ci: applying security recommendations: Pinned-Dependencies #7

agustinfrancesa · 2025-06-18T16:56:36Z

No description provided.

Copilot

Pull Request Overview

This PR applies security recommendations by pinning dependency versions for key tooling in CI workflows. Key changes include:

Pinning pip to version 24.0 in semantic-release and check-build workflows.
Pinning setuptools, wheel, python-semantic-release, and build in semantic-release.
Pinning build and bandit (with sarif support) in their respective workflows.

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/semantic-release.yml	Updated upgrade and package install commands to use explicit, pinned versions
.github/workflows/check-build.yml	Pinned pip and build versions for consistent dependency management
.github/workflows/bandit.yml	Added explicit version pin for bandit installation, though pip upgrade remains unpinned

.github/workflows/bandit.yml

Signed-off-by: Francesa Alfaro, Agustin <agustin.francesa.alfaro@intel.com>

Copilot AI review requested due to automatic review settings June 18, 2025 16:56

Copilot AI reviewed Jun 18, 2025

View reviewed changes

.github/workflows/bandit.yml Outdated Show resolved Hide resolved

agustinfrancesa force-pushed the security/applying-security-recommendations branch from f2b48e0 to 3a8e25f Compare June 18, 2025 16:57

ci: applying security recommendations: Pinned-Dependencies

96580c5

Signed-off-by: Francesa Alfaro, Agustin <agustin.francesa.alfaro@intel.com>

agustinfrancesa force-pushed the security/applying-security-recommendations branch from 3a8e25f to 96580c5 Compare June 18, 2025 16:59

agustinfrancesa merged commit 4181160 into main Jun 18, 2025
6 checks passed

agustinfrancesa deleted the security/applying-security-recommendations branch June 18, 2025 17:05