[Security] Workflow pr_preview.yml is using vulnerable action Sibz/github-status-action

SciNim / getting-started

Getting started with Nim for Scientific Computing

https://scinim.github.io/getting-started/

Creative Commons Zero v1.0 Universal

61 stars 6 forks source link

[Security] Workflow pr_preview.yml is using vulnerable action Sibz/github-status-action #39

Closed Ale0x78 closed 2 years ago

Ale0x78 commented 2 years ago

The workflow pr_preview.yml is referencing action Sibz/github-status-action using references v1.1.5. However this reference is missing the commit 650dd1a882a76dbbbc4576fb5974b8d22f29847f which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.

HugoGranstrom commented 2 years ago

Thanks for the heads up 😄