GitHub has (inadvisedly IMO) added support for YAML anchors to their subset of YAML in GitHub Actions. This unfortunately breaks a lot of zizmor's internals, since it violates model-source locality (as "symbolic" locations in the document may now map to "concrete" source locations arbitrarily far away or duplicated arbitrarily many times).

Fixing this is going to be a long-term effort with unclear dimensions, since this pervades through serde_yaml, which is deprecated.

In the mean time, zizmor should probably emit a loud warning telling users that anchors aren't supported, and that they should expect crashes/unpredictable levels of support if they attempt to use them while also using zizmor.