You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@arrow.apache.org by "assignUser (via GitHub)" <gi...@apache.org> on 2023/07/26 18:32:06 UTC

[GitHub] [arrow] assignUser commented on issue #36898: [CI] Hash-pin workflow dependencies called with dangerous permissions

assignUser commented on issue #36898:
URL: https://github.com/apache/arrow/issues/36898#issuecomment-1652303108

   Hm I was under the impression that merging a pr would also require `contents:write` but I might be mistaken. 
   
   It def makes sense to  pin the actions and I would also be open to a PR pinning the pip dependencies in some way that doesn't cause problems for local development.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org