From 1d5af125a0d4b0808b14ab19fc1d1504a29cb786 Mon Sep 17 00:00:00 2001
From: iratusmachina <iratusmachina@outlook.com>
Date: Thu, 8 May 2025 10:44:15 -0400
Subject: [PATCH] Hardening actions

---
 .github/workflows/lint_and_test.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/lint_and_test.yml b/.github/workflows/lint_and_test.yml
index b4d1d06..bdcae99 100644
--- a/.github/workflows/lint_and_test.yml
+++ b/.github/workflows/lint_and_test.yml
@@ -21,6 +21,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # git show-ref v4.2.2
         with:
           fetch-depth: 0
+          persist-credentials: false # https://yossarian.net/til/post/actions-checkout-can-leak-github-credentials/
 
       - name: Setup Go version ${{ matrix.go-version }}
         uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # git show-ref v5.4.0