Skip to content

Feature request: enable immutable releases #283

@jayaddison

Description

@jayaddison

GitHub has recently launched a feature to allow immutable releases; I think this could be helpful in cases where people want some level of assurance that they can fix and receive the same software/code/component when running processes that use version numbers over time: https://github.blog/changelog/2025-10-28-immutable-releases-are-now-generally-available/

I'd like to request for dorny/paths-filter to opt into that; as an alternative, I've pinned a version of it in a workflow file -- but today I learned that using pin-hashing prevents Dependabot Alerts from detecting vulnerable action versions in workflow files.

(I realise that second paragraph may seem tangential -- the reason I mention it is because I'd like assurance that both Dependabot Alerts could detect vulnerabilities in this action, and also that there would be assurance that deliberately-selected software versions would not change unexpectedly)

Thank you!

Refs:

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions