Pin release workflow to a specific sha. (#61)

Using a tag instead of a commit hash for this 3P dependency was flagged as a possible security vulnerability by third-party security auditors.
lightsparkdev · May 20, 2024 · a61699e · a61699e
1 parent 8e195ac
commit a61699e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -82,7 +82,7 @@ jobs:
         with:
           name: lightspark-cryptoFFI-kotlin
       - name: Create release
-        uses: ncipollo/release-action@v1
+        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5
         with:
           artifacts: "./lightspark-cryptoFFI*"
           tag: ${{ inputs.version }}