mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-09 17:43:40 +00:00
22e98cf95e
Pin codeql actions usage to latest 3.x. These were previously pointing to `@2` which pulls in the latest v2 as they are released, with the potential to break our workflows if a breaking change or malicious version on the `@2` stream is ever pushed. Changing this to a pinned version also means that dependabot will keep this in the pinend version format (e.g., referencing a SHA) when it opens a PR to bump the dependency. The breaking change between v2 and v3 is that v3 requires Node 20 which is a non-issue as we are running this on ubuntu latest. Updates #cleanup Signed-off-by: Mario Minardi <mario@tailscale.com>