gopidesupavan commented on PR #16964: URL: https://github.com/apache/datafusion/pull/16964#issuecomment-3133609461
> Thank you @gopidesupavan > > I double checked all the hash values corresponded to the specified versions > > I will sleep better at night with this potential attack vector reduced cool :) happy to help. and on a side note, it would be nice to have zizmor pre-commit setup https://github.com/zizmorcore/zizmor this is really useful it validates how github action workflows, how tokens usage and syntax etc; very powerful. we at Apache Airflow uses https://github.com/apache/airflow/blob/main/.pre-commit-config.yaml#L366. If your happy i am fine to add this to datafusion , please let me know :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org For additional commands, e-mail: github-h...@datafusion.apache.org
