Please describe your feature request.
Please consider making release tags/assets immutable to reduce the risk of supply chain attacks from those curling release binaries.
https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases#what-immutable-releases-protect
Describe alternatives you've considered
I can have my script hardcode the expected hash for a given release binary but this doesn't
Additional context
If this repo or it's CI/CD is ever compromised, any script deployed in the wild that downloads yq from this repos releases can download a malicious binary.
Please describe your feature request.
Please consider making release tags/assets immutable to reduce the risk of supply chain attacks from those curling release binaries.
https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases#what-immutable-releases-protect
Describe alternatives you've considered
I can have my script hardcode the expected hash for a given release binary but this doesn't
Additional context
If this repo or it's CI/CD is ever compromised, any script deployed in the wild that downloads yq from this repos releases can download a malicious binary.