready for review February 19, 2026 11:55
@pmalarme pmalarme merged commit 3096d80 into feature/add-documentation-and-copilot-instructions Feb 19, 2026
10 checks passed
@pmalarme pmalarme deleted the copilot/sub-pr-18-again branch February 19, 2026 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants