[Security] Workflow test.yml is using vulnerable action julia-actions/julia-uploadcodecov

andyferris / Dictionaries.jl

An alternative interface for dictionaries in Julia, for improved productivity and performance

Other

278 stars 28 forks source link

[Security] Workflow test.yml is using vulnerable action julia-actions/julia-uploadcodecov #82

Closed igibek closed 2 years ago

igibek commented 2 years ago

The workflow test.yml is referencing action julia-actions/julia-uploadcodecov using references latest. However this reference is missing the commit 16d1c3dcfb192741c59a412870da1fa0ba822d3c which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.

andyferris commented 2 years ago

Umm, I'm afraid I don't follow