Prevent potential supply chain attack by referencing a commit rather than @latest (#65)

pgporada · web-flow · commit fd793fa828c4 · 2023-07-28T10:49:14.000-07:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -60,7 +60,7 @@ jobs:
           nfpm package -p deb --target "nfpm-pkg/"
 
       - name: "Publish release"
-        uses: "marvinpinto/action-automatic-releases@latest"
+        uses: "marvinpinto/action-automatic-releases@d68defdd11f9dcc7f52f35c1b7c236ee7513bcc1"
         with:
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           automatic_release_tag: "${{ steps.get_version.outputs.version }}"
