gh-140681: Freeze pre-commit hooks and update zizmor links#140682
gh-140681: Freeze pre-commit hooks and update zizmor links#140682hugovk merged 5 commits intopython:mainfrom
Conversation
shenxianpeng
requested review from
AA-Turner,
ezio-melotti and
hugovk
as code owners
shenxianpeng
changed the title
Misc/NEWS.d/next/Documentation/2025-10-27-17-14-34.gh-issue-140681.fMOJ9T.rst
Outdated
Show resolved
Hide resolved
shenxianpeng
force-pushed
the
update-for-zizmor
branch
from
a9210fb to
ae18393
Compare
|
We're in no rush here, it still works because of the redirects. If we're going to update this, we might as well update the others (for example, We can also now remove the And there might be a Sphinx Lint release fairly soon, so could also wait for that. |
hugovk
changed the title
hugovk
added
needs backport to 3.13
|
As this was still open, I've updated it to also freeze the pre-commit hooks, as discussed at python/devguide#1748 (review). In short, if a repo became compromised, they could rewrite the tag to something malicious. Git SHAs can mitigate this.
I did these too. |
|
Thanks @shenxianpeng for the PR, and @hugovk for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14. |
|
Sorry, @shenxianpeng and @hugovk, I could not cleanly backport this to |
|
Sorry, @shenxianpeng and @hugovk, I could not cleanly backport this to |
…ks (pythonGH-140682) (cherry picked from commit 11840ca) Co-authored-by: Xianpeng Shen <xianpeng.shen@gmail.com> Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
|
GH-145536 is a backport of this pull request to the 3.14 branch. |
…hon#140682) Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
|
3.13 blocked by GH-144593 so cherry-picked into that one. |
5 participants
gh-140681: Update zizmor repo and doc links