My obligation as a professional coder is to do what works best, especially for open source code that other people will use. Agents are another tool in that toolbox with their own pros and cons. If you’ve had poor experiences with agents before last November, I strongly urge you to give modern agents another shot, especially with an AGENTS.md tailored to your specific coding domain and nuances (again here are my Python and Rust files, in conveient copy/paste format).
HK$452 per month. Paid annually.
。关于这个话题,新收录的资料提供了深入分析
Get the Pokemon TCG: Mega Evolution Phantasmal Flames Booster Bundle for the best price at Walmart — save vs. Amazon and TCGplayer
You can SHA-pin the top-level action, but Palo Alto’s “Unpinnable Actions” research documented how transitive dependencies remain unpinnable regardless. The tj-actions/changed-files incident in March 2025 started with reviewdog/action-setup, a dependency of a dependency, and cascaded outward when the attacker retagged all existing version tags to point at malicious code that dumped CI secrets to workflow logs, affecting over 23,000 repos. GitHub has since added SHA pinning enforcement policies, but only for top-level references.