From 720bea11530675253ace6916118997b24449780b Mon Sep 17 00:00:00 2001 From: JL Mitra Date: Tue, 7 Apr 2026 13:56:53 -0700 Subject: [PATCH] chore: SECENG-7706 [security] Pin versions of GitHub Actions to full commit hash - quotation fix This PR pins versions of GitHub Actions to full commit hash via [automated scripts](https://github.com/amplitude/tools/tree/master/seceng/github_actions/pin-gha). This PR fixes an error with the previous script not correctly parsing lines in "" quotations. In general, this PR doesn't change the behavior of the workflows, so you can merge this safely. This pull request was created by [multi-gitter](https://github.com/lindell/multi-gitter). Please merge this pull request by 4/10/2026. For any questions, please ask in the Slack channel #help-security. --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d0d7e41..a7efb0d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: ${{ github.actor }} permission check to do a release - uses: "lannonbr/repo-permission-check-action@2.0.2" + uses: "lannonbr/repo-permission-check-action@2bb8c89ba8bf115c4bfab344d6a6f442b24c9a1f" # 2.0.2 with: permission: "write" env: