Update the dependencies in node_modules and package-lock.json to handle the npm audit, and update the dependency on @actions/core to the latest version.
$ npm audit
# npm audit report
@actions/core <=1.9.0
Severity: moderate
@actions/core has Delimiter Injection Vulnerability in exportVariable - https://github.com/advisories/GHSA-7r3h-m5j6-3q42
fix available via `npm audit fix`
node_modules/@actions/core
node-fetch <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
2 vulnerabilities (1 moderate, 1 high)
To address all issues, run:
npm audit fix
Update the dependencies in
node_modulesandpackage-lock.jsonto handle thenpm audit, and update the dependency on@actions/coreto the latest version.