Pin actions/github-script to SHA for security

dbabokin · claude · dbabokin · commit 42fb13d7b013 · 2025-10-14T14:51:17.000-07:00
Pin actions/github-script@v8 to specific commit SHA ed597411d8f924073f98dfc5c65a23a2325f34cd to ensure reproducible builds and prevent supply chain attacks. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.github/workflows/codex-pr-review.yml b/.github/workflows/codex-pr-review.yml
@@ -31,7 +31,7 @@ jobs:
     if: github.repository == 'ispc/ispc'
     steps:
       - name: Comment on PR
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.CODEX_TOKEN }}
           script: |
