From e4b290f45bdc5a749e563b22f861b15b7ab10633 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Fri, 17 May 2024 14:41:41 -0400
Subject: [PATCH] release: remove pip cache usage

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fa7413311..c8a679aca 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,9 +21,9 @@ jobs:
 
       - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
+          # NOTE: We intentionally don't use a cache in the release step,
+          # to reduce the risk of cache poisoning.
           python-version: "3.x"
-          cache: "pip"
-          cache-dependency-path: pyproject.toml
 
       - name: deps
         run: python -m pip install -U build