[Security] Workflow release-drafter.yml is using vulnerable action release-drafter/release-drafter

eraware / Eraware.MinimalSkin

Minimal Dnn skin made for basic base with easy customization

MIT License

6 stars 4 forks source link

[Security] Workflow release-drafter.yml is using vulnerable action release-drafter/release-drafter #376

Closed Ale0x78 closed 10 months ago

Ale0x78 commented 2 years ago

The workflow release-drafter.yml is referencing action release-drafter/release-drafter using references v5.3.1. However this reference is missing the commit 70eb821099dbcd875c2cba75dad4332d3cf5544d which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.

valadas commented 10 months ago

Was removed quite some time ago, can't remember exactly which PR...