Hi there. Due to recent software supply chain woes, infrastructure software vendors started using well-known and (more) tamper-resistant SHA commit hashes for version pinning.
astral-sh/setup-uv started advertising to use commit hashes for version pinning on their README, we are tracking this to also implement on our repositories, and wanted to report the same recommendation here. Thanks!
Hi there. Due to recent software supply chain woes, infrastructure software vendors started using well-known and (more) tamper-resistant SHA commit hashes for version pinning.
astral-sh/setup-uvstarted advertising to use commit hashes for version pinning on their README, we are tracking this to also implement on our repositories, and wanted to report the same recommendation here. Thanks!