Open 0xg0nz0 opened 1 week ago
In ~/.vscode-server/extensions/github.vscode-github-actions-0.26.3/script/workspace/package-lock.json:
~/.vscode-server/extensions/github.vscode-github-actions-0.26.3/script/workspace/package-lock.json
"vscode-github-actions": { "version": "0.25.6",
So it looks like the declared version in the lock file (0.25.6) is older than the package version (0.26.3).
This in turn gets flagged in grype:
grype
vscode-github-actions 0.25.6 npm GHSA-wvmr-x489-hcpj Critical
Which is quite the false alarm, given the severity of that particular issue:
https://github.com/advisories/GHSA-wvmr-x489-hcpj
In
~/.vscode-server/extensions/github.vscode-github-actions-0.26.3/script/workspace/package-lock.json
:So it looks like the declared version in the lock file (0.25.6) is older than the package version (0.26.3).
This in turn gets flagged in
grype
:Which is quite the false alarm, given the severity of that particular issue:
https://github.com/advisories/GHSA-wvmr-x489-hcpj