Skip to content

bump go and terraform versions in e2e tests#8

Merged
maniSbindra merged 1 commit into
mainfrom
manisbindra/changes-prior-to-release
Feb 16, 2025
Merged

bump go and terraform versions in e2e tests#8
maniSbindra merged 1 commit into
mainfrom
manisbindra/changes-prior-to-release

Conversation

@maniSbindra

@maniSbindra maniSbindra commented Feb 16, 2025

Copy link
Copy Markdown
Contributor

bump go and terraform versions in e2e tests

@maniSbindra maniSbindra merged commit a57d8ce into main Feb 16, 2025
@maniSbindra maniSbindra deleted the manisbindra/changes-prior-to-release branch February 16, 2025 11:26
@maniSbindra maniSbindra mentioned this pull request Feb 21, 2025
Closed
maniSbindra added a commit that referenced this pull request Mar 23, 2026
@maniSbindra
fix: pin install script URLs to commit SHAs and eliminate pipe-to-shell
6dcf9ff 
Replace `curl | bash` pattern with download-to-temp-file execution in 6
install scripts flagged by OpenSSF Scorecard (Pinned-Dependencies).

Changes per script:
- Pin raw.githubusercontent.com URLs to specific commit SHAs instead of
  branch refs (master/main) or URL shorteners (aka.ms, get.opentofu.org,
  fnm.vercel.app)
- Download install scripts to temp files before executing (no more piping
  curl output directly to shell)
- Add cleanup traps to remove temp directories on exit

Affected scripts:
- install_act.sh (nektos/act@fe017a1)
- install_actionlint.sh (rhysd/actionlint@62c50a9)
- install_azd.sh (Azure/azure-dev@0340065)
- install_golangci-lint.sh (golangci/golangci-lint@870ddc1)
- install_opentofu.sh (opentofu/get.opentofu.org@c4f7de9)
- setup_fnm.sh (Schniz/fnm@bfb1860)

Resolves GitHub Advanced Security alerts #5, #6, #7, #8, #9, #10.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@maniSbindra maniSbindra mentioned this pull request Mar 23, 2026
Merged
DariuszPorowski pushed a commit that referenced this pull request Apr 13, 2026
@maniSbindra @DariuszPorowski
fix: pin install script URLs to commit SHAs and eliminate pipe-to-shell
e279370 
Replace `curl | bash` pattern with download-to-temp-file execution in 6
install scripts flagged by OpenSSF Scorecard (Pinned-Dependencies).

Changes per script:
- Pin raw.githubusercontent.com URLs to specific commit SHAs instead of
  branch refs (master/main) or URL shorteners (aka.ms, get.opentofu.org,
  fnm.vercel.app)
- Download install scripts to temp files before executing (no more piping
  curl output directly to shell)
- Add cleanup traps to remove temp directories on exit

Affected scripts:
- install_act.sh (nektos/act@fe017a1)
- install_actionlint.sh (rhysd/actionlint@62c50a9)
- install_azd.sh (Azure/azure-dev@0340065)
- install_golangci-lint.sh (golangci/golangci-lint@870ddc1)
- install_opentofu.sh (opentofu/get.opentofu.org@c4f7de9)
- setup_fnm.sh (Schniz/fnm@bfb1860)

Resolves GitHub Advanced Security alerts #5, #6, #7, #8, #9, #10.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maniSbindra