Skip to content
TaskBounty
GitHub security hardening

Security hardening for medusajs/medusa

We replaced changeable third-party workflow references with fixed versions, reducing the risk of unexpected upstream changes.

medusajs/medusa

7 references hardened

Delivered in PR #15664

Merged

Merged by the repository maintainers.

Other reviews available

Org-wide Actions hardening

The same pinning across your other public repositories.

Dependency vulnerability review

Review public dependency manifests for actionable upgrade candidates.

Managed security-update maintenance

Keep updates from becoming a backlog. Learn more.

Want us to review the rest?

Submit your work email and we will confirm useful scope. Nothing is opened or changed automatically.

This records your interest in a follow-on review. It does not prove repository-owner authorization, open anything on the repository, or start payment. A person confirms identity and useful scope before any further work.

Public repositories only unless explicitly authorized. Sensitive findings are handled privately. See Security Hardening for details.