Closed fockboi-lgtm closed 2 years ago
Hi @fockboi-lgtm,
thank you for reporting the vulnerability.
Even if the v1
tag should track the latest v1
minor version, I'll force the action to the latest version in the workflow config file.
Thanks again. :)
Hi there,
🔒 This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new ticket for related bugs.
Thanks!
The workflow ci_pr.yml is referencing action reviewdog/action-eslint using references v1. However this reference is missing the commit 7b45345d875d4979afe88b630dbc01a40e8a2e91 which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.